diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-03-04 14:41:39 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-03-04 14:41:39 +0100 |
commit | 2ef2e8ded59129d271d8b751da9bef2681e235d3 (patch) | |
tree | 7e8237f49f8983a99cce0407d31c37a299097000 /queue-5.15 | |
parent | 599a5a7f040c8896be570a6a7e810c7bb006415d (diff) | |
download | stable-queue-2ef2e8ded59129d271d8b751da9bef2681e235d3.tar.gz |
5.15-stable patches
added patches:
net-tls-fix-async-vs-nic-crypto-offload.patch
revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch
Diffstat (limited to 'queue-5.15')
-rw-r--r-- | queue-5.15/net-tls-fix-async-vs-nic-crypto-offload.patch | 43 | ||||
-rw-r--r-- | queue-5.15/revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch | 59 | ||||
-rw-r--r-- | queue-5.15/series | 2 |
3 files changed, 104 insertions, 0 deletions
diff --git a/queue-5.15/net-tls-fix-async-vs-nic-crypto-offload.patch b/queue-5.15/net-tls-fix-async-vs-nic-crypto-offload.patch new file mode 100644 index 0000000000..2a4f8f4a33 --- /dev/null +++ b/queue-5.15/net-tls-fix-async-vs-nic-crypto-offload.patch @@ -0,0 +1,43 @@ +From c706b2b5ed74d30436b85cbd8e63e969f6b5873a Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski <kuba@kernel.org> +Date: Mon, 25 Apr 2022 16:33:09 -0700 +Subject: net: tls: fix async vs NIC crypto offload + +From: Jakub Kicinski <kuba@kernel.org> + +commit c706b2b5ed74d30436b85cbd8e63e969f6b5873a upstream. + +When NIC takes care of crypto (or the record has already +been decrypted) we forget to update darg->async. ->async +is supposed to mean whether record is async capable on +input and whether record has been queued for async crypto +on output. + +Reported-by: Gal Pressman <gal@nvidia.com> +Fixes: 3547a1f9d988 ("tls: rx: use async as an in-out argument") +Tested-by: Gal Pressman <gal@nvidia.com> +Link: https://lore.kernel.org/r/20220425233309.344858-1-kuba@kernel.org +Signed-off-by: Jakub Kicinski <kuba@kernel.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + net/tls/tls_sw.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/tls/tls_sw.c ++++ b/net/tls/tls_sw.c +@@ -1568,6 +1568,7 @@ static int decrypt_skb_update(struct soc + + if (tlm->decrypted) { + darg->zc = false; ++ darg->async = false; + return 0; + } + +@@ -1578,6 +1579,7 @@ static int decrypt_skb_update(struct soc + if (err > 0) { + tlm->decrypted = 1; + darg->zc = false; ++ darg->async = false; + goto decrypt_done; + } + } diff --git a/queue-5.15/revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch b/queue-5.15/revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch new file mode 100644 index 0000000000..7f0803cade --- /dev/null +++ b/queue-5.15/revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch @@ -0,0 +1,59 @@ +From a069a90554168ac4cc81af65f000557d2a8a0745 Mon Sep 17 00:00:00 2001 +From: Gal Pressman <gal@nvidia.com> +Date: Tue, 5 Jul 2022 14:08:37 +0300 +Subject: Revert "tls: rx: move counting TlsDecryptErrors for sync" + +From: Gal Pressman <gal@nvidia.com> + +commit a069a90554168ac4cc81af65f000557d2a8a0745 upstream. + +This reverts commit 284b4d93daee56dff3e10029ddf2e03227f50dbf. +When using TLS device offload and coming from tls_device_reencrypt() +flow, -EBADMSG error in tls_do_decryption() should not be counted +towards the TLSTlsDecryptError counter. + +Move the counter increase back to the decrypt_internal() call site in +decrypt_skb_update(). +This also fixes an issue where: + if (n_sgin < 1) + return -EBADMSG; + +Errors in decrypt_internal() were not counted after the cited patch. + +Fixes: 284b4d93daee ("tls: rx: move counting TlsDecryptErrors for sync") +Cc: Jakub Kicinski <kuba@kernel.org> +Reviewed-by: Maxim Mikityanskiy <maximmi@nvidia.com> +Reviewed-by: Tariq Toukan <tariqt@nvidia.com> +Signed-off-by: Gal Pressman <gal@nvidia.com> +Reviewed-by: Jakub Kicinski <kuba@kernel.org> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + net/tls/tls_sw.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/net/tls/tls_sw.c ++++ b/net/tls/tls_sw.c +@@ -278,9 +278,6 @@ static int tls_do_decryption(struct sock + } + darg->async = false; + +- if (ret == -EBADMSG) +- TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR); +- + return ret; + } + +@@ -1585,8 +1582,11 @@ static int decrypt_skb_update(struct soc + } + + err = decrypt_internal(sk, skb, dest, NULL, darg); +- if (err < 0) ++ if (err < 0) { ++ if (err == -EBADMSG) ++ TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR); + return err; ++ } + if (darg->async) + goto decrypt_next; + diff --git a/queue-5.15/series b/queue-5.15/series index 17af970ba0..b0e6cdfec4 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -80,3 +80,5 @@ revert-interconnect-teach-lockdep-about-icc_bw_lock-order.patch bpf-add-bpf_fib_lookup_skip_neigh-for-bpf_fib_lookup.patch bpf-add-table-id-to-bpf_fib_lookup-bpf-helper.patch bpf-derive-source-ip-addr-via-bpf_-_fib_lookup.patch +net-tls-fix-async-vs-nic-crypto-offload.patch +revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch |