Commit 8a958732 authored by Jakub Kicinski's avatar Jakub Kicinski Committed by David S. Miller

tls: rx: factor out device darg update

I already forgot to transform darg from input to output
semantics once on the NIC inline crypto fastpath. To
avoid this happening again create a device equivalent
of decrypt_internal(). A function responsible for decryption
and transforming darg.

While at it rename decrypt_internal() to a hopefully slightly
more meaningful name.
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 53d57999
...@@ -1404,15 +1404,24 @@ static int tls_setup_from_iter(struct iov_iter *from, ...@@ -1404,15 +1404,24 @@ static int tls_setup_from_iter(struct iov_iter *from,
return rc; return rc;
} }
/* Decrypt handlers
*
* tls_decrypt_sg() and tls_decrypt_device() are decrypt handlers.
* They must transform the darg in/out argument are as follows:
* | Input | Output
* -------------------------------------------------------------------
* zc | Zero-copy decrypt allowed | Zero-copy performed
* async | Async decrypt allowed | Async crypto used / in progress
*/
/* This function decrypts the input skb into either out_iov or in out_sg /* This function decrypts the input skb into either out_iov or in out_sg
* or in skb buffers itself. The input parameter 'zc' indicates if * or in skb buffers itself. The input parameter 'darg->zc' indicates if
* zero-copy mode needs to be tried or not. With zero-copy mode, either * zero-copy mode needs to be tried or not. With zero-copy mode, either
* out_iov or out_sg must be non-NULL. In case both out_iov and out_sg are * out_iov or out_sg must be non-NULL. In case both out_iov and out_sg are
* NULL, then the decryption happens inside skb buffers itself, i.e. * NULL, then the decryption happens inside skb buffers itself, i.e.
* zero-copy gets disabled and 'zc' is updated. * zero-copy gets disabled and 'darg->zc' is updated.
*/ */
static int tls_decrypt_sg(struct sock *sk, struct sk_buff *skb,
static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
struct iov_iter *out_iov, struct iov_iter *out_iov,
struct scatterlist *out_sg, struct scatterlist *out_sg,
struct tls_decrypt_arg *darg) struct tls_decrypt_arg *darg)
...@@ -1556,6 +1565,24 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, ...@@ -1556,6 +1565,24 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
return err; return err;
} }
static int
tls_decrypt_device(struct sock *sk, struct tls_context *tls_ctx,
struct sk_buff *skb, struct tls_decrypt_arg *darg)
{
int err;
if (tls_ctx->rx_conf != TLS_HW)
return 0;
err = tls_device_decrypted(sk, tls_ctx, skb, strp_msg(skb));
if (err <= 0)
return err;
darg->zc = false;
darg->async = false;
return 1;
}
static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
struct iov_iter *dest, struct iov_iter *dest,
struct tls_decrypt_arg *darg) struct tls_decrypt_arg *darg)
...@@ -1565,18 +1592,13 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, ...@@ -1565,18 +1592,13 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
struct strp_msg *rxm = strp_msg(skb); struct strp_msg *rxm = strp_msg(skb);
int pad, err; int pad, err;
if (tls_ctx->rx_conf == TLS_HW) { err = tls_decrypt_device(sk, tls_ctx, skb, darg);
err = tls_device_decrypted(sk, tls_ctx, skb, rxm);
if (err < 0) if (err < 0)
return err; return err;
if (err > 0) { if (err)
darg->zc = false;
darg->async = false;
goto decrypt_done; goto decrypt_done;
}
}
err = decrypt_internal(sk, skb, dest, NULL, darg); err = tls_decrypt_sg(sk, skb, dest, NULL, darg);
if (err < 0) { if (err < 0) {
if (err == -EBADMSG) if (err == -EBADMSG)
TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR); TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
...@@ -1613,7 +1635,7 @@ int decrypt_skb(struct sock *sk, struct sk_buff *skb, ...@@ -1613,7 +1635,7 @@ int decrypt_skb(struct sock *sk, struct sk_buff *skb,
{ {
struct tls_decrypt_arg darg = { .zc = true, }; struct tls_decrypt_arg darg = { .zc = true, };
return decrypt_internal(sk, skb, NULL, sgout, &darg); return tls_decrypt_sg(sk, skb, NULL, sgout, &darg);
} }
static int tls_record_content_type(struct msghdr *msg, struct tls_msg *tlm, static int tls_record_content_type(struct msghdr *msg, struct tls_msg *tlm,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment