1. 13 Apr, 2022 27 commits
    • Nikolay Aleksandrov's avatar
      net: netlink: add NLM_F_BULK delete request modifier · 545528d7
      Nikolay Aleksandrov authored
      Add a new delete request modifier called NLM_F_BULK which, when
      supported, would cause the request to delete multiple objects. The flag
      is a convenient way to signal that a multiple delete operation is
      requested which can be gradually added to different delete requests. In
      order to make sure older kernels will error out if the operation is not
      supported instead of doing something unintended we have to break a
      required condition when implementing support for this flag, f.e. for
      neighbors we will omit the mandatory mac address attribute.
      Initially it will be used to add flush with filtering support for bridge
      fdbs, but it also opens the door to add similar support to others.
      Signed-off-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      545528d7
    • Nikolay Aleksandrov's avatar
      net: rtnetlink: use BIT for flag values · 0569e31f
      Nikolay Aleksandrov authored
      Use BIT to define flag values.
      Signed-off-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0569e31f
    • Nikolay Aleksandrov's avatar
      net: rtnetlink: add helper to extract msg type's kind · 2e9ea3e3
      Nikolay Aleksandrov authored
      Add a helper which extracts the msg type's kind using the kind mask (0x3).
      Signed-off-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2e9ea3e3
    • Nikolay Aleksandrov's avatar
      net: rtnetlink: add msg kind names · 12dc5c2c
      Nikolay Aleksandrov authored
      Add rtnl kind names instead of using raw values. We'll need to
      check for DEL kind later to validate bulk flag support.
      Signed-off-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      12dc5c2c
    • David S. Miller's avatar
      Merge branch 'net-ti-storm-prevention-support' · ae10162c
      David S. Miller authored
      Grygorii Strashko says:
      
      ====================
      net: ethernet: ti: enable bc/mc storm prevention support
      
      This series first adds supports for the ALE feature to rate limit number ingress
      broadcast(BC)/multicast(MC) packets per/sec which main purpose is BC/MC storm
      prevention.
      
      And then enables corresponding support for ingress broadcast(BC)/multicast(MC)
      packets rate limiting for TI CPSW switchdev and AM65x/J221E CPSW_NUSS drivers by
      implementing HW offload for simple tc-flower with policer action with matches
      on dst_mac/mask:
       - ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff has to be used for BC packets rate
      limiting (exact match)
       - 01:00:00:00:00:00/01:00:00:00:00:00 fixed value has to be used for MC
      packets rate limiting
      
      The CPSW supports MC/BC packets rate limiting in packets/sec and affects
      all ingress MC/BC packets and serves as BC/MC storm prevention feature.
      
      Examples:
      - BC rate limit to 1000pps:
        tc qdisc add dev eth0 clsact
        tc filter add dev eth0 ingress flower skip_sw dst_mac ff:ff:ff:ff:ff:ff \
        action police pkts_rate 1000 pkts_burst 1 drop
      
      - MC rate limit to 20000pps:
        tc qdisc add dev eth0 clsact
        tc filter add dev eth0 ingress flower skip_sw dst_mac 01:00:00:00:00:00/01:00:00:00:00:00 \
        action police rate pkts_rate 20000 pkts_burst 1 drop
      
        pkts_burst - not used.
      
      The solution inspired patch from Vladimir Oltean [1].
      
      Changes in v3:
        - comments applied
        - policer validation added
      
      Changes in v2:
       - switch to packet-per-second policing introduced by
         commit 2ffe0395 ("net/sched: act_police: add support for packet-per-second policing") [2]
      
      v2: https://patchwork.kernel.org/project/netdevbpf/cover/20211101170122.19160-1-grygorii.strashko@ti.com/
      v1: https://patchwork.kernel.org/project/netdevbpf/cover/20201114035654.32658-1-grygorii.strashko@ti.com/
      
