From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=q6Zc=QS=vger.kernel.org=netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,
	SIGNED_OFF_BY,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 26041C169C4
	for <netdev@archiver.kernel.org>; Mon, 11 Feb 2019 11:31:11 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id A6A59214DA
	for <netdev@archiver.kernel.org>; Mon, 11 Feb 2019 11:31:10 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b="vwYv3nMc"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726378AbfBKLbJ (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Mon, 11 Feb 2019 06:31:09 -0500
Received: from mail-eopbgr30063.outbound.protection.outlook.com ([40.107.3.63]:41440
        "EHLO EUR03-AM5-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726041AbfBKLbJ (ORCPT <rfc822;netdev@vger.kernel.org>);
        Mon, 11 Feb 2019 06:31:09 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=6ss9Q3efaUmyAi5GyGShB74nl5bc2v/6goIz+ypYAs8=;
 b=vwYv3nMcQawgs5OTX8un14MvG5aUfiSH/F6JoOAA50KvOt74yfn8jeVXNoREpoomAvTqG9DgueDDCEp5NQsG1oeM1Cl2jr1FuLgmMvYO+TtKRMQ3p5D1c9t16jXcIz0s0QXDaksFscM9aVAZXNED6pCJSFP/9RSB0CrJHefvzsY=
Received: from DB7PR04MB4252.eurprd04.prod.outlook.com (52.135.131.26) by
 DB7PR04MB5995.eurprd04.prod.outlook.com (20.178.107.84) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1601.22; Mon, 11 Feb 2019 11:31:05 +0000
Received: from DB7PR04MB4252.eurprd04.prod.outlook.com
 ([fe80::579:53a:ce74:16d7]) by DB7PR04MB4252.eurprd04.prod.outlook.com
 ([fe80::579:53a:ce74:16d7%3]) with mapi id 15.20.1601.023; Mon, 11 Feb 2019
 11:31:05 +0000
From:   Vakul Garg <vakul.garg@nxp.com>
To:     "netdev@vger.kernel.org" <netdev@vger.kernel.org>
CC:     "borisp@mellanox.com" <borisp@mellanox.com>,
        "aviadye@mellanox.com" <aviadye@mellanox.com>,
        "davejwatson@fb.com" <davejwatson@fb.com>,
        "davem@davemloft.net" <davem@davemloft.net>,
        "doronrk@fb.com" <doronrk@fb.com>, Vakul Garg <vakul.garg@nxp.com>
Subject: [PATCH net-next] net/tls: Do not use async crypto for non-data
 records
Thread-Topic: [PATCH net-next] net/tls: Do not use async crypto for non-data
 records
Thread-Index: AQHUwf1GYvpFQnCJwESQzDvrHG98tA==
Date:   Mon, 11 Feb 2019 11:31:05 +0000
Message-ID: <20190211112845.27747-1-vakul.garg@nxp.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-clientproxiedby: BM1PR0101CA0025.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:b00:1a::11) To DB7PR04MB4252.eurprd04.prod.outlook.com
 (2603:10a6:5:27::26)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=vakul.garg@nxp.com; 
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: git-send-email 2.13.6
x-originating-ip: [92.120.1.70]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;DB7PR04MB5995;6:9c0HXIKFLmtscTSxpIryXemm8NZZyqhYA5lIoIXOYGd7fd48CQlZwXJ5XmsrhiVs8ImQltjtk/qK6koVqg2MmBLMvBVniEzKF6pZ/f2IG7rj0HAZfvqQoHvunObe8xmSypNRF1z/3lXoT0NuP7Svl0GaYJ28bbYQvbl/L36NFgxOeJMqzzh9sbZx7S8i+Z7qpBiQueFuzdpP3KKEnjlX9UoIKzjDG4bGFH5zR0M1J+19cUfXyNHaQZshbNS0HncoF8RKE+yRBSJgN6KKj0ufGb10+/tPUDNCVct3zDk0M8wGb36tFGFoxxNnSkdRlssi2YUVQQpmny1dDeTNM20RqQUNfrBqH6+NdBACaTEpZAbB43dh8lqtED7fAFX2HDe7yCXbJzL1ypIE4C0Y0KB0TiHz5cA5GStMxt8A3zx9YLQTxHGUfjqcGJrg2wywvYd7n3cgi9yYMK0aGVK1+AFIoQ==;5:2rcoipQ5395xKHt6qkdSmt1yKMCMleDckVtKJAVdm4NxQ+OYSWAcSS4Qiam+WCHO9yFIo9d5nxk2gt3aPZT9py8h7HOMAmgzcA5OdETw9yYTaflrEbRvAKYvebAUxwaVxcJfMBefGhWJcs/uRkbBWthkmxMnlAu8lt1EwTYWT2cy7vFcTJHG3Zs+t+28Ayoh8zrayUfOZxl0efdoazznbw==;7:unLwxMITPz2SOo8OuBOIBrT7WWkdKlxLScGZFDT/913wOSq+197vM4DTQKHEgAl93jjJnibQPxCbsIxhJAJIvI8IXkNqWYpMSm0zbvoAcJ2cjIs95SKh0gHJHaFUCDO9C3ruQdCbrMKpnbwehLRFwA==
x-ms-office365-filtering-correlation-id: bf3de6fa-fefd-4634-bd23-08d6901468a1
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4618075)(2017052603328)(7153060)(7193020);SRVR:DB7PR04MB5995;
