forked from Minki/linux
tls: rx: factor out device darg update
I already forgot to transform darg from input to output semantics once on the NIC inline crypto fastpath. To avoid this happening again create a device equivalent of decrypt_internal(). A function responsible for decryption and transforming darg. While at it rename decrypt_internal() to a hopefully slightly more meaningful name. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
53d57999fe
commit
8a95873281
@ -1404,18 +1404,27 @@ out:
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Decrypt handlers
|
||||
*
|
||||
* tls_decrypt_sg() and tls_decrypt_device() are decrypt handlers.
|
||||
* They must transform the darg in/out argument are as follows:
|
||||
* | Input | Output
|
||||
* -------------------------------------------------------------------
|
||||
* zc | Zero-copy decrypt allowed | Zero-copy performed
|
||||
* async | Async decrypt allowed | Async crypto used / in progress
|
||||
*/
|
||||
|
||||
/* This function decrypts the input skb into either out_iov or in out_sg
|
||||
* or in skb buffers itself. The input parameter 'zc' indicates if
|
||||
* or in skb buffers itself. The input parameter 'darg->zc' indicates if
|
||||
* zero-copy mode needs to be tried or not. With zero-copy mode, either
|
||||
* out_iov or out_sg must be non-NULL. In case both out_iov and out_sg are
|
||||
* NULL, then the decryption happens inside skb buffers itself, i.e.
|
||||
* zero-copy gets disabled and 'zc' is updated.
|
||||
* zero-copy gets disabled and 'darg->zc' is updated.
|
||||
*/
|
||||
|
||||
static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
|
||||
struct iov_iter *out_iov,
|
||||
struct scatterlist *out_sg,
|
||||
struct tls_decrypt_arg *darg)
|
||||
static int tls_decrypt_sg(struct sock *sk, struct sk_buff *skb,
|
||||
struct iov_iter *out_iov,
|
||||
struct scatterlist *out_sg,
|
||||
struct tls_decrypt_arg *darg)
|
||||
{
|
||||
struct tls_context *tls_ctx = tls_get_ctx(sk);
|
||||
struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
|
||||
@ -1556,6 +1565,24 @@ exit_free:
|
||||
return err;
|
||||
}
|
||||
|
||||
static int
|
||||
tls_decrypt_device(struct sock *sk, struct tls_context *tls_ctx,
|
||||
struct sk_buff *skb, struct tls_decrypt_arg *darg)
|
||||
{
|
||||
int err;
|
||||
|
||||
if (tls_ctx->rx_conf != TLS_HW)
|
||||
return 0;
|
||||
|
||||
err = tls_device_decrypted(sk, tls_ctx, skb, strp_msg(skb));
|
||||
if (err <= 0)
|
||||
return err;
|
||||
|
||||
darg->zc = false;
|
||||
darg->async = false;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
|
||||
struct iov_iter *dest,
|
||||
struct tls_decrypt_arg *darg)
|
||||
@ -1565,18 +1592,13 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
|
||||
struct strp_msg *rxm = strp_msg(skb);
|
||||
int pad, err;
|
||||
|
||||
if (tls_ctx->rx_conf == TLS_HW) {
|
||||
err = tls_device_decrypted(sk, tls_ctx, skb, rxm);
|
||||
if (err < 0)
|
||||
return err;
|
||||
if (err > 0) {
|
||||
darg->zc = false;
|
||||
darg->async = false;
|
||||
goto decrypt_done;
|
||||
}
|
||||
}
|
||||
err = tls_decrypt_device(sk, tls_ctx, skb, darg);
|
||||
if (err < 0)
|
||||
return err;
|
||||
if (err)
|
||||
goto decrypt_done;
|
||||
|
||||
err = decrypt_internal(sk, skb, dest, NULL, darg);
|
||||
err = tls_decrypt_sg(sk, skb, dest, NULL, darg);
|
||||
if (err < 0) {
|
||||
if (err == -EBADMSG)
|
||||
TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
|
||||
@ -1613,7 +1635,7 @@ int decrypt_skb(struct sock *sk, struct sk_buff *skb,
|
||||
{
|
||||
struct tls_decrypt_arg darg = { .zc = true, };
|
||||
|
||||
return decrypt_internal(sk, skb, NULL, sgout, &darg);
|
||||
return tls_decrypt_sg(sk, skb, NULL, sgout, &darg);
|
||||
}
|
||||
|
||||
static int tls_record_content_type(struct msghdr *msg, struct tls_msg *tlm,
|
||||
|
Loading…
Reference in New Issue
Block a user