      [1] https://lore.kernel.org/patchwork/patch/1217254/
      [2] https://patchwork.kernel.org/project/netdevbpf/cover/20210312140831.23346-1-simon.horman@netronome.com/
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ae10162c
    • Grygorii Strashko's avatar
      net: ethernet: ti: cpsw_new: enable bc/mc storm prevention support · 127c9e97
      Grygorii Strashko authored
      This patch enables support for ingress broadcast(BC)/multicast(MC) packets
      rate limiting in TI CPSW switchdev driver (the corresponding ALE support
      was added in previous patch) by implementing HW offload for simple
      tc-flower with policer action with matches on dst_mac:
       - ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff has to be used for BC packets rate
      limiting (exact match)
       - 01:00:00:00:00:00/01:00:00:00:00:00 fixed value has to be used for MC
      packets rate limiting
      
      The CPSW supports MC/BC packets rate limiting in packets/sec and affects
      all ingress MC/BC packets and serves as BC/MC storm prevention feature.
      
      Examples:
      - BC rate limit to 1000pps:
        tc qdisc add dev eth0 clsact
        tc filter add dev eth0 ingress flower skip_sw dst_mac ff:ff:ff:ff:ff:ff \
        action police pkts_rate 1000 pkts_burst 1 drop
      
      - MC rate limit to 20000pps:
        tc qdisc add dev eth0 clsact
        tc filter add dev eth0 ingress flower skip_sw dst_mac 01:00:00:00:00:00/01:00:00:00:00:00 \
        action police rate pkts_rate 10000 pkts_burst 1 drop
      
        pkts_burst - not used.
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      127c9e97
    • Grygorii Strashko's avatar
      net: ethernet: ti: am65-cpsw: enable bc/mc storm prevention support · 5ec836be
      Grygorii Strashko authored
      This patch enables support for ingress broadcast(BC)/multicast(MC) packets
      rate limiting in TI AM65x CPSW driver (the corresponding ALE support was
      added in previous patch) by implementing HW offload for simple tc-flower
      with policer action with matches on dst_mac/mask:
       - ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff has to be used for BC packets rate
      limiting (exact match)
       - 01:00:00:00:00:00/01:00:00:00:00:00 fixed value has to be used for MC
      packets rate limiting
      
      The CPSW supports MC/BC packets rate limiting in packets/sec and affects
      all ingress MC/BC packets and serves as BC/MC storm prevention feature.
      
      Examples:
      - BC rate limit to 1000pps:
        tc qdisc add dev eth0 clsact
        tc filter add dev eth0 ingress flower skip_sw dst_mac ff:ff:ff:ff:ff:ff \
        action police pkts_rate 1000 pkts_burst 1 drop
      
      - MC rate limit to 20000pps:
        tc qdisc add dev eth0 clsact
        tc filter add dev eth0 ingress flower skip_sw dst_mac 01:00:00:00:00:00/01:00:00:00:00:00 \
        action police rate pkts_rate 20000 pkts_burst 1 drop
      
        pkts_burst - not used.
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5ec836be
    • Grygorii Strashko's avatar
      drivers: net: cpsw: ale: add broadcast/multicast rate limit support · e3a5e33f
      Grygorii Strashko authored
      The CPSW ALE supports feature to rate limit number ingress
      broadcast(BC)/multicast(MC) packets per/sec which main purpose is BC/MC
      storm prevention.
      
      The ALE BC/MC packet rate limit configuration consist of two parts:
      - global
        ALE_CONTROL.ENABLE_RATE_LIMIT bit 0 which enables rate limiting globally
        ALE_PRESCALE.PRESCALE specifies rate limiting interval
      - per-port
        ALE_PORTCTLx.BCASTMCAST/_LIMIT specifies number of BC/MC packets allowed
        per rate limiting interval.
        When port.BCASTMCAST/_LIMIT is 0 rate limiting is disabled for Port.
      
      When BC/MC packet rate limiting is enabled the number of allowed packets
      per/sec is defined as:
        number_of_packets/sec = (Fclk / ALE_PRESCALE) * port.BCASTMCAST/_LIMIT
      
      Hence, the ALE_PRESCALE configuration is common for all ports the 1ms
      interval is selected and configured during ALE initialization while
      port.BCAST/MCAST_LIMIT are configured per-port.
      This allows to achieve:
       - min number_of_packets = 1000 when port.BCAST/MCAST_LIMIT = 1
       - max number_of_packets = 1000 * 255 = 255000
         when port.BCAST/MCAST_LIMIT = 0xFF
      
      The ALE_CONTROL.ENABLE_RATE_LIMIT can also be enabled once during ALE
      initialization as rate limiting enabled by non zero port.BCASTMCAST/_LIMIT
      values.
      
      This patch implements above logic in ALE and adds new ALE APIs
       cpsw_ale_rx_ratelimit_bc();
       cpsw_ale_rx_ratelimit_mc();
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e3a5e33f
    • Russell King (Oracle)'s avatar
      net: phylink: remove phylink_helper_basex_speed() · 1a95e04e
      Russell King (Oracle) authored
      As there are now no users of phylink_helper_basex_speed(), we can
      remove this obsolete functionality.
      Signed-off-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1a95e04e
    • Dan Carpenter's avatar
      net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb() · 17a5f6a7
      Dan Carpenter authored
      The __mtk_foe_entry_clear() function frees "entry" so we have to use
      the _safe() version of hlist_for_each_entry() to prevent a use after
      free.
      
      Fixes: 33fc42de ("net: ethernet: mtk_eth_soc: support creating mac address based offload entries")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      17a5f6a7
    • Minghao Chi's avatar
      net: ethernet: ti: am65-cpsw-nuss: using pm_runtime_resume_and_get instead of pm_runtime_get_sync · 2240514c
      Minghao Chi authored
      Using pm_runtime_resume_and_get is more appropriate
      for simplifing code
      Reported-by: default avatarZeal Robot <zealci@zte.com.cn>
      Signed-off-by: default avatarMinghao Chi <chi.minghao@zte.com.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2240514c
    • Lin Ma's avatar
      NFC: NULL out the dev->rfkill to prevent UAF · 1b0e8141
      Lin Ma authored
      Commit 3e3b5dfc ("NFC: reorder the logic in nfc_{un,}register_device")
      assumes the device_is_registered() in function nfc_dev_up() will help
      to check when the rfkill is unregistered. However, this check only
      take effect when device_del(&dev->dev) is done in nfc_unregister_device().
      Hence, the rfkill object is still possible be dereferenced.
      
      The crash trace in latest kernel (5.18-rc2):
      
      [   68.760105] ==================================================================
      [   68.760330] BUG: KASAN: use-after-free in __lock_acquire+0x3ec1/0x6750
      [   68.760756] Read of size 8 at addr ffff888009c93018 by task fuzz/313
      [   68.760756]
      [   68.760756] CPU: 0 PID: 313 Comm: fuzz Not tainted 5.18.0-rc2 #4
      [   68.760756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
      [   68.760756] Call Trace:
      [   68.760756]  <TASK>
      [   68.760756]  dump_stack_lvl+0x57/0x7d
      [   68.760756]  print_report.cold+0x5e/0x5db
      [   68.760756]  ? __lock_acquire+0x3ec1/0x6750
      [   68.760756]  kasan_report+0xbe/0x1c0
      [   68.760756]  ? __lock_acquire+0x3ec1/0x6750
      [   68.760756]  __lock_acquire+0x3ec1/0x6750
      [   68.760756]  ? lockdep_hardirqs_on_prepare+0x410/0x410
      [   68.760756]  ? register_lock_class+0x18d0/0x18d0
      [   68.760756]  lock_acquire+0x1ac/0x4f0
      [   68.760756]  ? rfkill_blocked+0xe/0x60
      [   68.760756]  ? lockdep_hardirqs_on_prepare+0x410/0x410
      [   68.760756]  ? mutex_lock_io_nested+0x12c0/0x12c0
      [   68.760756]  ? nla_get_range_signed+0x540/0x540
      [   68.760756]  ? _raw_spin_lock_irqsave+0x4e/0x50
      [   68.760756]  _raw_spin_lock_irqsave+0x39/0x50
      [   68.760756]  ? rfkill_blocked+0xe/0x60
      [   68.760756]  rfkill_blocked+0xe/0x60
      [   68.760756]  nfc_dev_up+0x84/0x260
      [   68.760756]  nfc_genl_dev_up+0x90/0xe0
      [   68.760756]  genl_family_rcv_msg_doit+0x1f4/0x2f0
      [   68.760756]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x230/0x230
      [   68.760756]  ? security_capable+0x51/0x90
      [   68.760756]  genl_rcv_msg+0x280/0x500
      [   68.760756]  ? genl_get_cmd+0x3c0/0x3c0
      [   68.760756]  ? lock_acquire+0x1ac/0x4f0
      [   68.760756]  ? nfc_genl_dev_down+0xe0/0xe0
      [   68.760756]  ? lockdep_hardirqs_on_prepare+0x410/0x410
      [   68.760756]  netlink_rcv_skb+0x11b/0x340
      [   68.760756]  ? genl_get_cmd+0x3c0/0x3c0
      [   68.760756]  ? netlink_ack+0x9c0/0x9c0
      [   68.760756]  ? netlink_deliver_tap+0x136/0xb00
      [   68.760756]  genl_rcv+0x1f/0x30
      [   68.760756]  netlink_unicast+0x430/0x710
      [   68.760756]  ? memset+0x20/0x40
      [   68.760756]  ? netlink_attachskb+0x740/0x740
      [   68.760756]  ? __build_skb_around+0x1f4/0x2a0
      [   68.760756]  netlink_sendmsg+0x75d/0xc00
      [   68.760756]  ? netlink_unicast+0x710/0x710
      [   68.760756]  ? netlink_unicast+0x710/0x710
      [   68.760756]  sock_sendmsg+0xdf/0x110
      [   68.760756]  __sys_sendto+0x19e/0x270
      [   68.760756]  ? __ia32_sys_getpeername+0xa0/0xa0
      [   68.760756]  ? fd_install+0x178/0x4c0
      [   68.760756]  ? fd_install+0x195/0x4c0
      [   68.760756]  ? kernel_fpu_begin_mask+0x1c0/0x1c0
      [   68.760756]  __x64_sys_sendto+0xd8/0x1b0
      [   68.760756]  ? lockdep_hardirqs_on+0xbf/0x130
      [   68.760756]  ? syscall_enter_from_user_mode+0x1d/0x50
      [   68.760756]  do_syscall_64+0x3b/0x90
      [   68.760756]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      [   68.760756] RIP: 0033:0x7f67fb50e6b3
      ...
      [   68.760756] RSP: 002b:00007f67fa91fe90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
      [   68.760756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67fb50e6b3
      [   68.760756] RDX: 000000000000001c RSI: 0000559354603090 RDI: 0000000000000003
      [   68.760756] RBP: 00007f67fa91ff00 R08: 00007f67fa91fedc R09: 000000000000000c
      [   68.760756] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffe824d496e
      [   68.760756] R13: 00007ffe824d496f R14: 00007f67fa120000 R15: 0000000000000003
      
