netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Vakul Garg <vakul.garg@nxp.com>
To: Boris Pismenny <borisp@mellanox.com>,
	"aviadye@mellanox.com" <aviadye@mellanox.com>,
	"davejwatson@fb.com" <davejwatson@fb.com>,
	"john.fastabend@gmail.com" <john.fastabend@gmail.com>,
	"daniel@iogearbox.net" <daniel@iogearbox.net>,
	"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Cc: "eranbe@mellanox.com" <eranbe@mellanox.com>
Subject: RE: [PATCH net 3/4] tls: Fix mixing between async capable and async
Date: Tue, 26 Feb 2019 12:38:07 +0000	[thread overview]
Message-ID: <DB7PR04MB4252FD5C491CA99AF45BD10C8B7B0@DB7PR04MB4252.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <20190226121235.20784-4-borisp@mellanox.com>



> -----Original Message-----
> From: Boris Pismenny <borisp@mellanox.com>
> Sent: Tuesday, February 26, 2019 5:43 PM
> To: aviadye@mellanox.com; davejwatson@fb.com;
> john.fastabend@gmail.com; daniel@iogearbox.net; Vakul Garg
> <vakul.garg@nxp.com>; netdev@vger.kernel.org
> Cc: eranbe@mellanox.com; borisp@mellanox.com
> Subject: [PATCH net 3/4] tls: Fix mixing between async capable and async
> 
> From: Eran Ben Elisha <eranbe@mellanox.com>
> 
> Today, tls_sw_recvmsg is capable of using asynchronous mode to handle
> application data TLS records. Moreover, it assumes that if the cipher can be
> handled asynchronously, then all packets will be processed asynchronously.
> 
> However, this assumption is not always true. 

Could you please elaborate, what happens?

> Specifically, for AES-GCM in
> TLS1.2, it causes data corruption, and breaks user applications.
> 
> This patch fixes this problem by separating the async capability from the
> decryption operation result.
> 
> Fixes: c0ab4732d4c6 ("net/tls: Do not use async crypto for non-data
> records")
> Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
> Reviewed-by: Boris Pismenny <borisp@mellanox.com>
> ---
>  net/tls/tls_sw.c | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
> 
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index
> 4afa67b00aaf..f515cd7e984e 100644
> --- a/net/tls/tls_sw.c
> +++ b/net/tls/tls_sw.c
> @@ -1693,7 +1693,8 @@ int tls_sw_recvmsg(struct sock *sk,
>  		bool zc = false;
>  		int to_decrypt;
>  		int chunk = 0;
> -		bool async;
> +		bool async_capable;
> +		bool async = false;
> 
>  		skb = tls_wait_data(sk, psock, flags, timeo, &err);
>  		if (!skb) {
> @@ -1727,21 +1728,23 @@ int tls_sw_recvmsg(struct sock *sk,
> 
>  		/* Do not use async mode if record is non-data */
>  		if (ctx->control == TLS_RECORD_TYPE_DATA)
> -			async = ctx->async_capable;
> +			async_capable = ctx->async_capable;
>  		else
> -			async = false;
> +			async_capable = false;
> 
>  		err = decrypt_skb_update(sk, skb, &msg->msg_iter,
> -					 &chunk, &zc, async);
> +					 &chunk, &zc, async_capable);
>  		if (err < 0 && err != -EINPROGRESS) {
>  			tls_err_abort(sk, EBADMSG);
>  			goto recv_end;
>  		}
> 
> -		if (err == -EINPROGRESS)
> +		if (err == -EINPROGRESS && async_capable) {
Why do we need to check 'async_capable'? 
Do we get err == -EINPROGRESS even when async_capable is false?

> +			async = true;
>  			num_async++;
> -		else if (prot->version == TLS_1_3_VERSION)
> +		} else if (prot->version == TLS_1_3_VERSION) {
>  			tlm->control = ctx->control;
> +		}
> 
>  		/* If the type of records being processed is not known yet,
>  		 * set it to record type just dequeued. If it is already known,
> --
> 2.12.2

 



  reply	other threads:[~2019-02-26 12:38 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-26 12:12 [PATCH net 0/4] tls: Fix issues in tls_device Boris Pismenny
2019-02-26 12:12 ` [PATCH net 1/4] tls: Fix tls_device handling of partial records Boris Pismenny
2019-02-26 14:57   ` Vakul Garg
2019-02-26 15:05     ` Boris Pismenny
2019-02-26 12:12 ` [PATCH net 2/4] tls: Fix write space handling Boris Pismenny
2019-02-26 12:49   ` Vakul Garg
2019-02-26 14:13     ` Boris Pismenny
2019-03-11 15:06       ` Vakul Garg
2019-03-11 15:59         ` Boris Pismenny
2019-03-12  6:02           ` Vakul Garg
2019-02-26 12:12 ` [PATCH net 3/4] tls: Fix mixing between async capable and async Boris Pismenny
2019-02-26 12:38   ` Vakul Garg [this message]
2019-02-26 13:43     ` Boris Pismenny
2019-02-26 12:12 ` [PATCH net 4/4] tls: Fix tls_device receive Boris Pismenny
2019-02-26 15:01   ` Vakul Garg
2019-02-26 20:34   ` Dave Watson
2019-02-27  3:08     ` Vakul Garg
2019-02-27 15:23       ` Boris Pismenny
2019-02-27 16:28         ` Vakul Garg
2019-02-27 15:26     ` Boris Pismenny

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DB7PR04MB4252FD5C491CA99AF45BD10C8B7B0@DB7PR04MB4252.eurprd04.prod.outlook.com \
    --to=vakul.garg@nxp.com \
    --cc=aviadye@mellanox.com \
    --cc=borisp@mellanox.com \
    --cc=daniel@iogearbox.net \
    --cc=davejwatson@fb.com \
    --cc=eranbe@mellanox.com \
    --cc=john.fastabend@gmail.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).