From mboxrd@z Thu Jan 1 00:00:00 1970 From: Boris Pismenny Subject: [PATCH net-next 04/18] tcp: Don't coalesce decrypted and encrypted SKBs Date: Wed, 4 Jul 2018 16:32:27 +0300 Message-ID: <1530711161-14578-5-git-send-email-borisp@mellanox.com> References: <1530711161-14578-1-git-send-email-borisp@mellanox.com> Cc: netdev@vger.kernel.org, davejwatson@fb.com, aviadye@mellanox.com, borisp@mellanox.com, saeedm@mellanox.com, Ilya Lesokhin To: davem@davemloft.net Return-path: Received: from mail-il-dmz.mellanox.com ([193.47.165.129]:40551 "EHLO mellanox.co.il" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751075AbeGDNcs (ORCPT ); Wed, 4 Jul 2018 09:32:48 -0400 In-Reply-To: <1530711161-14578-1-git-send-email-borisp@mellanox.com> Sender: netdev-owner@vger.kernel.org List-ID: Prevent coalescing of decrypted and encrypted SKBs in GRO and TCP layer. Signed-off-by: Boris Pismenny Signed-off-by: Ilya Lesokhin --- net/ipv4/tcp_input.c | 12 ++++++++++++ net/ipv4/tcp_offload.c | 3 +++ 2 files changed, 15 insertions(+) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 814ea43..f89d86a 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4343,6 +4343,11 @@ static bool tcp_try_coalesce(struct sock *sk, if (TCP_SKB_CB(from)->seq != TCP_SKB_CB(to)->end_seq) return false; +#ifdef CONFIG_TLS_DEVICE + if (from->decrypted != to->decrypted) + return false; +#endif + if (!skb_try_coalesce(to, from, fragstolen, &delta)) return false; @@ -4872,6 +4877,9 @@ void tcp_rbtree_insert(struct rb_root *root, struct sk_buff *skb) break; memcpy(nskb->cb, skb->cb, sizeof(skb->cb)); +#ifdef CONFIG_TLS_DEVICE + nskb->decrypted = skb->decrypted; +#endif TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(nskb)->end_seq = start; if (list) __skb_queue_before(list, skb, nskb); @@ -4899,6 +4907,10 @@ void tcp_rbtree_insert(struct rb_root *root, struct sk_buff *skb) skb == tail || (TCP_SKB_CB(skb)->tcp_flags & (TCPHDR_SYN | TCPHDR_FIN))) goto end; +#ifdef CONFIG_TLS_DEVICE + if (skb->decrypted != nskb->decrypted) + goto end; +#endif } } } diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c index f5aee64..870b0a3 100644 --- a/net/ipv4/tcp_offload.c +++ b/net/ipv4/tcp_offload.c @@ -262,6 +262,9 @@ struct sk_buff *tcp_gro_receive(struct list_head *head, struct sk_buff *skb) flush |= (len - 1) >= mss; flush |= (ntohl(th2->seq) + skb_gro_len(p)) ^ ntohl(th->seq); +#ifdef CONFIG_TLS_DEVICE + flush |= p->decrypted ^ skb->decrypted; +#endif if (flush || skb_gro_receive(p, skb)) { mss = 1; -- 1.8.3.1