      [   68.760756]  </TASK>
      [   68.760756]
      [   68.760756] Allocated by task 279:
      [   68.760756]  kasan_save_stack+0x1e/0x40
      [   68.760756]  __kasan_kmalloc+0x81/0xa0
      [   68.760756]  rfkill_alloc+0x7f/0x280
      [   68.760756]  nfc_register_device+0xa3/0x1a0
      [   68.760756]  nci_register_device+0x77a/0xad0
      [   68.760756]  nfcmrvl_nci_register_dev+0x20b/0x2c0
      [   68.760756]  nfcmrvl_nci_uart_open+0xf2/0x1dd
      [   68.760756]  nci_uart_tty_ioctl+0x2c3/0x4a0
      [   68.760756]  tty_ioctl+0x764/0x1310
      [   68.760756]  __x64_sys_ioctl+0x122/0x190
      [   68.760756]  do_syscall_64+0x3b/0x90
      [   68.760756]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      [   68.760756]
      [   68.760756] Freed by task 314:
      [   68.760756]  kasan_save_stack+0x1e/0x40
      [   68.760756]  kasan_set_track+0x21/0x30
      [   68.760756]  kasan_set_free_info+0x20/0x30
      [   68.760756]  __kasan_slab_free+0x108/0x170
      [   68.760756]  kfree+0xb0/0x330
      [   68.760756]  device_release+0x96/0x200
      [   68.760756]  kobject_put+0xf9/0x1d0
      [   68.760756]  nfc_unregister_device+0x77/0x190
      [   68.760756]  nfcmrvl_nci_unregister_dev+0x88/0xd0
      [   68.760756]  nci_uart_tty_close+0xdf/0x180
      [   68.760756]  tty_ldisc_kill+0x73/0x110
      [   68.760756]  tty_ldisc_hangup+0x281/0x5b0
      [   68.760756]  __tty_hangup.part.0+0x431/0x890
      [   68.760756]  tty_release+0x3a8/0xc80
      [   68.760756]  __fput+0x1f0/0x8c0
      [   68.760756]  task_work_run+0xc9/0x170
      [   68.760756]  exit_to_user_mode_prepare+0x194/0x1a0
      [   68.760756]  syscall_exit_to_user_mode+0x19/0x50
      [   68.760756]  do_syscall_64+0x48/0x90
      [   68.760756]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      This patch just add the null out of dev->rfkill to make sure such
      dereference cannot happen. This is safe since the device_lock() already
      protect the check/write from data race.
      
      Fixes: 3e3b5dfc ("NFC: reorder the logic in nfc_{un,}register_device")
      Signed-off-by: default avatarLin Ma <linma@zju.edu.cn>
      Reviewed-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1b0e8141
    • Guo Zhengkui's avatar
      ipv6: exthdrs: use swap() instead of open coding it · 5ee6ad1d
      Guo Zhengkui authored
      Address the following coccicheck warning:
      net/ipv6/exthdrs.c:620:44-45: WARNING opportunity for swap()
      
      by using swap() for the swapping of variable values and drop
      the tmp (`addr`) variable that is not needed any more.
      Signed-off-by: default avatarGuo Zhengkui <guozhengkui@vivo.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5ee6ad1d
    • Alaa Mohamed's avatar
      selftests: net: fib_rule_tests: add support to select a test to run · 816cda9a
      Alaa Mohamed authored
      Add boilerplate test loop in test to run all tests
      in fib_rule_tests.sh
      Signed-off-by: default avatarAlaa Mohamed <eng.alaamohamedsoliman.am@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      816cda9a
    • Lorenzo Bianconi's avatar
      net: ethernet: mtk_eth_soc: use standard property for cci-control-port · 4263f77a
      Lorenzo Bianconi authored
      Rely on standard cci-control-port property to identify CCI port
      reference.
      Update mt7622 dts binding.
      Signed-off-by: default avatarLorenzo Bianconi <lorenzo@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4263f77a
    • David S. Miller's avatar
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue · 17e415cf
      David S. Miller authored
      Tony Nguyen says:
      
      ====================
      40GbE Intel Wired LAN Driver Updates 2022-04-12
      
      This series contains updates to i40e and ice drivers.
      
      Joe Damato adds TSO support for MPLS packets on i40e and ice drivers. He
      also adds tracking and reporting of tx_stopped statistic for i40e.
      
