rpms / kmod-redhat-mlx5_core

Clone
Source Code
GIT

Files

  1.   d8f8234b6a27c33f17cf74577916ad7bd9fc42cc
  2.   SOURCES
  3.   0127-netdrv-net-mlx5e-kTLS-Do-not-send-decrypted-marked-S.patch
Blob Blame History Raw 
From 7bdb3136d262ec2afca5f131fe787ec5b7d23f4f Mon Sep 17 00:00:00 2001
From: Alaa Hleihel <ahleihel@redhat.com>
Date: Sun, 10 May 2020 15:04:52 -0400
Subject: [PATCH 127/312] [netdrv] net/mlx5e: kTLS, Do not send
 decrypted-marked SKBs via non-accel path

Message-id: <20200510150452.10307-88-ahleihel@redhat.com>
Patchwork-id: 306711
Patchwork-instance: patchwork
O-Subject: [RHEL8.3 BZ 1789380 v2 87/87] net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path
Bugzilla: 1789380
RH-Acked-by: Kamal Heib <kheib@redhat.com>
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>
RH-Acked-by: Jonathan Toppins <jtoppins@redhat.com>

Bugzilla: http://bugzilla.redhat.com/1789380
Upstream: v5.5

commit 342508c1c7540e281fd36151c175ba5ff954a99f
Author: Tariq Toukan <tariqt@mellanox.com>
Date:   Mon Jan 20 13:42:00 2020 +0200

    net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path

    When TCP out-of-order is identified (unexpected tcp seq mismatch), driver
    analyzes the packet and decides what handling should it get:
    1. go to accelerated path (to be encrypted in HW),
    2. go to regular xmit path (send w/o encryption),
    3. drop.

    Packets marked with skb->decrypted by the TLS stack in the TX flow skips
    SW encryption, and rely on the HW offload.
    Verify that such packets are never sent un-encrypted on the wire.
    Add a WARN to catch such bugs, and prefer dropping the packet in these cases.

    Fixes: 46a3ea98074e ("net/mlx5e: kTLS, Enhance TX resync flow")
    Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
    Signed-off-by: Boris Pismenny <borisp@mellanox.com>
    Reviewed-by: Boris Pismenny <borisp@mellanox.com>
    Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>

Signed-off-by: Alaa Hleihel <ahleihel@redhat.com>
Signed-off-by: Frantisek Hrbata <fhrbata@redhat.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
index 592e921aa167..f260dd96873b 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
@@ -458,12 +458,18 @@ struct sk_buff *mlx5e_ktls_handle_tx_skb(struct net_device *netdev,
 		enum mlx5e_ktls_sync_retval ret =
 			mlx5e_ktls_tx_handle_ooo(priv_tx, sq, datalen, seq);
 
-		if (likely(ret == MLX5E_KTLS_SYNC_DONE))
+		switch (ret) {
+		case MLX5E_KTLS_SYNC_DONE:
 			*wqe = mlx5e_sq_fetch_wqe(sq, sizeof(**wqe), pi);
-		else if (ret == MLX5E_KTLS_SYNC_FAIL)
+			break;
+		case MLX5E_KTLS_SYNC_SKIP_NO_DATA:
+			if (likely(!skb->decrypted))
+				goto out;
+			WARN_ON_ONCE(1);
+			/* fall-through */
+		default: /* MLX5E_KTLS_SYNC_FAIL */
 			goto err_out;
-		else /* ret == MLX5E_KTLS_SYNC_SKIP_NO_DATA */
-			goto out;
+		}
 	}
 
 	priv_tx->expected_seq = seq + datalen;
-- 
2.13.6

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation