Commit 1c151fed authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge branch 'tls-rx-follow-ups-to-nopad' 

Jakub Kicinski says:

====================
tls: rx: follow-ups to NoPad

A few fixes for issues spotted by Maxim.
====================

Link: https://lore.kernel.org/r/20220709025255.323864-1-kuba@kernel.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 10c8fd2f 1d55f203

Documentation/networking/tls.rst

+4 −0
Original line number Diff line number Diff line
@@ -282,3 +282,7 @@ TLS implementation exposes the following per-namespace statistics 
  number of RX records which had to be re-decrypted due to

  ``TLS_RX_EXPECT_NO_PAD`` mis-prediction. Note that this counter will

  also increment for non-data records.



- ``TlsRxNoPadViolation`` -

  number of data RX records which had to be re-decrypted due to

  ``TLS_RX_EXPECT_NO_PAD`` mis-prediction.

include/uapi/linux/snmp.h

+2 −1
Original line number Diff line number Diff line
@@ -344,7 +344,8 @@ enum 
	LINUX_MIB_TLSRXDEVICE,			/* TlsRxDevice */

	LINUX_MIB_TLSDECRYPTERROR,		/* TlsDecryptError */

	LINUX_MIB_TLSRXDEVICERESYNC,		/* TlsRxDeviceResync */

	LINUX_MIN_TLSDECRYPTRETRY,		/* TlsDecryptRetry */

	LINUX_MIB_TLSDECRYPTRETRY,		/* TlsDecryptRetry */

	LINUX_MIB_TLSRXNOPADVIOL,		/* TlsRxNoPadViolation */

	__LINUX_MIB_TLSMAX

};

net/tls/tls_main.c

+4 −5
Original line number Diff line number Diff line
@@ -539,8 +539,7 @@ static int do_tls_getsockopt_no_pad(struct sock *sk, char __user *optval, 
				    int __user *optlen)

{

	struct tls_context *ctx = tls_get_ctx(sk);

	unsigned int value;

	int err, len;

	int value, len;



	if (ctx->prot_info.version != TLS_1_3_VERSION)

		return -EINVAL;
@@ -551,12 +550,12 @@ static int do_tls_getsockopt_no_pad(struct sock *sk, char __user *optval, 
		return -EINVAL;



	lock_sock(sk);

	err = -EINVAL;

	value = -EINVAL;

	if (ctx->rx_conf == TLS_SW || ctx->rx_conf == TLS_HW)

		value = ctx->rx_no_pad;

	release_sock(sk);

	if (err)

		return err;

	if (value < 0)

		return value;



	if (put_user(sizeof(value), optlen))

		return -EFAULT;

net/tls/tls_proc.c

+2 −1
Original line number Diff line number Diff line
@@ -20,7 +20,8 @@ static const struct snmp_mib tls_mib_list[] = { 
	SNMP_MIB_ITEM("TlsRxDevice", LINUX_MIB_TLSRXDEVICE),

	SNMP_MIB_ITEM("TlsDecryptError", LINUX_MIB_TLSDECRYPTERROR),

	SNMP_MIB_ITEM("TlsRxDeviceResync", LINUX_MIB_TLSRXDEVICERESYNC),

	SNMP_MIB_ITEM("TlsDecryptRetry", LINUX_MIN_TLSDECRYPTRETRY),

	SNMP_MIB_ITEM("TlsDecryptRetry", LINUX_MIB_TLSDECRYPTRETRY),

	SNMP_MIB_ITEM("TlsRxNoPadViolation", LINUX_MIB_TLSRXNOPADVIOL),

	SNMP_MIB_SENTINEL

};

net/tls/tls_sw.c

+3 −1
Original line number Diff line number Diff line
@@ -1596,7 +1596,9 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, 
	if (unlikely(darg->zc && prot->version == TLS_1_3_VERSION &&

		     darg->tail != TLS_RECORD_TYPE_DATA)) {

		darg->zc = false;

		TLS_INC_STATS(sock_net(sk), LINUX_MIN_TLSDECRYPTRETRY);

		if (!darg->tail)

			TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXNOPADVIOL);

		TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTRETRY);

		return decrypt_skb_update(sk, skb, dest, darg);

	}