Skip to content

Commit 6ececdc

Browse files
kuba-moodavem330
kuba-moo
authored and
davem330
committed
tls: rx: async: adjust record geometry immediately
Async crypto TLS Rx currently waits for crypto to be done in order to strip the TLS header and tailer. Simplify the code by moving the pointers immediately, since only TLS 1.2 is supported here there is no message padding. This simplifies the decryption into a new skb in the next patch as we don't have to worry about input vs output skb in the decrypt_done() handler any more. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 6bd116c commit 6ececdc

File tree

1 file changed

+10
-39
lines changed

1 file changed

+10
-39
lines changed

net/tls/tls_sw.c

Lines changed: 10 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -184,39 +184,22 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err)
184184
struct scatterlist *sgin = aead_req->src;
185185
struct tls_sw_context_rx *ctx;
186186
struct tls_context *tls_ctx;
187-
struct tls_prot_info *prot;
188187
struct scatterlist *sg;
189-
struct sk_buff *skb;
190188
unsigned int pages;
189+
struct sock *sk;
191190

192-
skb = (struct sk_buff *)req->data;
193-
tls_ctx = tls_get_ctx(skb->sk);
191+
sk = (struct sock *)req->data;
192+
tls_ctx = tls_get_ctx(sk);
194193
ctx = tls_sw_ctx_rx(tls_ctx);
195-
prot = &tls_ctx->prot_info;
196194

197195
/* Propagate if there was an err */
198196
if (err) {
199197
if (err == -EBADMSG)
200-
TLS_INC_STATS(sock_net(skb->sk),
201-
LINUX_MIB_TLSDECRYPTERROR);
198+
TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
202199
ctx->async_wait.err = err;
203-
tls_err_abort(skb->sk, err);
204-
} else {
205-
struct strp_msg *rxm = strp_msg(skb);
206-
207-
/* No TLS 1.3 support with async crypto */
208-
WARN_ON(prot->tail_size);
209-
210-
rxm->offset += prot->prepend_size;
211-
rxm->full_len -= prot->overhead_size;
200+
tls_err_abort(sk, err);
212201
}
213202

214-
/* After using skb->sk to propagate sk through crypto async callback
215-
* we need to NULL it again.
216-
*/
217-
skb->sk = NULL;
218-
219-
220203
/* Free the destination pages if skb was not decrypted inplace */
221204
if (sgout != sgin) {
222205
/* Skip the first S/G entry as it points to AAD */
@@ -236,7 +219,6 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err)
236219
}
237220

238221
static int tls_do_decryption(struct sock *sk,
239-
struct sk_buff *skb,
240222
struct scatterlist *sgin,
241223
struct scatterlist *sgout,
242224
char *iv_recv,
@@ -256,16 +238,9 @@ static int tls_do_decryption(struct sock *sk,
256238
(u8 *)iv_recv);
257239

258240
if (darg->async) {
259-
/* Using skb->sk to push sk through to crypto async callback
260-
* handler. This allows propagating errors up to the socket
261-
* if needed. It _must_ be cleared in the async handler
262-
* before consume_skb is called. We _know_ skb->sk is NULL
263-
* because it is a clone from strparser.
264-
*/
265-
skb->sk = sk;
266241
aead_request_set_callback(aead_req,
267242
CRYPTO_TFM_REQ_MAY_BACKLOG,
268-
tls_decrypt_done, skb);
243+
tls_decrypt_done, sk);
269244
atomic_inc(&ctx->decrypt_pending);
270245
} else {
271246
aead_request_set_callback(aead_req,
@@ -1554,7 +1529,7 @@ static int tls_decrypt_sg(struct sock *sk, struct iov_iter *out_iov,
15541529
}
15551530

15561531
/* Prepare and submit AEAD request */
1557-
err = tls_do_decryption(sk, skb, sgin, sgout, dctx->iv,
1532+
err = tls_do_decryption(sk, sgin, sgout, dctx->iv,
15581533
data_len + prot->tail_size, aead_req, darg);
15591534
if (err)
15601535
goto exit_free_pages;
@@ -1617,11 +1592,8 @@ static int tls_rx_one_record(struct sock *sk, struct iov_iter *dest,
16171592
TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
16181593
return err;
16191594
}
1620-
if (darg->async) {
1621-
if (darg->skb == ctx->recv_pkt)
1622-
ctx->recv_pkt = NULL;
1623-
goto decrypt_next;
1624-
}
1595+
if (darg->async)
1596+
goto decrypt_done;
16251597
/* If opportunistic TLS 1.3 ZC failed retry without ZC */
16261598
if (unlikely(darg->zc && prot->version == TLS_1_3_VERSION &&
16271599
darg->tail != TLS_RECORD_TYPE_DATA)) {
@@ -1632,10 +1604,10 @@ static int tls_rx_one_record(struct sock *sk, struct iov_iter *dest,
16321604
return tls_rx_one_record(sk, dest, darg);
16331605
}
16341606

1607+
decrypt_done:
16351608
if (darg->skb == ctx->recv_pkt)
16361609
ctx->recv_pkt = NULL;
16371610

1638-
decrypt_done:
16391611
pad = tls_padding_length(prot, darg->skb, darg);
16401612
if (pad < 0) {
16411613
consume_skb(darg->skb);
@@ -1646,7 +1618,6 @@ static int tls_rx_one_record(struct sock *sk, struct iov_iter *dest,
16461618
rxm->full_len -= pad;
16471619
rxm->offset += prot->prepend_size;
16481620
rxm->full_len -= prot->overhead_size;
1649-
decrypt_next:
16501621
tls_advance_record_sn(sk, prot, &tls_ctx->rx);
16511622

16521623
return 0;

0 commit comments

Comments
 (0)