The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=1a03b40a134318f26c93d85087de6a588b65f217
commit 1a03b40a134318f26c93d85087de6a588b65f217 Author: John Baldwin <[email protected]> AuthorDate: 2026-06-23 15:51:43 +0000 Commit: John Baldwin <[email protected]> CommitDate: 2026-06-23 15:51:43 +0000 ktls: Make ktls_mbuf_crypto_state private and simplify Sponsored by: Chelsio Communications --- sys/kern/uipc_ktls.c | 49 ++++++++++++++++++++++++------------------------- sys/sys/ktls.h | 8 -------- 2 files changed, 24 insertions(+), 33 deletions(-) diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index 155c2e6e54f7..17189514c2cb 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -77,6 +77,13 @@ #include <vm/vm_page.h> #include <vm/vm_pagequeue.h> +typedef enum { + KTLS_MBUF_CRYPTO_ST_MIXED = 0, + KTLS_MBUF_CRYPTO_ST_ENCRYPTED = 1, + KTLS_MBUF_CRYPTO_ST_DECRYPTED = -1, + KTLS_MBUF_CRYPTO_ST_SHAREDMBUF = -2, +} ktls_mbuf_crypto_st_t; + struct ktls_wq { struct mtx mtx; STAILQ_HEAD(, mbuf) m_head; @@ -2393,26 +2400,21 @@ tls13_find_record_type(struct ktls_session *tls, struct mbuf *m, int tls_len, } /* - * Check if a mbuf chain is fully decrypted at the given offset and - * length. Returns KTLS_MBUF_CRYPTO_ST_DECRYPTED if all data is - * decrypted. KTLS_MBUF_CRYPTO_ST_MIXED if there is a mix of encrypted - * and decrypted data. KTLS_MBUF_CRYPTO_ST_ENCRYPTED if all data is - * encrypted. KTLS_MBUF_CRYPTO_ST_SHAREDMBUF if any mbuf points at + * Check if a mbuf chain is fully decrypted. Returns + * KTLS_MBUF_CRYPTO_ST_DECRYPTED if all data is decrypted. + * KTLS_MBUF_CRYPTO_ST_MIXED if there is a mix of encrypted and + * decrypted data. KTLS_MBUF_CRYPTO_ST_ENCRYPTED if all data is + * encrypted. KTLS_MBUF_CRYPTO_ST_SHAREDMBUF if any mbuf points at * shared data that must not be modified in place (non-anonymous * M_EXTPG or sendfile M_EXT buffers). */ -ktls_mbuf_crypto_st_t -ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len) +static ktls_mbuf_crypto_st_t +ktls_mbuf_crypto_state(struct mbuf *mb) { - int m_flags_ored = 0; - int m_flags_anded = -1; + bool seen_decrypted, seen_encrypted; - for (; mb != NULL; mb = mb->m_next) { - if (offset < mb->m_len) - break; - offset -= mb->m_len; - } - offset += len; + seen_decrypted = false; + seen_encrypted = false; for (; mb != NULL; mb = mb->m_next) { if ((mb->m_flags & M_EXTPG) != 0 && @@ -2422,19 +2424,16 @@ ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len) mb->m_ext.ext_type == EXT_SFBUF) return (KTLS_MBUF_CRYPTO_ST_SHAREDMBUF); - m_flags_ored |= mb->m_flags; - m_flags_anded &= mb->m_flags; - - if (offset <= mb->m_len) - break; - offset -= mb->m_len; + if (mb->m_flags & M_DECRYPTED) + seen_decrypted = true; + else + seen_encrypted = true; } - MPASS(mb != NULL || offset == 0); - if ((m_flags_ored ^ m_flags_anded) & M_DECRYPTED) + if (seen_decrypted && seen_encrypted) return (KTLS_MBUF_CRYPTO_ST_MIXED); else - return ((m_flags_ored & M_DECRYPTED) ? + return (seen_decrypted ? KTLS_MBUF_CRYPTO_ST_DECRYPTED : KTLS_MBUF_CRYPTO_ST_ENCRYPTED); } @@ -2578,7 +2577,7 @@ ktls_decrypt(struct socket *so) SOCKBUF_UNLOCK(sb); /* get crypto state for this TLS record */ - state = ktls_mbuf_crypto_state(data, 0, tls_len); + state = ktls_mbuf_crypto_state(data); switch (state) { case KTLS_MBUF_CRYPTO_ST_MIXED: diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h index 8e5950b8e2b4..0d760b0907fb 100644 --- a/sys/sys/ktls.h +++ b/sys/sys/ktls.h @@ -238,13 +238,6 @@ struct ktls_session { extern unsigned int ktls_ifnet_max_rexmit_pct; -typedef enum { - KTLS_MBUF_CRYPTO_ST_MIXED = 0, - KTLS_MBUF_CRYPTO_ST_ENCRYPTED = 1, - KTLS_MBUF_CRYPTO_ST_DECRYPTED = -1, - KTLS_MBUF_CRYPTO_ST_SHAREDMBUF = -2, -} ktls_mbuf_crypto_st_t; - void ktls_check_rx(struct sockbuf *sb); void ktls_cleanup_tls_enable(struct tls_enable *tls); int ktls_copyin_tls_enable(struct sockopt *sopt, struct tls_enable *tls); @@ -260,7 +253,6 @@ int ktls_get_rx_mode(struct socket *so, int *modep); int ktls_get_tx_mode(struct socket *so, int *modep); int ktls_get_rx_sequence(struct inpcb *inp, uint32_t *tcpseq, uint64_t *tlsseq); void ktls_input_ifp_mismatch(struct sockbuf *sb, struct ifnet *ifp); -ktls_mbuf_crypto_st_t ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len); #ifdef RATELIMIT int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate); #endif
