]> git.hungrycats.org Git - linux/commitdiff
tls: rx: don't store the decryption status in socket context
authorJakub Kicinski <kuba@kernel.org>
Fri, 8 Apr 2022 03:38:17 +0000 (20:38 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 6 Mar 2024 14:38:47 +0000 (14:38 +0000)
[ Upstream commit 7dc59c33d62c4520a119051d4486c214ef5caa23 ]

Similar justification to previous change, the information
about decryption status belongs in the skb.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: f7fa16d49837 ("tls: decrement decrypt_pending if no async completion will be called")
Signed-off-by: Sasha Levin <sashal@kernel.org>
include/net/strparser.h
include/net/tls.h
net/tls/tls_device.c
net/tls/tls_sw.c

index c271543076cf899ddccef277b05acde7a1c51285..a191486eb1e4c4a770ff7816551a7513105a765f 100644 (file)
@@ -72,6 +72,7 @@ struct sk_skb_cb {
        u64 temp_reg;
        struct tls_msg {
                u8 control;
+               u8 decrypted;
        } tls;
 };
 
index 24c1b718ceacc9cf7485c0823ba3aabe48003a6a..ea0aeae26cf76388aa44b070ce47c7c960f02655 100644 (file)
@@ -147,7 +147,6 @@ struct tls_sw_context_rx {
 
        struct sk_buff *recv_pkt;
        u8 async_capable:1;
-       u8 decrypted:1;
        atomic_t decrypt_pending;
        /* protect crypto_wait with decrypt_pending*/
        spinlock_t decrypt_compl_lock;
index 88785196a8966080f1accc7bbbca93fd6813abe1..f23d18e666284a481c7a3e670f8158235bb053f4 100644 (file)
@@ -936,6 +936,7 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx,
                         struct sk_buff *skb, struct strp_msg *rxm)
 {
        struct tls_offload_context_rx *ctx = tls_offload_ctx_rx(tls_ctx);
+       struct tls_msg *tlm = tls_msg(skb);
        int is_decrypted = skb->decrypted;
        int is_encrypted = !is_decrypted;
        struct sk_buff *skb_iter;
@@ -950,7 +951,7 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx,
                                   tls_ctx->rx.rec_seq, rxm->full_len,
                                   is_encrypted, is_decrypted);
 
-       ctx->sw.decrypted |= is_decrypted;
+       tlm->decrypted |= is_decrypted;
 
        if (unlikely(test_bit(TLS_RX_DEV_DEGRADED, &tls_ctx->flags))) {
                if (likely(is_encrypted || is_decrypted))
index 82d7c9b036bc7dd7d76357ba0c1ba6289cb7a132..0a6630bbef53e3470cd6eb906a3843d73d58a6c9 100644 (file)
@@ -1560,9 +1560,10 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
        struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
        struct tls_prot_info *prot = &tls_ctx->prot_info;
        struct strp_msg *rxm = strp_msg(skb);
+       struct tls_msg *tlm = tls_msg(skb);
        int pad, err = 0;
 
-       if (!ctx->decrypted) {
+       if (!tlm->decrypted) {
                if (tls_ctx->rx_conf == TLS_HW) {
                        err = tls_device_decrypted(sk, tls_ctx, skb, rxm);
                        if (err < 0)
@@ -1570,7 +1571,7 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
                }
 
                /* Still not decrypted after tls_device */
-               if (!ctx->decrypted) {
+               if (!tlm->decrypted) {
                        err = decrypt_internal(sk, skb, dest, NULL, chunk, zc,
                                               async);
                        if (err < 0) {
@@ -1594,7 +1595,7 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
                rxm->offset += prot->prepend_size;
                rxm->full_len -= prot->overhead_size;
                tls_advance_record_sn(sk, prot, &tls_ctx->rx);
-               ctx->decrypted = 1;
+               tlm->decrypted = 1;
                ctx->saved_data_ready(sk);
        } else {
                *zc = false;
@@ -2137,8 +2138,9 @@ static void tls_queue(struct strparser *strp, struct sk_buff *skb)
 {
        struct tls_context *tls_ctx = tls_get_ctx(strp->sk);
        struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
+       struct tls_msg *tlm = tls_msg(skb);
 
-       ctx->decrypted = 0;
+       tlm->decrypted = 0;
 
        ctx->recv_pkt = skb;
        strp_pause(strp);