]> git.baikalelectronics.ru Git - kernel.git/commitdiff
net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path
authorTariq Toukan <tariqt@mellanox.com>
Mon, 20 Jan 2020 11:42:00 +0000 (13:42 +0200)
committerSaeed Mahameed <saeedm@mellanox.com>
Fri, 24 Jan 2020 20:04:40 +0000 (12:04 -0800)
When TCP out-of-order is identified (unexpected tcp seq mismatch), driver
analyzes the packet and decides what handling should it get:
1. go to accelerated path (to be encrypted in HW),
2. go to regular xmit path (send w/o encryption),
3. drop.

Packets marked with skb->decrypted by the TLS stack in the TX flow skips
SW encryption, and rely on the HW offload.
Verify that such packets are never sent un-encrypted on the wire.
Add a WARN to catch such bugs, and prefer dropping the packet in these cases.

Fixes: 9da8839f578f ("net/mlx5e: kTLS, Enhance TX resync flow")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c

index 592e921aa1670de356d188b79bd1f25081d85ae4..f260dd96873bf3bacdb1b1ace307bc2861280d89 100644 (file)
@@ -458,12 +458,18 @@ struct sk_buff *mlx5e_ktls_handle_tx_skb(struct net_device *netdev,
                enum mlx5e_ktls_sync_retval ret =
                        mlx5e_ktls_tx_handle_ooo(priv_tx, sq, datalen, seq);
 
-               if (likely(ret == MLX5E_KTLS_SYNC_DONE))
+               switch (ret) {
+               case MLX5E_KTLS_SYNC_DONE:
                        *wqe = mlx5e_sq_fetch_wqe(sq, sizeof(**wqe), pi);
-               else if (ret == MLX5E_KTLS_SYNC_FAIL)
+                       break;
+               case MLX5E_KTLS_SYNC_SKIP_NO_DATA:
+                       if (likely(!skb->decrypted))
+                               goto out;
+                       WARN_ON_ONCE(1);
+                       /* fall-through */
+               default: /* MLX5E_KTLS_SYNC_FAIL */
                        goto err_out;
-               else /* ret == MLX5E_KTLS_SYNC_SKIP_NO_DATA */
-                       goto out;
+               }
        }
 
        priv_tx->expected_seq = seq + datalen;