5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski kuba@kernel.org
[ Upstream commit 71471ca32505afa7c3f7f6a8268716e1ddb81cd4 ]
Instead of tls_device poking into internals of the message return 1 from tls_device_decrypted() if the device handled the decryption.
Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: David S. Miller davem@davemloft.net Stable-dep-of: f7fa16d49837 ("tls: decrement decrypt_pending if no async completion will be called") Signed-off-by: Sasha Levin sashal@kernel.org --- net/tls/tls_device.c | 7 ++----- net/tls/tls_sw.c | 5 ++--- 2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index f23d18e666284..e7c361807590d 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -936,7 +936,6 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx, struct sk_buff *skb, struct strp_msg *rxm) { struct tls_offload_context_rx *ctx = tls_offload_ctx_rx(tls_ctx); - struct tls_msg *tlm = tls_msg(skb); int is_decrypted = skb->decrypted; int is_encrypted = !is_decrypted; struct sk_buff *skb_iter; @@ -951,11 +950,9 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx, tls_ctx->rx.rec_seq, rxm->full_len, is_encrypted, is_decrypted);
- tlm->decrypted |= is_decrypted; - if (unlikely(test_bit(TLS_RX_DEV_DEGRADED, &tls_ctx->flags))) { if (likely(is_encrypted || is_decrypted)) - return 0; + return is_decrypted;
/* After tls_device_down disables the offload, the next SKB will * likely have initial fragments decrypted, and final ones not @@ -970,7 +967,7 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx, */ if (is_decrypted) { ctx->resync_nh_reset = 1; - return 0; + return is_decrypted; } if (is_encrypted) { tls_device_core_ctrl_rx_resync(tls_ctx, ctx, sk, skb); diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7da17dd7c38b9..eed32ef3ca4a0 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1571,9 +1571,8 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, err = tls_device_decrypted(sk, tls_ctx, skb, rxm); if (err < 0) return err; - - /* skip SW decryption if NIC handled it already */ - if (tlm->decrypted) { + if (err > 0) { + tlm->decrypted = 1; *zc = false; goto decrypt_done; }