From owner-freebsd-arch@freebsd.org Sat Jan 9 01:03:09 2021 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 466B34DBD41 for ; Sat, 9 Jan 2021 01:03:09 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DCMCd0qKdz3n5c; Sat, 9 Jan 2021 01:03:09 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from John-Baldwins-MacBook-Pro.local (unknown [IPv6:2601:648:8681:1cb0:f8a3:17ff:c878:e67f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 8968E5F74; Sat, 9 Jan 2021 01:03:08 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Subject: Re: Should we enable KERN_TLS on amd64 for FreeBSD 13? To: Andrew Gallatin , freebsd-arch@FreeBSD.org, Rick Macklem , Allan Jude References: <8eff83e5-49bc-d410-626e-603c03877b80@cs.duke.edu> <20210108214446.GJ31099@funkthat.com> From: John Baldwin Autocrypt: addr=jhb@FreeBSD.org; keydata= mQGiBETQ+XcRBADMFybiq69u+fJRy/0wzqTNS8jFfWaBTs5/OfcV7wWezVmf9sgwn8TW0Dk0 c9MBl0pz+H01dA2ZSGZ5fXlmFIsee1WEzqeJzpiwd/pejPgSzXB9ijbLHZ2/E0jhGBcVy5Yo /Tw5+U/+laeYKu2xb0XPvM0zMNls1ah5OnP9a6Ql6wCgupaoMySb7DXm2LHD1Z9jTsHcAQMD /1jzh2BoHriy/Q2s4KzzjVp/mQO5DSm2z14BvbQRcXU48oAosHA1u3Wrov6LfPY+0U1tG47X 1BGfnQH+rNAaH0livoSBQ0IPI/8WfIW7ub4qV6HYwWKVqkDkqwcpmGNDbz3gfaDht6nsie5Z pcuCcul4M9CW7Md6zzyvktjnbz61BADGDCopfZC4of0Z3Ka0u8Wik6UJOuqShBt1WcFS8ya1 oB4rc4tXfSHyMF63aPUBMxHR5DXeH+EO2edoSwViDMqWk1jTnYza51rbGY+pebLQOVOxAY7k do5Ordl3wklBPMVEPWoZ61SdbcjhHVwaC5zfiskcxj5wwXd2E9qYlBqRg7QeSm9obiBCYWxk d2luIDxqaGJARnJlZUJTRC5vcmc+iGAEExECACAFAkTQ+awCGwMGCwkIBwMCBBUCCAMEFgID AQIeAQIXgAAKCRBy3lIGd+N/BI6RAJ9S97fvbME+3hxzE3JUyUZ6vTewDACdE1stFuSfqMvM jomvZdYxIYyTUpC5Ag0ERND5ghAIAPwsO0B7BL+bz8sLlLoQktGxXwXQfS5cInvL17Dsgnr3 1AKa94j9EnXQyPEj7u0d+LmEe6CGEGDh1OcGFTMVrof2ZzkSy4+FkZwMKJpTiqeaShMh+Goj XlwIMDxyADYvBIg3eN5YdFKaPQpfgSqhT+7El7w+wSZZD8pPQuLAnie5iz9C8iKy4/cMSOrH YUK/tO+Nhw8Jjlw94Ik0T80iEhI2t+XBVjwdfjbq3HrJ0ehqdBwukyeJRYKmbn298KOFQVHO EVbHA4rF/37jzaMadK43FgJ0SAhPPF5l4l89z5oPu0b/+5e2inA3b8J3iGZxywjM+Csq1tqz hltEc7Q+E08AAwUIAL+15XH8bPbjNJdVyg2CMl10JNW2wWg2Q6qdljeaRqeR6zFus7EZTwtX sNzs5bP8y51PSUDJbeiy2RNCNKWFMndM22TZnk3GNG45nQd4OwYK0RZVrikalmJY5Q6m7Z16 4yrZgIXFdKj2t8F+x613/SJW1lIr9/bDp4U9tw0V1g3l2dFtD3p3ZrQ3hpoDtoK70ioIAjjH aIXIAcm3FGZFXy503DOA0KaTWwvOVdYCFLm3zWuSOmrX/GsEc7ovasOWwjPn878qVjbUKWwx Q4QkF4OhUV9zPtf9tDSAZ3x7QSwoKbCoRCZ/xbyTUPyQ1VvNy/mYrBcYlzHodsaqUDjHuW+I SQQYEQIACQUCRND5ggIbDAAKCRBy3lIGd+N/BCO8AJ9j1dWVQWxw/YdTbEyrRKOY8YZNwwCf afMAg8QvmOWnHx3wl8WslCaXaE8= Message-ID: <4fe4a57c-8c43-a677-4872-d0671104c414@FreeBSD.org> Date: Fri, 8 Jan 2021 17:03:07 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 MIME-Version: 1.0 In-Reply-To: <20210108214446.GJ31099@funkthat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jan 2021 01:03:09 -0000 On 1/8/21 1:44 PM, John-Mark Gurney wrote: > Andrew Gallatin wrote this message on Fri, Jan 08, 2021 at 12:26 -0500: >> Kernel TLS (KTLS) support was added roughly a year ago, and provides >> an efficient software or hardware accelerated path to have the kernel >> (or the NIC) handle TLS crypto. This is quite useful for web and >> NFS servers, and provides a huge (2x -> 5x) efficiency gain by >> avoiding data copies into userspace for crypto, and potentially >> offloading the crypto to hardware. >> >> >> KTLS is well tested on amd64, having been used in production at Netflix >> for nearly 4 years. The vast majority of Netflix video has been served >> via KTLS for the last few years. Its what has allowed us to serve >> 100Gb/s on Xeon 2697A cpus for years, and what allows us to serve >> nearly 400Gb/s on AMD servers with NICs which support crypto offload. >> >> I have received a few requests to enable it by default in GENERIC, and >> I'd like to get some opinions. >> >> There are essentially 3 options >> >> 1) Fully enable KTLS by adding 'options KERN_TLS' to GENERIC, and >> flipping kern.ipc.tls.enable=1 >> >> The advantage of this is that it "just works" out of the box for users, >> and for reviewers. >> >> The drawback is that new code is thrust on unsuspecting users, >> potentially exposing them to bugs that we have not found in our >> somewhat limited web serving workload. > > This is my vote. > > I assume that the in tree and ports tree OpenSSL libraries will make > use of it when present? Does this mean fetch and the like will also > use it when talking w/ https website? (that's a nice benefit). In tree OpenSSL does not support KTLS. OpenSSL considers KTLS support too large of a feature to officially backport to the 1.1.1 branch, so if we add it in base, it will mean keeping it as a local diff. OTOH, I do maintain a backport of KTLS to 1.1.1 and there is a KTLS option for the security/openssl port (not on by default, it perhaps should be on 13?) which includes KTLS support. security/openssl-devel (which tracks OpenSSL 3) also has a KTLS option that probably should be enabled by default on 13 as it only consists of enabling the option without requiring patches to the port. I can raise the issue again with secteam about importing KTLS into the base OpenSSL. I think the main issue is the risk of getting a merge conflict when merging in an SA, though from my experience maintaining the KTLS patchset against 1.1.1 for the past year or so, I expect that risk to be fairly low. Personally, it would make my life a bit happier as a developer using KTLS for it to at least be in GENERIC by default, but that's a pretty narrow use case. :) -- John Baldwin