You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
79 lines
2.9 KiB
79 lines
2.9 KiB
From 7bdb3136d262ec2afca5f131fe787ec5b7d23f4f Mon Sep 17 00:00:00 2001
|
|
From: Alaa Hleihel <ahleihel@redhat.com>
|
|
Date: Sun, 10 May 2020 15:04:52 -0400
|
|
Subject: [PATCH 127/312] [netdrv] net/mlx5e: kTLS, Do not send
|
|
decrypted-marked SKBs via non-accel path
|
|
|
|
Message-id: <20200510150452.10307-88-ahleihel@redhat.com>
|
|
Patchwork-id: 306711
|
|
Patchwork-instance: patchwork
|
|
O-Subject: [RHEL8.3 BZ 1789380 v2 87/87] net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path
|
|
Bugzilla: 1789380
|
|
RH-Acked-by: Kamal Heib <kheib@redhat.com>
|
|
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
|
|
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>
|
|
RH-Acked-by: Jonathan Toppins <jtoppins@redhat.com>
|
|
|
|
Bugzilla: http://bugzilla.redhat.com/1789380
|
|
Upstream: v5.5
|
|
|
|
commit 342508c1c7540e281fd36151c175ba5ff954a99f
|
|
Author: Tariq Toukan <tariqt@mellanox.com>
|
|
Date: Mon Jan 20 13:42:00 2020 +0200
|
|
|
|
net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path
|
|
|
|
When TCP out-of-order is identified (unexpected tcp seq mismatch), driver
|
|
analyzes the packet and decides what handling should it get:
|
|
1. go to accelerated path (to be encrypted in HW),
|
|
2. go to regular xmit path (send w/o encryption),
|
|
3. drop.
|
|
|
|
Packets marked with skb->decrypted by the TLS stack in the TX flow skips
|
|
SW encryption, and rely on the HW offload.
|
|
Verify that such packets are never sent un-encrypted on the wire.
|
|
Add a WARN to catch such bugs, and prefer dropping the packet in these cases.
|
|
|
|
Fixes: 46a3ea98074e ("net/mlx5e: kTLS, Enhance TX resync flow")
|
|
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
|
|
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
|
|
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
|
|
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
|
|
|
|
Signed-off-by: Alaa Hleihel <ahleihel@redhat.com>
|
|
Signed-off-by: Frantisek Hrbata <fhrbata@redhat.com>
|
|
---
|
|
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 14 ++++++++++----
|
|
1 file changed, 10 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
|
|
index 592e921aa167..f260dd96873b 100644
|
|
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
|
|
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
|
|
@@ -458,12 +458,18 @@ struct sk_buff *mlx5e_ktls_handle_tx_skb(struct net_device *netdev,
|
|
enum mlx5e_ktls_sync_retval ret =
|
|
mlx5e_ktls_tx_handle_ooo(priv_tx, sq, datalen, seq);
|
|
|
|
- if (likely(ret == MLX5E_KTLS_SYNC_DONE))
|
|
+ switch (ret) {
|
|
+ case MLX5E_KTLS_SYNC_DONE:
|
|
*wqe = mlx5e_sq_fetch_wqe(sq, sizeof(**wqe), pi);
|
|
- else if (ret == MLX5E_KTLS_SYNC_FAIL)
|
|
+ break;
|
|
+ case MLX5E_KTLS_SYNC_SKIP_NO_DATA:
|
|
+ if (likely(!skb->decrypted))
|
|
+ goto out;
|
|
+ WARN_ON_ONCE(1);
|
|
+ /* fall-through */
|
|
+ default: /* MLX5E_KTLS_SYNC_FAIL */
|
|
goto err_out;
|
|
- else /* ret == MLX5E_KTLS_SYNC_SKIP_NO_DATA */
|
|
- goto out;
|
|
+ }
|
|
}
|
|
|
|
priv_tx->expected_seq = seq + datalen;
|
|
--
|
|
2.13.6
|
|
|