      Nabil S. Alramli adds reporting of tx_restart to ethtool for i40e.
      
      Mateusz adds new device id support for i40e.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      17e415cf
    • David S. Miller's avatar
      Merge branch 'tls-rx-refactor-part-3' · 8f1c3850
      David S. Miller authored
      Jakub Kicinski says:
      
      ====================
      tls: rx: random refactoring part 3
      
      TLS Rx refactoring. Part 3 of 3. This set is mostly around rx_list
      and async processing. The last two patches are minor optimizations.
      A couple of features to follow.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8f1c3850
    • Jakub Kicinski's avatar
      tls: rx: only copy IV from the packet for TLS 1.2 · a4ae58cd
      Jakub Kicinski authored
      TLS 1.3 and ChaChaPoly don't carry IV in the packet.
      The code before this change would copy out iv_size
      worth of whatever followed the TLS header in the packet
      and then for TLS 1.3 | ChaCha overwrite that with
      the sequence number. Waste of cycles especially
      with TLS 1.2 being close to dead and TLS 1.3 being
      the common case.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a4ae58cd
    • Jakub Kicinski's avatar
      tls: rx: use MAX_IV_SIZE for allocations · f7d45f4b
      Jakub Kicinski authored
      IVs are 8 or 16 bytes, no point reading out the exact value
      for quantities this small.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f7d45f4b
    • Jakub Kicinski's avatar
      tls: rx: use async as an in-out argument · 3547a1f9
      Jakub Kicinski authored
      Propagating EINPROGRESS thru multiple layers of functions is
      error prone. Use darg->async as an in/out argument, like we
      use darg->zc today. On input it tells the code if async is
      allowed, on output if it took place.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3547a1f9
    • Jakub Kicinski's avatar
      tls: rx: return the already-copied data on crypto error · f314bfee
      Jakub Kicinski authored
      async crypto handler will report the socket error no need
      to report it again. We can, however, let the data we already
      copied be reported to user space but we need to make sure
      the error will be reported next time around.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f314bfee
    • Jakub Kicinski's avatar
      tls: rx: treat process_rx_list() errors as transient · 4dcdd971
      Jakub Kicinski authored
      process_rx_list() only fails if it can't copy data to user
      space. There is no point recording the error onto sk->sk_err
      or giving up on the data which was read partially. Treat
      the return value like a normal socket partial read.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4dcdd971
    • Jakub Kicinski's avatar
      tls: rx: assume crypto always calls our callback · 1c699ffa
      Jakub Kicinski authored
      If crypto didn't always invoke our callback for async
      we'd not be clearing skb->sk and would crash in the
      skb core when freeing it. This if must be dead code.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1c699ffa
    • Jakub Kicinski's avatar
      tls: rx: don't handle TLS 1.3 in the async crypto callback · 72f3ad73
      Jakub Kicinski authored
      Async crypto never worked with TLS 1.3 and was explicitly disabled in
      commit 8497ded2 ("net/tls: Disable async decrytion for tls1.3").
      There's no need for us to handle TLS 1.3 padding in the async cb.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      72f3ad73
    • Jakub Kicinski's avatar
      tls: rx: move counting TlsDecryptErrors for sync · 284b4d93
      Jakub Kicinski authored
      Move counting TlsDecryptErrors to tls_do_decryption()
      where differences between sync and async crypto are
      reconciled.
      
      No functional changes, this code just always gave
      me a pause.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      284b4d93
    • Jakub Kicinski's avatar
      tls: rx: reuse leave_on_list label for psock · 0775639c
      Jakub Kicinski authored
      The code is identical, we can save a few LoC.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0775639c
    • Jakub Kicinski's avatar
      tls: rx: consistently use unlocked accessors for rx_list · a30295c4
      Jakub Kicinski authored
      rx_list is protected by the socket lock, no need to take
      the built-in spin lock on accesses.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a30295c4
  2. 12 Apr, 2022 13 commits