| Message ID | 6da95c0d469415ee62cc23ce72227f8d058400bc.1696596130.git.sd@queasysnail.net (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 1a074f7618e8b82a7cebf45df6e005d2284446ce |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | net: tls: various code cleanups and improvements | expand |
On Mon, 9 Oct 2023 22:50:48 +0200 Sabrina Dubroca wrote: > + if (mode == TLS_HW) { > + prot->aad_size = 0; > + prot->tail_size = 0; > + } Strange, tail_size doesn't matter because HW doesn't support TLS 1.3 but aad_size? Is it overwritten by SW init or something?
On 09/10/2023 23:50, Sabrina Dubroca wrote: > Most values are shared. Nonce size turns out to be equal to IV size > for all offloadable ciphers. > > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> > --- > net/tls/tls.h | 4 ++++ > net/tls/tls_device.c | 14 ++++---------- > net/tls/tls_sw.c | 14 ++++++++++---- > 3 files changed, 18 insertions(+), 14 deletions(-) > Hi, FYI, we caught some new failures in kTLS device-offload traffic, bisected to this patch. We're trying to collect more info and analyze... Regards, Tariq
2023-10-13, 14:23:07 -0700, Jakub Kicinski wrote: > On Mon, 9 Oct 2023 22:50:48 +0200 Sabrina Dubroca wrote: > > + if (mode == TLS_HW) { > > + prot->aad_size = 0; > > + prot->tail_size = 0; > > + } > > Strange, tail_size doesn't matter because HW doesn't support TLS 1.3 > but aad_size? Is it overwritten by SW init or something? For RX, yes, tls_set_device_offload_rx -> tls_set_sw_offload -> init_prot_info(mode=TLS_SW). But aad_size is not used in tls_device_reencrypt, maybe because (for both GCM variants) TLS_HEADER_SIZE + cipher_desc->iv == TLS_AAD_SPACE_SIZE For TX, it looks like tls_device_fallback hardcodes TLS_AAD_SPACE_SIZE where tls_sw would use prot->aad_size. tls_device doesn't use either. Actually this patch is broken. If we set TLS_RX to TLS_SW first (for example because we disabled tls-hw-rx-offload with ethtool), and TLS_TX to TLS_HW second, that will set aad_size to 0, but RX needs it to be set. I'll send a fix to drop this hunk completely. Thanks for reviewing.
diff --git a/net/tls/tls.h b/net/tls/tls.h index 16830aa2d6ec..756ed6cbc3df 100644 --- a/net/tls/tls.h +++ b/net/tls/tls.h @@ -142,6 +142,10 @@ void update_sk_prot(struct sock *sk, struct tls_context *ctx); int wait_on_pending_writer(struct sock *sk, long *timeo); void tls_err_abort(struct sock *sk, int err); +int init_prot_info(struct tls_prot_info *prot, + const struct tls_crypto_info *crypto_info, + const struct tls_cipher_desc *cipher_desc, + int mode); int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx); void tls_update_rx_zc_capable(struct tls_context *tls_ctx); void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx); diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 0981496c6294..3d73dd97e903 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1076,20 +1076,14 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx) goto release_netdev; } + rc = init_prot_info(prot, crypto_info, cipher_desc, TLS_HW); + if (rc) + goto release_netdev; + iv = crypto_info_iv(crypto_info, cipher_desc); rec_seq = crypto_info_rec_seq(crypto_info, cipher_desc); - prot->version = crypto_info->version; - prot->cipher_type = crypto_info->cipher_type; - prot->prepend_size = TLS_HEADER_SIZE + cipher_desc->iv; - prot->tag_size = cipher_desc->tag; - prot->overhead_size = prot->prepend_size + prot->tag_size; - prot->iv_size = cipher_desc->iv; - prot->salt_size = cipher_desc->salt; - memcpy(ctx->tx.iv + cipher_desc->salt, iv, cipher_desc->iv); - - prot->rec_seq_size = cipher_desc->rec_seq; memcpy(ctx->tx.rec_seq, rec_seq, cipher_desc->rec_seq); start_marker_record = kmalloc(sizeof(*start_marker_record), GFP_KERNEL); diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index b8e89bbb4a49..0995d3d14f4b 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2620,9 +2620,10 @@ static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx) return sw_ctx_rx; } -static int init_prot_info(struct tls_prot_info *prot, - const struct tls_crypto_info *crypto_info, - const struct tls_cipher_desc *cipher_desc) +int init_prot_info(struct tls_prot_info *prot, + const struct tls_crypto_info *crypto_info, + const struct tls_cipher_desc *cipher_desc, + int mode) { u16 nonce_size = cipher_desc->nonce; @@ -2635,6 +2636,11 @@ static int init_prot_info(struct tls_prot_info *prot, prot->tail_size = 0; } + if (mode == TLS_HW) { + prot->aad_size = 0; + prot->tail_size = 0; + } + /* Sanity-check the sizes for stack allocations. */ if (nonce_size > TLS_MAX_IV_SIZE || prot->aad_size > TLS_MAX_AAD_SIZE) return -EINVAL; @@ -2696,7 +2702,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) goto free_priv; } - rc = init_prot_info(prot, crypto_info, cipher_desc); + rc = init_prot_info(prot, crypto_info, cipher_desc, TLS_SW); if (rc) goto free_priv;
Most values are shared. Nonce size turns out to be equal to IV size for all offloadable ciphers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> --- net/tls/tls.h | 4 ++++ net/tls/tls_device.c | 14 ++++---------- net/tls/tls_sw.c | 14 ++++++++++---- 3 files changed, 18 insertions(+), 14 deletions(-)