From: Jakub Kicinski <kuba@kernel.org>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com,
borisp@nvidia.com, john.fastabend@gmail.com, maximmi@nvidia.com,
tariqt@nvidia.com, vfedorenko@novek.ru,
Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH net-next v3 2/7] tls: rx: factor SW handling out of tls_rx_one_record()
Date: Fri, 22 Jul 2022 16:50:28 -0700 [thread overview]
Message-ID: <20220722235033.2594446-3-kuba@kernel.org> (raw)
In-Reply-To: <20220722235033.2594446-1-kuba@kernel.org>
After recent changes the SW side of tls_rx_one_record() can
be nicely encapsulated in its own function. Move the pad handling
as well. This will be useful for ->zc handling in tls_decrypt_device().
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
CC: borisp@nvidia.com
CC: john.fastabend@gmail.com
---
net/tls/tls_sw.c | 93 +++++++++++++++++++++++++++++-------------------
1 file changed, 57 insertions(+), 36 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index cb99fc11997b..eed52f853418 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1409,7 +1409,7 @@ tls_alloc_clrtxt_skb(struct sock *sk, struct sk_buff *skb,
/* Decrypt handlers
*
- * tls_decrypt_sg() and tls_decrypt_device() are decrypt handlers.
+ * tls_decrypt_sw() and tls_decrypt_device() are decrypt handlers.
* They must transform the darg in/out argument are as follows:
* | Input | Output
* -------------------------------------------------------------------
@@ -1589,49 +1589,22 @@ static int tls_decrypt_sg(struct sock *sk, struct iov_iter *out_iov,
}
static int
-tls_decrypt_device(struct sock *sk, struct tls_context *tls_ctx,
- struct tls_decrypt_arg *darg)
-{
- struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
- int err;
-
- if (tls_ctx->rx_conf != TLS_HW)
- return 0;
-
- err = tls_device_decrypted(sk, tls_ctx);
- if (err <= 0)
- return err;
-
- darg->zc = false;
- darg->async = false;
- darg->skb = tls_strp_msg(ctx);
- ctx->recv_pkt = NULL;
- return 1;
-}
-
-static int tls_rx_one_record(struct sock *sk, struct iov_iter *dest,
- struct tls_decrypt_arg *darg)
+tls_decrypt_sw(struct sock *sk, struct tls_context *tls_ctx,
+ struct msghdr *msg, struct tls_decrypt_arg *darg)
{
- struct tls_context *tls_ctx = tls_get_ctx(sk);
struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
struct tls_prot_info *prot = &tls_ctx->prot_info;
struct strp_msg *rxm;
int pad, err;
- err = tls_decrypt_device(sk, tls_ctx, darg);
- if (err < 0)
- return err;
- if (err)
- goto decrypt_done;
-
- err = tls_decrypt_sg(sk, dest, NULL, darg);
+ err = tls_decrypt_sg(sk, &msg->msg_iter, NULL, darg);
if (err < 0) {
if (err == -EBADMSG)
TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
return err;
}
- if (darg->async)
- goto decrypt_done;
+ /* keep going even for ->async, the code below is TLS 1.3 */
+
/* If opportunistic TLS 1.3 ZC failed retry without ZC */
if (unlikely(darg->zc && prot->version == TLS_1_3_VERSION &&
darg->tail != TLS_RECORD_TYPE_DATA)) {
@@ -1639,10 +1612,9 @@ static int tls_rx_one_record(struct sock *sk, struct iov_iter *dest,
if (!darg->tail)
TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXNOPADVIOL);
TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTRETRY);
- return tls_rx_one_record(sk, dest, darg);
+ return tls_decrypt_sw(sk, tls_ctx, msg, darg);
}
-decrypt_done:
if (darg->skb == ctx->recv_pkt)
ctx->recv_pkt = NULL;
@@ -1654,6 +1626,55 @@ static int tls_rx_one_record(struct sock *sk, struct iov_iter *dest,
rxm = strp_msg(darg->skb);
