From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Tariq Toukan <tariqt@mellanox.com>,
Boris Pismenny <borisp@mellanox.com>,
Saeed Mahameed <saeedm@mellanox.com>
Subject: [PATCH 5.4 031/104] net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path
Date: Tue, 28 Jan 2020 14:59:52 +0100 [thread overview]
Message-ID: <20200128135821.569664814@linuxfoundation.org> (raw)
In-Reply-To: <20200128135817.238524998@linuxfoundation.org>
From: Tariq Toukan <tariqt@mellanox.com>
commit 342508c1c7540e281fd36151c175ba5ff954a99f upstream.
When TCP out-of-order is identified (unexpected tcp seq mismatch), driver
analyzes the packet and decides what handling should it get:
1. go to accelerated path (to be encrypted in HW),
2. go to regular xmit path (send w/o encryption),
3. drop.
Packets marked with skb->decrypted by the TLS stack in the TX flow skips
SW encryption, and rely on the HW offload.
Verify that such packets are never sent un-encrypted on the wire.
Add a WARN to catch such bugs, and prefer dropping the packet in these cases.
Fixes: 46a3ea98074e ("net/mlx5e: kTLS, Enhance TX resync flow")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 14 +++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
@@ -458,12 +458,18 @@ struct sk_buff *mlx5e_ktls_handle_tx_skb
enum mlx5e_ktls_sync_retval ret =
mlx5e_ktls_tx_handle_ooo(priv_tx, sq, datalen, seq);
- if (likely(ret == MLX5E_KTLS_SYNC_DONE))
+ switch (ret) {
+ case MLX5E_KTLS_SYNC_DONE:
*wqe = mlx5e_sq_fetch_wqe(sq, sizeof(**wqe), pi);
- else if (ret == MLX5E_KTLS_SYNC_FAIL)
+ break;
+ case MLX5E_KTLS_SYNC_SKIP_NO_DATA:
+ if (likely(!skb->decrypted))
+ goto out;
+ WARN_ON_ONCE(1);
+ /* fall-through */
+ default: /* MLX5E_KTLS_SYNC_FAIL */
goto err_out;
- else /* ret == MLX5E_KTLS_SYNC_SKIP_NO_DATA */
- goto out;
+ }
}
priv_tx->expected_seq = seq + datalen;
next prev parent reply other threads:[~2020-01-28 14:02 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-28 13:59 [PATCH 5.4 000/104] 5.4.16-stable review Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 001/104] can, slip: Protect tty->disc_data in write_wakeup and close with RCU Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 002/104] firestream: fix memory leaks Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 003/104] gtp: make sure only SOCK_DGRAM UDP sockets are accepted Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 004/104] ipv6: sr: remove SKB_GSO_IPXIP6 on End.D* actions Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 005/104] net: bcmgenet: Use netif_tx_napi_add() for TX NAPI Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 006/104] net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 007/104] net: ip6_gre: fix moving ip6gre between namespaces Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 008/104] net, ip6_tunnel: fix namespaces move Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 009/104] net, ip_tunnel: " Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 010/104] net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 011/104] net_sched: fix datalen for ematch Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 012/104] net_sched: use validated TCA_KIND attribute in tc_new_tfilter() Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 013/104] net-sysfs: Fix reference count leak Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 014/104] net: usb: lan78xx: Add .ndo_features_check Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 015/104] Revert "udp: do rmem bulk free even if the rx sk queue is empty" Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 016/104] tcp_bbr: improve arithmetic division in bbr_update_bw() Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 017/104] tcp: do not leave dangling pointers in tp->highest_sack Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 018/104] tun: add mutex_unlock() call and napi.skb clearing in tun_get_user() Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 019/104] airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 020/104] airo: Add missing CAP_NET_ADMIN check " Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 021/104] mlxsw: spectrum_acl: Fix use-after-free during reload Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 022/104] fou: Fix IPv6 netlink policy Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 023/104] net: Fix packet reordering caused by GRO and listified RX cooperation Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 024/104] net/mlx5: Fix lowest FDB pool size Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 025/104] net/mlx5: Update the list of the PCI supported devices Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 026/104] net/mlx5: DR, Enable counter on non-fwd-dest objects Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 027/104] net/mlx5: E-Switch, Prevent ingress rate configuration of uplink rep Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 028/104] net/mlx5: DR, use non preemptible call to get the current cpu number Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 029/104] net/mlx5e: kTLS, Fix corner-case checks in TX resync flow Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 030/104] net/mlx5e: kTLS, Remove redundant posts " Greg Kroah-Hartman
2020-01-28 13:59 ` Greg Kroah-Hartman [this message]
2020-01-28 13:59 ` [PATCH 5.4 032/104] ipv4: Detect rollover in specific fib table dump Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 033/104] Revert "io_uring: only allow submit from owning task" Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 034/104] afs: Fix characters allowed into cell names Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 035/104] hwmon: (adt7475) Make volt2reg return same reg as reg2volt input Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 036/104] hwmon: (core) Do not use device managed functions for memory allocations Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 037/104] ceph: hold extra reference to r_parent over life of request Greg Kroah-Hartman
