diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2022-07-22 16:50:30 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2022-07-26 14:38:51 -0700 |
| commit | d4e5db6452211467f668521f5a3bd3c3928918e1 (patch) | |
| tree | df5863e1025a26d4ed2842d7c2e38761ec306b50 /net/tls | |
| parent | b93f5700164dabc59f5c82857dbe571e0ccb2d35 (diff) | |
| download | linux-d4e5db6452211467f668521f5a3bd3c3928918e1.tar.bz2 | |
tls: rx: device: keep the zero copy status with offload
The non-zero-copy path assumes a full skb with decrypted contents.
This means the device offload would have to CoW the data. Try
to keep the zero-copy status instead, copy the data to user space.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/tls')
| -rw-r--r-- | net/tls/tls.h | 1 | ||||
| -rw-r--r-- | net/tls/tls_strp.c | 9 | ||||
| -rw-r--r-- | net/tls/tls_sw.c | 30 |
3 files changed, 35 insertions, 5 deletions
diff --git a/net/tls/tls.h b/net/tls/tls.h index 24bec1c5f1e8..78c5d699bf75 100644 --- a/net/tls/tls.h +++ b/net/tls/tls.h @@ -127,6 +127,7 @@ int tls_sw_fallback_init(struct sock *sk, struct tls_offload_context_tx *offload_ctx, struct tls_crypto_info *crypto_info); +struct sk_buff *tls_strp_msg_detach(struct tls_sw_context_rx *ctx); int tls_strp_msg_hold(struct sock *sk, struct sk_buff *skb, struct sk_buff_head *dst); diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index 9ccab79a6e1e..40b177366121 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -4,6 +4,15 @@ #include "tls.h" +struct sk_buff *tls_strp_msg_detach(struct tls_sw_context_rx *ctx) +{ + struct sk_buff *skb; + + skb = ctx->recv_pkt; + ctx->recv_pkt = NULL; + return skb; +} + int tls_strp_msg_hold(struct sock *sk, struct sk_buff *skb, struct sk_buff_head *dst) { diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index fe38b49a2607..bd4486819e64 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1631,8 +1631,8 @@ tls_decrypt_sw(struct sock *sk, struct tls_context *tls_ctx, } static int -tls_decrypt_device(struct sock *sk, struct tls_context *tls_ctx, - struct tls_decrypt_arg *darg) +tls_decrypt_device(struct sock *sk, struct msghdr *msg, + struct tls_context *tls_ctx, struct tls_decrypt_arg *darg) { struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx); struct tls_prot_info *prot = &tls_ctx->prot_info; @@ -1650,13 +1650,33 @@ tls_decrypt_device(struct sock *sk, struct tls_context *tls_ctx, if (pad < 0) return pad; - darg->zc = false; darg->async = false; darg->skb = tls_strp_msg(ctx); - ctx->recv_pkt = NULL; + /* ->zc downgrade check, in case TLS 1.3 gets here */ + darg->zc &= !(prot->version == TLS_1_3_VERSION && + tls_msg(darg->skb)->control != TLS_RECORD_TYPE_DATA); rxm = strp_msg(darg->skb); rxm->full_len -= pad; + + if (!darg->zc) { + /* Non-ZC case needs a real skb */ + darg->skb = tls_strp_msg_detach(ctx); + if (!darg->skb) + return -ENOMEM; + } else { + unsigned int off, len; + + /* In ZC case nobody cares about the output skb. + * Just copy the data here. Note the skb is not fully trimmed. + */ + off = rxm->offset + prot->prepend_size; + len = rxm->full_len - prot->overhead_size; + + err = skb_copy_datagram_msg(darg->skb, off, msg, len); + if (err) + return err; + } return 1; } @@ -1668,7 +1688,7 @@ static int tls_rx_one_record(struct sock *sk, struct msghdr *msg, struct strp_msg *rxm; int err; - err = tls_decrypt_device(sk, tls_ctx, darg); + err = tls_decrypt_device(sk, msg, tls_ctx, darg); if (!err) err = tls_decrypt_sw(sk, tls_ctx, msg, darg); if (err < 0) |