rxm->full_len -= pad;
+
+ return 0;
+}
+
+static int
+tls_decrypt_device(struct sock *sk, struct tls_context *tls_ctx,
+ struct tls_decrypt_arg *darg)
+{
+ struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
+ struct tls_prot_info *prot = &tls_ctx->prot_info;
+ struct strp_msg *rxm;
+ int pad, err;
+
+ if (tls_ctx->rx_conf != TLS_HW)
+ return 0;
+
+ err = tls_device_decrypted(sk, tls_ctx);
+ if (err <= 0)
+ return err;
+
+ pad = tls_padding_length(prot, tls_strp_msg(ctx), darg);
+ if (pad < 0)
+ return pad;
+
+ darg->zc = false;
+ darg->async = false;
+ darg->skb = tls_strp_msg(ctx);
+ ctx->recv_pkt = NULL;
+
+ rxm = strp_msg(darg->skb);
+ rxm->full_len -= pad;
+ return 1;
+}
+
+static int tls_rx_one_record(struct sock *sk, struct msghdr *msg,
+ struct tls_decrypt_arg *darg)
+{
+ struct tls_context *tls_ctx = tls_get_ctx(sk);
+ struct tls_prot_info *prot = &tls_ctx->prot_info;
+ struct strp_msg *rxm;
+ int err;
+
+ err = tls_decrypt_device(sk, tls_ctx, darg);
+ if (!err)
+ err = tls_decrypt_sw(sk, tls_ctx, msg, darg);
+ if (err < 0)
+ return err;
+
+ rxm = strp_msg(darg->skb);
rxm->offset += prot->prepend_size;
rxm->full_len -= prot->overhead_size;
tls_advance_record_sn(sk, prot, &tls_ctx->rx);
@@ -1943,7 +1964,7 @@ int tls_sw_recvmsg(struct sock *sk,
else
darg.async = false;
- err = tls_rx_one_record(sk, &msg->msg_iter, &darg);
+ err = tls_rx_one_record(sk, msg, &darg);
if (err < 0) {
tls_err_abort(sk, -EBADMSG);
goto recv_end;
--
2.37.1
next prev parent reply other threads:[~2022-07-22 23:50 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-22 23:50 [PATCH net-next v3 0/7] tls: rx: decrypt from the TCP queue Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 1/7] tls: rx: wrap recv_pkt accesses in helpers Jakub Kicinski
2022-07-22 23:50 ` Jakub Kicinski [this message]
2022-07-22 23:50 ` [PATCH net-next v3 3/7] tls: rx: don't free the output in case of zero-copy Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 4/7] tls: rx: device: keep the zero copy status with offload Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 5/7] tcp: allow tls to decrypt directly from the tcp rcv queue Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 6/7] tls: rx: device: add input CoW helper Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 7/7] tls: rx: do not use the standard strparser Jakub Kicinski
2022-07-26 9:27 ` Paolo Abeni
2022-07-26 17:01 ` Jakub Kicinski
2022-07-26 17:26 ` Paolo Abeni
2022-08-02 14:54 ` Tariq Toukan
2022-08-02 15:40 ` Jakub Kicinski
2022-08-04 1:24 ` Jakub Kicinski
2022-08-04 6:13 ` Tariq Toukan
2022-08-04 8:05 ` Tariq Toukan
2022-08-04 15:35 ` Jakub Kicinski
2022-08-07 6:01 ` Tariq Toukan
2022-08-04 15:59 ` Jakub Kicinski
2022-08-07 6:01 ` Tariq Toukan
2022-08-08 5:24 ` Tariq Toukan
2022-08-08 18:24 ` Jakub Kicinski
2022-08-09 8:47 ` Tariq Toukan
2023-03-09 15:15 ` Tariq Toukan
2023-03-09 17:54 ` Jakub Kicinski
2023-03-12 17:59 ` Tariq Toukan
2023-03-13 18:22 ` Jakub Kicinski
2023-03-15 20:26 ` Tariq Toukan
2023-03-16 1:41 ` Jakub Kicinski
2022-07-26 22:00 ` [PATCH net-next v3 0/7] tls: rx: decrypt from the TCP queue patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220722235033.2594446-3-kuba@kernel.org \
--to=kuba@kernel.org \
--cc=borisp@nvidia.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=john.fastabend@gmail.com \
--cc=maximmi@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=tariqt@nvidia.com \
--cc=vfedorenko@novek.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).