| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220408033823.965896-11-kuba@kernel.org>
Date: Thu, 7 Apr 2022 20:38:23 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: davem@...emloft.net, pabeni@...hat.com
Cc: netdev@...r.kernel.org, borisp@...dia.com,
john.fastabend@...il.com, daniel@...earbox.net,
vfedorenko@...ek.ru, Jakub Kicinski <kuba@...nel.org>
Subject: [PATCH net-next 10/10] tls: hw: rx: use return value of tls_device_decrypted() to carry status
Instead of tls_device poking into internals of the message
return 1 from tls_device_decrypted() if the device handled
the decryption.
Signed-off-by: Jakub Kicinski <kuba@...nel.org>
---
net/tls/tls_device.c | 7 ++-----
net/tls/tls_sw.c | 5 ++---
2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 78d979e0f298..5e4bd8ba48d3 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -948,7 +948,6 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx,
struct sk_buff *skb, struct strp_msg *rxm)
{
struct tls_offload_context_rx *ctx = tls_offload_ctx_rx(tls_ctx);
- struct tls_msg *tlm = tls_msg(skb);
int is_decrypted = skb->decrypted;
int is_encrypted = !is_decrypted;
struct sk_buff *skb_iter;
@@ -963,11 +962,9 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx,
tls_ctx->rx.rec_seq, rxm->full_len,
is_encrypted, is_decrypted);
- tlm->decrypted |= is_decrypted;
-
if (unlikely(test_bit(TLS_RX_DEV_DEGRADED, &tls_ctx->flags))) {
if (likely(is_encrypted || is_decrypted))
- return 0;
+ return is_decrypted;
/* After tls_device_down disables the offload, the next SKB will
* likely have initial fragments decrypted, and final ones not
@@ -982,7 +979,7 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx,
*/
if (is_decrypted) {
ctx->resync_nh_reset = 1;
- return 0;
+ return is_decrypted;
}
if (is_encrypted) {
tls_device_core_ctrl_rx_resync(tls_ctx, ctx, sk, skb);
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index d6ac9deede7b..990450ff9537 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1575,9 +1575,8 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
err = tls_device_decrypted(sk, tls_ctx, skb, rxm);
if (err < 0)
return err;
-
- /* skip SW decryption if NIC handled it already */
- if (tlm->decrypted) {
+ if (err > 0) {
+ tlm->decrypted = 1;
*zc = false;
goto decrypt_done;
}
--
2.34.1
Powered by blists - more mailing lists