2020-01-28 13:59 ` [PATCH 5.4 038/104] PCI: Mark AMD Navi14 GPU rev 0xc5 ATS as broken Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 039/104] drm/panfrost: Add the panfrost_gem_mapping concept Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 040/104] drm/i915: Align engine->uabi_class/instance with i915_drm.h Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 041/104] PM: hibernate: fix crashes with init_on_free=1 Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 042/104] tracing: trigger: Replace unneeded RCU-list traversals Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 043/104] tracing/uprobe: Fix double perf_event linking on multiprobe uprobe Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 044/104] tracing: Do not set trace clock if tracefs lockdown is in effect Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 045/104] tracing: Fix histogram code when expression has same var as value Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 046/104] powerpc/mm/hash: Fix sharing context ids between kernel & userspace Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 047/104] powerpc/xive: Discard ESB load value when interrupt is invalid Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 048/104] Revert "iwlwifi: mvm: fix scan config command size" Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 049/104] iwlwifi: mvm: dont send the IWL_MVM_RXQ_NSSN_SYNC notif to Rx queues Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 050/104] XArray: Fix infinite loop with entry at ULONG_MAX Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 051/104] XArray: Fix xa_find_after with multi-index entries Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 052/104] XArray: Fix xas_find returning too many entries Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 053/104] pinctrl: sunrisepoint: Add missing Interrupt Status register offset Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 054/104] iommu/vt-d: Call __dmar_remove_one_dev_info with valid pointer Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 055/104] Input: keyspan-remote - fix control-message timeouts Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 056/104] Revert "Input: synaptics-rmi4 - dont increment rmiaddr for SMBus transfers" Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 057/104] ARM: 8950/1: ftrace/recordmcount: filter relocation types Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 058/104] mmc: tegra: fix SDR50 tuning override Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 059/104] mmc: sdhci: fix minimum clock rate for v3 controller Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 060/104] mmc: sdhci_am654: Remove Inverted Write Protect flag Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 061/104] mmc: sdhci_am654: Reset Command and Data line after tuning Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 062/104] mlxsw: switchx2: Do not modify cloned SKBs during xmit Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 063/104] net/tls: fix async operation Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 064/104] Input: pm8xxx-vib - fix handling of separate enable register Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 065/104] Input: sur40 - fix interface sanity checks Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 066/104] Input: gtco - fix endpoint sanity check Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 067/104] Input: aiptek " Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 068/104] Input: pegasus_notetaker " Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 069/104] Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 070/104] netfilter: nft_osf: add missing check for DREG attribute Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 071/104] lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 072/104] iommu/amd: Fix IOMMU perf counter clobbering during init Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 073/104] readdir: make user_access_begin() use the real access range Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 074/104] leds: gpio: Fix uninitialized gpio label for fwnode based probe Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 075/104] hsr: Fix a compilation error Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 076/104] hwmon: (nct7802) Fix voltage limits to wrong registers Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 077/104] hwmon: (nct7802) Fix non-working alarm on voltages Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 078/104] scsi: RDMA/isert: Fix a recently introduced regression related to logout Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 079/104] tracing: xen: Ordered comparison of function pointers Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 080/104] iwlwifi: mvm: fix SKB leak on invalid queue Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 081/104] iwlwifi: mvm: fix potential SKB leak on TXQ TX Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 082/104] drm/i915/userptr: fix size calculation Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 083/104] xfrm: support output_mark for offload ESP packets Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 084/104] net, sk_msg: Dont check if sock is locked when tearing down psock Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 085/104] do_last(): fetch directory ->i_mode and ->i_uid before its too late Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 086/104] readdir: be more conservative with directory entry names Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 087/104] net/sonic: Add mutual exclusion for accessing shared state Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 088/104] net/sonic: Clear interrupt flags immediately Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 089/104] net/sonic: Use MMIO accessors Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 090/104] net/sonic: Fix interface error stats collection Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 091/104] net/sonic: Fix receive buffer handling Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 092/104] net/sonic: Avoid needless receive descriptor EOL flag updates Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 093/104] net/sonic: Improve receive descriptor status flag check Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 094/104] net/sonic: Fix receive buffer replenishment Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 095/104] net/sonic: Quiesce SONIC before re-initializing descriptor memory Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 096/104] net/sonic: Fix command register usage Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 097/104] net/sonic: Fix CAM initialization Greg Kroah-Hartman
2020-01-28 14:00 ` [PATCH 5.4 098/104] net/sonic: Prevent tx watchdog timeout Greg Kroah-Hartman
2020-01-28 14:01 ` [PATCH 5.4 099/104] libertas: Fix two buffer overflows at parsing bss descriptor Greg Kroah-Hartman
2020-01-28 14:01 ` [PATCH 5.4 100/104] media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT Greg Kroah-Hartman
2020-01-28 14:01 ` [PATCH 5.4 101/104] netfilter: ipset: use bitmap infrastructure completely Greg Kroah-Hartman
2020-01-28 14:01 ` [PATCH 5.4 102/104] netfilter: nf_tables: add __nft_chain_type_get() Greg Kroah-Hartman
2020-01-28 14:01 ` [PATCH 5.4 103/104] netfilter: nf_tables: autoload modules from the abort path Greg Kroah-Hartman
2020-01-28 14:01 ` [PATCH 5.4 104/104] net/x25: fix nonblocking connect Greg Kroah-Hartman
2020-01-28 23:00 ` [PATCH 5.4 000/104] 5.4.16-stable review shuah
2020-01-29 6:17 ` Greg Kroah-Hartman
2020-01-29 4:57 ` Naresh Kamboju
2020-01-29 6:18 ` Greg Kroah-Hartman
2020-01-29 13:16 ` Jon Hunter
2020-01-29 13:43 ` Greg Kroah-Hartman
2020-01-29 14:43 ` Guenter Roeck
2020-01-29 15:36 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200128135821.569664814@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=borisp@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=saeedm@mellanox.com \
--cc=stable@vger.kernel.org \
--cc=tariqt@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).