Commit 4175eac3 authored by Jakub Kicinski's avatar Jakub Kicinski Committed by David S. Miller
Browse files

tls: rx: wrap decryption arguments in a structure 



We pass zc as a pointer to bool a few functions down as an in/out
argument. This is error prone since C will happily evalue a pointer
as a boolean (IOW forgetting *zc and writing zc leads to loss of
developer time..). Wrap the arguments into a structure.

Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9bdf75cc

net/tls/tls_sw.c

+27 −22
Original line number Diff line number Diff line
@@ -44,6 +44,11 @@ 
#include <net/strparser.h>

#include <net/tls.h>



struct tls_decrypt_arg {

	bool zc;

	bool async;

};



noinline void tls_err_abort(struct sock *sk, int err)

{

	WARN_ON_ONCE(err >= 0);
@@ -1412,7 +1417,7 @@ static int tls_setup_from_iter(struct iov_iter *from, 
static int decrypt_internal(struct sock *sk, struct sk_buff *skb,

			    struct iov_iter *out_iov,

			    struct scatterlist *out_sg,

			    bool *zc, bool async)

			    struct tls_decrypt_arg *darg)

{

	struct tls_context *tls_ctx = tls_get_ctx(sk);

	struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
@@ -1429,7 +1434,7 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, 
			     prot->tail_size;

	int iv_offset = 0;



	if (*zc && (out_iov || out_sg)) {

	if (darg->zc && (out_iov || out_sg)) {

		if (out_iov)

			n_sgout = 1 +

				iov_iter_npages_cap(out_iov, INT_MAX, data_len);
@@ -1439,7 +1444,7 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, 
				 rxm->full_len - prot->prepend_size);

	} else {

		n_sgout = 0;

		*zc = false;

		darg->zc = false;

		n_sgin = skb_cow_data(skb, 0, &unused);

	}
@@ -1535,12 +1540,12 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, 
fallback_to_reg_recv:

		sgout = sgin;

		pages = 0;

		*zc = false;

		darg->zc = false;

	}



	/* Prepare and submit AEAD request */

	err = tls_do_decryption(sk, skb, sgin, sgout, iv,

				data_len, aead_req, async);

				data_len, aead_req, darg->async);

	if (err == -EINPROGRESS)

		return err;
@@ -1553,7 +1558,8 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, 
}



static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,

			      struct iov_iter *dest, bool *zc, bool async)

			      struct iov_iter *dest,

			      struct tls_decrypt_arg *darg)

{

	struct tls_context *tls_ctx = tls_get_ctx(sk);

	struct tls_prot_info *prot = &tls_ctx->prot_info;
@@ -1562,7 +1568,7 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, 
	int pad, err;



	if (tlm->decrypted) {

		*zc = false;

		darg->zc = false;

		return 0;

	}
@@ -1572,12 +1578,12 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, 
			return err;

		if (err > 0) {

			tlm->decrypted = 1;

			*zc = false;

			darg->zc = false;

			goto decrypt_done;

		}

	}



	err = decrypt_internal(sk, skb, dest, NULL, zc, async);

	err = decrypt_internal(sk, skb, dest, NULL, darg);

	if (err < 0) {

		if (err == -EINPROGRESS)

			tls_advance_record_sn(sk, prot, &tls_ctx->rx);
@@ -1603,9 +1609,9 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, 
int decrypt_skb(struct sock *sk, struct sk_buff *skb,

		struct scatterlist *sgout)

{

	bool zc = true;

	struct tls_decrypt_arg darg = { .zc = true, };



	return decrypt_internal(sk, skb, NULL, sgout, &zc, false);

	return decrypt_internal(sk, skb, NULL, sgout, &darg);

}



static bool tls_sw_advance_skb(struct sock *sk, struct sk_buff *skb,
@@ -1794,11 +1800,10 @@ int tls_sw_recvmsg(struct sock *sk, 
	decrypted = 0;

	num_async = 0;

	while (len && (decrypted + copied < target || ctx->recv_pkt)) {

		struct tls_decrypt_arg darg = {};

		bool retain_skb = false;

		int to_decrypt, chunk;

		bool zc = false;

		bool async_capable;

		bool async = false;

		bool async;



		skb = tls_wait_data(sk, psock, flags & MSG_DONTWAIT, timeo, &err);

		if (!skb) {
@@ -1824,16 +1829,15 @@ int tls_sw_recvmsg(struct sock *sk, 
		    tlm->control == TLS_RECORD_TYPE_DATA &&

		    prot->version != TLS_1_3_VERSION &&

		    !bpf_strp_enabled)

			zc = true;

			darg.zc = true;



		/* Do not use async mode if record is non-data */

		if (tlm->control == TLS_RECORD_TYPE_DATA && !bpf_strp_enabled)

			async_capable = ctx->async_capable;

			darg.async = ctx->async_capable;

		else

			async_capable = false;

			darg.async = false;



		err = decrypt_skb_update(sk, skb, &msg->msg_iter,

					 &zc, async_capable);

		err = decrypt_skb_update(sk, skb, &msg->msg_iter, &darg);

		if (err < 0 && err != -EINPROGRESS) {

			tls_err_abort(sk, -EBADMSG);

			goto recv_end;
@@ -1879,7 +1883,7 @@ int tls_sw_recvmsg(struct sock *sk, 
		/* TLS 1.3 may have updated the length by more than overhead */

		chunk = rxm->full_len;



		if (!zc) {

		if (!darg.zc) {

			if (bpf_strp_enabled) {

				err = sk_psock_tls_strp_read(psock, skb);

				if (err != __SK_PASS) {
@@ -1996,7 +2000,6 @@ ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos, 
	int err = 0;

	long timeo;

	int chunk;

	bool zc = false;



	lock_sock(sk);
@@ -2006,12 +2009,14 @@ ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos, 
	if (from_queue) {

		skb = __skb_dequeue(&ctx->rx_list);

	} else {

		struct tls_decrypt_arg darg = {};



		skb = tls_wait_data(sk, NULL, flags & SPLICE_F_NONBLOCK, timeo,

				    &err);

		if (!skb)

			goto splice_read_end;



		err = decrypt_skb_update(sk, skb, NULL, &zc, false);

		err = decrypt_skb_update(sk, skb, NULL, &darg);

		if (err < 0) {

			tls_err_abort(sk, -EBADMSG);

			goto splice_read_end;