x-ms-traffictypediagnostic: DB7PR04MB5995:
x-microsoft-antispam-prvs: <DB7PR04MB59958A344ABA25A7A595051B8B640@DB7PR04MB5995.eurprd04.prod.outlook.com>
x-forefront-prvs: 0945B0CC72
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(39860400002)(366004)(136003)(396003)(346002)(376002)(199004)(189003)(2616005)(44832011)(2351001)(486006)(476003)(68736007)(305945005)(54906003)(316002)(36756003)(66066001)(102836004)(186003)(52116002)(6486002)(105586002)(106356001)(26005)(99286004)(6506007)(386003)(2906002)(6436002)(14454004)(6512007)(53936002)(6916009)(5640700003)(3846002)(6116002)(86362001)(8676002)(81166006)(4326008)(71190400001)(71200400001)(7736002)(1730700003)(81156014)(478600001)(2501003)(97736004)(256004)(14444005)(25786009)(1076003)(8936002)(50226002);DIR:OUT;SFP:1101;SCL:1;SRVR:DB7PR04MB5995;H:DB7PR04MB4252.eurprd04.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
received-spf: None (protection.outlook.com: nxp.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: kclUwOCsU8+eK8h8vCmIMQz5/BmQrHzpk1bLgFaVU8GvKuQ9jtckkJH56wBpLTJZZYhMM/rxcYJImlkQs8WjYPH02bM0lTtIvMSBD1H6h0kjCrO7xjRmmCoWW2QmujSiNE891kLcpSOle0Sxr6hHIY0+bctLjwzRPYXCl8H1dz43EEdVO8hpAMi4gK+7XGbzP+bRUL49kumqKzVqgeZpPnctBYxN1+geSzhS5zAgbY+bpjpN4Nyddagx4JdkgkwOjiNrUNRSgYxYLImO8lmy5GR1+QXi7N928SPSL2wkQlfltRXZjkqDFnKoM6DtXZNnPZVcJIddtMZoElDU8gi42qEhDjA0htJgRTWnHw+JdKn9aP2hf6k6F/gasMNdw6frNS6RrwmZu2n/PYctbSedY0elPzWEbmZKN9eroy9pMQg=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bf3de6fa-fefd-4634-bd23-08d6901468a1
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2019 11:31:03.4559
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR04MB5995
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Addition of tls1.3 support broke tls1.2 handshake when async crypto
accelerator is used. This is because the record type for non-data
records is not propagated to user application. Also when async
decryption happens, the decryption does not stop when two different
types of records get dequeued and submitted for decryption. To address
it, we decrypt tls1.2 non-data records in synchronous way. We check
whether the record we just processed has same type as the previous one
before checking for async condition and jumping to dequeue next record.

Fixes: 130b392c6cd6b ("net: tls: Add tls 1.3 support")
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
---
 net/tls/tls_sw.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index fe8c287cbaa1..ae4784734547 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1645,10 +1645,10 @@ int tls_sw_recvmsg(struct sock *sk,
=20
 	do {
 		bool retain_skb =3D false;
-		bool async =3D false;
 		bool zc =3D false;
 		int to_decrypt;
 		int chunk =3D 0;
+		bool async;
=20
 		skb =3D tls_wait_data(sk, psock, flags, timeo, &err);
 		if (!skb) {
@@ -1674,18 +1674,21 @@ int tls_sw_recvmsg(struct sock *sk,
 		    tls_ctx->crypto_recv.info.version !=3D TLS_1_3_VERSION)
 			zc =3D true;
=20
+		/* Do not use async mode if record is non-data */
+		if (ctx->control =3D=3D TLS_RECORD_TYPE_DATA)
+			async =3D ctx->async_capable;
+		else
+			async =3D false;
+
 		err =3D decrypt_skb_update(sk, skb, &msg->msg_iter,
-					 &chunk, &zc, ctx->async_capable);
+					 &chunk, &zc, async);
 		if (err < 0 && err !=3D -EINPROGRESS) {
 			tls_err_abort(sk, EBADMSG);
 			goto recv_end;
 		}
=20
-		if (err =3D=3D -EINPROGRESS) {
-			async =3D true;
+		if (err =3D=3D -EINPROGRESS)
 			num_async++;
-			goto pick_next_record;
-		}
=20
 		if (!cmsg) {
 			int cerr;
@@ -1704,6 +1707,9 @@ int tls_sw_recvmsg(struct sock *sk,
 			goto recv_end;
 		}
=20
+		if (async)
+			goto pick_next_record;
+
 		if (!zc) {
 			if (rxm->full_len > len) {
 				retain_skb =3D true;
--=20
2.13.6