From de0970d258efa793fd1236a362f0838c9c9d2384 Mon Sep 17 00:00:00 2001 From: Jakub Kicinski Date: Thu, 7 Apr 2022 20:38:17 -0700 Subject: [PATCH] tls: rx: don't store the decryption status in socket context [ Upstream commit 7dc59c33d62c4520a119051d4486c214ef5caa23 ] Similar justification to previous change, the information about decryption status belongs in the skb. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller Stable-dep-of: f7fa16d49837 ("tls: decrement decrypt_pending if no async completion will be called") Signed-off-by: Sasha Levin --- include/net/strparser.h | 1 + include/net/tls.h | 1 - net/tls/tls_device.c | 3 ++- net/tls/tls_sw.c | 10 ++++++---- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/include/net/strparser.h b/include/net/strparser.h index c271543076cf..a191486eb1e4 100644 --- a/include/net/strparser.h +++ b/include/net/strparser.h @@ -72,6 +72,7 @@ struct sk_skb_cb { u64 temp_reg; struct tls_msg { u8 control; + u8 decrypted; } tls; }; diff --git a/include/net/tls.h b/include/net/tls.h index 24c1b718ceac..ea0aeae26cf7 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -147,7 +147,6 @@ struct tls_sw_context_rx { struct sk_buff *recv_pkt; u8 async_capable:1; - u8 decrypted:1; atomic_t decrypt_pending; /* protect crypto_wait with decrypt_pending*/ spinlock_t decrypt_compl_lock; diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 88785196a896..f23d18e66628 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -936,6 +936,7 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx, struct sk_buff *skb, struct strp_msg *rxm) { struct tls_offload_context_rx *ctx = tls_offload_ctx_rx(tls_ctx); + struct tls_msg *tlm = tls_msg(skb); int is_decrypted = skb->decrypted; int is_encrypted = !is_decrypted; struct sk_buff *skb_iter; @@ -950,7 +951,7 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx, tls_ctx->rx.rec_seq, rxm->full_len, is_encrypted, is_decrypted); - ctx->sw.decrypted |= is_decrypted; + tlm->decrypted |= is_decrypted; if (unlikely(test_bit(TLS_RX_DEV_DEGRADED, &tls_ctx->flags))) { if (likely(is_encrypted || is_decrypted)) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 82d7c9b036bc..0a6630bbef53 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1560,9 +1560,10 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx); struct tls_prot_info *prot = &tls_ctx->prot_info; struct strp_msg *rxm = strp_msg(skb); + struct tls_msg *tlm = tls_msg(skb); int pad, err = 0; - if (!ctx->decrypted) { + if (!tlm->decrypted) { if (tls_ctx->rx_conf == TLS_HW) { err = tls_device_decrypted(sk, tls_ctx, skb, rxm); if (err < 0) @@ -1570,7 +1571,7 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, } /* Still not decrypted after tls_device */ - if (!ctx->decrypted) { + if (!tlm->decrypted) { err = decrypt_internal(sk, skb, dest, NULL, chunk, zc, async); if (err < 0) { @@ -1594,7 +1595,7 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, rxm->offset += prot->prepend_size; rxm->full_len -= prot->overhead_size; tls_advance_record_sn(sk, prot, &tls_ctx->rx); - ctx->decrypted = 1; + tlm->decrypted = 1; ctx->saved_data_ready(sk); } else { *zc = false; @@ -2137,8 +2138,9 @@ static void tls_queue(struct strparser *strp, struct sk_buff *skb) { struct tls_context *tls_ctx = tls_get_ctx(strp->sk); struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx); + struct tls_msg *tlm = tls_msg(skb); - ctx->decrypted = 0; + tlm->decrypted = 0; ctx->recv_pkt = skb; strp_pause(strp);