From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net-next] net/tls: Fixed race condition in async encryption Date: Mon, 24 Sep 2018 12:26:18 -0700 (PDT) Message-ID: <20180924.122618.1418901464036152090.davem@davemloft.net> References: <20180924100556.11420-1-vakul.garg@nxp.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, borisp@mellanox.com, aviadye@mellanox.com, davejwatson@fb.com, doronrk@fb.com To: vakul.garg@nxp.com Return-path: Received: from shards.monkeyblade.net ([23.128.96.9]:51118 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726888AbeIYBaB (ORCPT ); Mon, 24 Sep 2018 21:30:01 -0400 In-Reply-To: <20180924100556.11420-1-vakul.garg@nxp.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Vakul Garg Date: Mon, 24 Sep 2018 15:35:56 +0530 > On processors with multi-engine crypto accelerators, it is possible that > multiple records get encrypted in parallel and their encryption > completion is notified to different cpus in multicore processor. This > leads to the situation where tls_encrypt_done() starts executing in > parallel on different cores. In current implementation, encrypted > records are queued to tx_ready_list in tls_encrypt_done(). This requires > addition to linked list 'tx_ready_list' to be protected. As > tls_decrypt_done() could be executing in irq content, it is not possible > to protect linked list addition operation using a lock. > > To fix the problem, we remove linked list addition operation from the > irq context. We do tx_ready_list addition/removal operation from > application context only and get rid of possible multiple access to > the linked list. Before starting encryption on the record, we add it to > the tail of tx_ready_list. To prevent tls_tx_records() from transmitting > it, we mark the record with a new flag 'tx_ready' in 'struct tls_rec'. > When record encryption gets completed, tls_encrypt_done() has to only > update the 'tx_ready' flag to true & linked list add operation is not > required. > > The changed logic brings some other side benefits. Since the records > are always submitted in tls sequence number order for encryption, the > tx_ready_list always remains sorted and addition of new records to it > does not have to traverse the linked list. > > Lastly, we renamed tx_ready_list in 'struct tls_sw_context_tx' to > 'tx_list'. This is because now, the some of the records at the tail are > not ready to transmit. > > Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption") > Signed-off-by: Vakul Garg Applied.