[PATCH] net: use non-compound pages in frag allocator

The code currently always references the first page in the frag therefore there is no need to pay the extra overhead of making the frag page compound Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/core/sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ne

RE: [PATCH] net: use non-compound pages in frag allocator

umazet [mailto:eric.duma...@gmail.com] > Sent: Thursday, August 04, 2016 4:25 PM > To: Ilya Lesokhin <il...@mellanox.com> > Cc: netdev@vger.kernel.org; eduma...@google.com > Subject: Re: [PATCH] net: use non-compound pages in frag allocator > > On Thu, 2016-08-04 at 15

Why does tcp collapse behavior depend on nr_frags?

Hi, I've notice that tcp_can_collapse() returns false if skb_shinfo(skb)->nr_frags != 0. Is there a reason why we want to base the collapse decision in retransmission on whether the data is located in a frag or the linear part? The relevant commit is tcp: collapse more than two on

[PATCH v2 net-next 2/3] net: Export tcpv6_prot

Want to be able to use these in TLS. Signed-off-by: Boris Pismenny --- net/ipv6/tcp_ipv6.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 2521690..ef8d5b4 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@

[PATCH v2 net-next 3/3] tls: Use correct sk->sk_prot for IPV6

oto structs and uses them when attached to ipv6 sockets. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/tls/Kconfig| 1 + net/tls/tls_main.c | 50 ++ 2 files changed

[PATCH v2 net-next 1/3] ipv6: Prevent unexpected sk->sk_prot changes

With this patch IPV6 code ensure that only sockets with the expected sk->sk_prot are converted to IPV4. Signed-off-by: Boris Pismenny --- net/ipv6/ipv6_sockglue.c | 12 1 file changed, 12 insertions(+) diff --git a/net/ipv6/ipv6_sockglue.c

[PATCH v2 net-next 0/3] Use correct sk->sk_prot for IPV6

ier kernel. - tls_init now checks sk->sk_prot directly This is somewhat safer then checking indirectly through sk->sk_family Ilya Lesokhin (3): ipv6: Prevent unexpected sk->sk_prot changes net: Export tcpv6_prot tls: Use correct sk->sk_prot for IPV6 net/ipv6/ipv6_sockglue.c | 12 ++

[PATCH 1/3] ipv6: Prevent unexpected sk->sk_prot changes

With this patch IPV6 code ensure that only sockets with the expected sk->sk_prot are converted to IPV4. Signed-off-by: Boris Pismenny --- net/ipv6/ipv6_sockglue.c | 12 1 file changed, 12 insertions(+) diff --git a/net/ipv6/ipv6_sockglue.c

[PATCH 0/3] tls: Use correct sk->sk_prot for IPV6

Fix tls code to use the correct sk->sk_prot for IPV6. Previously it was tcp_prot of IPV4 was used. Boris Pismenny (1): net: Export tcpv6_prot Ilya Lesokhin (2): ipv6: Prevent unexpected sk->sk_prot changes tls: Use correct sk->sk_prot for IPV6 net/ipv6/ipv6_sockgl

[PATCH 3/3] tls: Use correct sk->sk_prot for IPV6

The code assumed that only IP version 4 TCP sk->sk_prot was being used. Now it checks for IPV6 and sets sk->sk_prot accordingly. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/t

[PATCH 2/3] net: Export tcpv6_prot

From: Boris Pismenny Want to be able to use these in TLS. Signed-off-by: Boris Pismenny --- net/ipv6/tcp_ipv6.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 2521690..e3a44a5 100644 ---

RE: [PATCH v2 net-next 1/3] ipv6: Prevent unexpected sk->sk_prot changes

> -Original Message- > From: Eric Dumazet [mailto:eric.duma...@gmail.com] > Sent: Tuesday, August 15, 2017 5:46 PM > To: Boris Pismenny <bor...@mellanox.com> > Cc: Ilya Lesokhin <il...@mellanox.com>; netdev@vger.kernel.org; > da...@davemloft.net; davejwat...@

RE: Why do we need MSG_SENDPAGE_NOTLAST?

umazet [mailto:eric.duma...@gmail.com] > Sent: Thursday, May 4, 2017 9:33 PM > To: Ilya Lesokhin <il...@mellanox.com> > Cc: netdev@vger.kernel.org; tls-fpga-sw-dev d...@mellanox.com>; Dave Watson <davejwat...@fb.com> > Subject: Re: Why do we need MSG_SENDPAGE_NOTLAST? >

Why do we need MSG_SENDPAGE_NOTLAST?

I don't understand the need for MSG_SENDPAGE_NOTLAST and I'm hoping someone can enlighten me. According to commit 35f9c09 ('tcp: tcp_sendpages() should call tcp_push() once'): "We need to call tcp_flush() at the end of the last page processed in tcp_sendpages(), or else transmits can be

[PATCH net-next 4/5] net: Add TLS TX offload features

This patch adds a netdev feature to configure TLS TX offloads. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/linux/netdev_features.h | 2 ++

[PATCH net-next 3/5] net: Add TLS offload netdev ops

Add new netdev ops to add and delete tls context Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/linux/netdevice.h | 21 + 1 file chan

[PATCH net-next 5/5] tls: Add generic NIC offload infrastructure.

he context reconstruction request. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/net/tls.h| 41 +++- net/tls/Kconfig | 9 + net/tls/Makefile |

[PATCH net-next 0/5] tls: Add generic NIC offload infrastructure

llanox/tls-offload/tree/tls_device_v1 Paper: https://www.netdevconf.org/1.2/papers/netdevconf-TLS.pdf Ilya Lesokhin (5): tls: Move release of tls_ctx into tls_sw_free_resources tcp: Add clean acked data hook net: Add TLS offload netdev ops net: Add TLS TX offload features tls: Add g

[PATCH net-next 1/5] tls: Move release of tls_ctx into tls_sw_free_resources

Move release of tls_ctx into sw specific code. This is required because the device offload implementation requires this context to remain alive until there are no more in-flight SKBs. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com>

[PATCH net-next 2/5] tcp: Add clean acked data hook

com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/net/inet_connection_sock.h | 2 ++ net/ipv4/tcp_input.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/include/net/inet_connection_soc

RE: [PATCH net-next 5/5] tls: Add generic NIC offload infrastructure.

Hannes Frederic Sowa writes: > The user should be aware of that they can't migrate the socket to another > interface if they got hw offloaded. This is not the case for software offload. > Thus I think the user has to opt in and it shouldn't be a heuristic until we >

[PATCH v3 net-next 1/2] net: Export tcpv6_prot

Want to be able to use these in TLS. Signed-off-by: Boris Pismenny --- net/ipv6/tcp_ipv6.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 38f76d8..60d0629 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@

[PATCH v3 net-next 2/2] tls: Use correct sk->sk_prot for IPV6

oto structs and uses them when attached to ipv6 sockets. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/tls/Kconfig| 1 + net/tls/

[PATCH v3 net-next 0/2] Use correct sk->sk_prot for IPV6

nel. - tls_init now checks sk->sk_prot directly This is somewhat safer then checking indirectly through sk->sk_family Ilya Lesokhin (2): net: Export tcpv6_prot tls: Use correct sk->sk_prot for IPV6 net/ipv6/tcp_ipv6.c | 1 + net/tls/Kcon

[PATCH net 5/6] tls: Avoid copying crypto_info again after cipher_type check.

Avoid copying crypto_info again after cipher_type check to avoid a TOCTOU exploits. The temporary array on the stack is removed as we don't really need it Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/tls/tls_main.

[PATCH net 6/6] tls: don't override sk_write_space if tls_set_sw_offload fails.

If we fail to enable tls in the kernel we shouldn't override the sk_write_space callback Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/tls/tls_main.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/n

[PATCH net 3/6] tls: Fix TLS ulp context leak, when TLS_TX setsockopt is not used.

onf == TLS_BASE_TX. This patch also removes ctx->free_resources as we can use ctx->tx_conf to obtain the relevant information. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- include/net/tls.h | 2 +- net/tls/

[PATCH net 0/6] tls: Miscellaneous fixes

/msg2608603.html Patch 6 Avoids callback overriding when tls_set_sw_offload fails. Ilya Lesokhin (6): tls: Use kzalloc for aead_request allocation tls: Add function to update the TLS socket configuration tls: Fix TLS ulp context leak, when TLS_TX setsockopt is not used. tls: Move tls_make_aad

[PATCH net 1/6] tls: Use kzalloc for aead_request allocation

Use kzalloc for aead_request allocation as we don't set all the bits in the request. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c

[PATCH net 4/6] tls: Move tls_make_aad to header to allow sharing

move tls_make_aad as it is going to be reused by the device offload code and rx path. Remove unused recv parameter. Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- include/net/tls.h | 15 +++ net/tls/tls_sw.c | 18 +- 2 files changed, 16 insertions(

[PATCH net 2/6] tls: Add function to update the TLS socket configuration

The tx configuration is now stored in ctx->tx_conf. And sk->sk_prot is updated trough a function This will simplify things when we add rx and support for different possible tx and rx cross configurations. Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- include/net/tls.h | 2

[PATCH v3 net-next 4/6] net: Add TLS offload netdev ops

Add new netdev ops to add and delete tls context Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/linux/netdevice.h | 23 +++ 1 file chan

[PATCH v3 net-next 6/6] tls: Add generic NIC offload infrastructure.

he context reconstruction request. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/net/tls.h | 62 +++- net/tls/Kconfig | 9 + net/tls

[PATCH v3 net-next 2/6] net: Rename and export copy_skb_header

copy_skb_header is renamed to skb_copy_header and exported. Exposing this function give more flexibility in copying SKBs. skb_copy and skb_copy_expand do not give enough control over which parts are copied. Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Boris Pismenn

[PATCH v3 net-next 0/6] tls: Add generic NIC offload infrastructure

papers/netdevconf-TLS.pdf Ilya Lesokhin (6): tcp: Add clean acked data hook net: Rename and export copy_skb_header net: Add SW fallback infrastructure for offloaded sockets net: Add TLS offload netdev ops net: Add TLS TX offload features tls: Add generic NIC offload infrastructure. include

[PATCH v3 net-next 5/6] net: Add TLS TX offload features

This patch adds a netdev feature to configure TLS TX offloads. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/linux/netdev_features.h | 2 ++

[PATCH v3 net-next 1/6] tcp: Add clean acked data hook

com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/net/inet_connection_sock.h | 2 ++ net/ipv4/tcp_input.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/include/net/inet_connection_soc

[PATCH v3 net-next 3/6] net: Add SW fallback infrastructure for offloaded sockets

Offloaded sockets rely on the netdev to transform the transmitted packets before sending them over the network. When a packet from an offloaded socket is looped back or rerouted to a different device we need to detect it and do the transformation in software Signed-off-by: Ilya Lesokhin <

RE: [PATCH v3 net-next 6/6] tls: Add generic NIC offload infrastructure.

Tuesday, December 19, 2017 5:12 PM, Marcelo Ricardo Leitner wrote: > > I'm not quite sure what you mean by "no net_device's are registered" > > Presumably you mean there is no device that implements the > > NETIF_F_HW_TLS_TX capability yet. > > Not really. Let me try again. This patchset is

RE: [PATCH v3 net-next 3/6] net: Add SW fallback infrastructure for offloaded sockets

> > diff --git a/net/core/dev.c b/net/core/dev.c > > index b0eee49a2489..6a78d9046674 100644 > > --- a/net/core/dev.c > > +++ b/net/core/dev.c > > @@ -3051,6 +3051,10 @@ static struct sk_buff *validate_xmit_skb(struct > sk_buff *skb, struct net_device > > if (unlikely(!skb)) > >

RE: [PATCH v3 net-next 1/6] tcp: Add clean acked data hook

> 1) tcp_ack() is already very expensive. > I'm not sure how what we should do with that comment. We need Some trigger to free TLS records. tcp_ack seemed like a reasonable Trigger. > 2) Since you do not pass any state here, this looks very suspicious to > me. > The state we need is the

RE: [PATCH v3 net-next 1/6] tcp: Add clean acked data hook

> > TLS records should be attached to skbs ? > > It seems more reasonable to free TLS when skb are freed, and not in > general tcp_ack() path. We've considered it, but then we would have to touch all the places the TCP stack splits or merges SKBs. Seems more intrusive. > > > > > > 2) Since

RE: [PATCH v3 net-next 3/6] net: Add SW fallback infrastructure for offloaded sockets

On Monday, December 18, 2017 9:18 PM, Marcelo Ricardo Leitner wrote: > > + > > + if (sk && sk_fullsock(sk) && sk->sk_offload_check) > > Isn't this going to hurt the fast path, checking for sk fields here? > We do add code to the fast path but it seems unavoidable if you want to have SW

RE: [PATCH v3 net-next 6/6] tls: Add generic NIC offload infrastructure.

On Mon, Monday, December 18, 2017 9:54 PM, Marcelo Ricardo Leitner wrote: > On Mon, Dec 18, 2017 at 01:10:33PM +0200, Ilya Lesokhin wrote: > > This patch adds a generic infrastructure to offload TLS crypto to a > > network devices. It enables the kernel TLS socket to

[PATCH v2 net-next 03/12] tls: Fix TLS ulp context leak, when TLS_TX setsockopt is not used.

onf == TLS_BASE_TX. This patch also removes ctx->free_resources as we can use ctx->tx_conf to obtain the relevant information. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- include/net/tls.h | 2 +- net/tls/

[PATCH v2 net-next 00/12] tls: Add generic NIC offload infrastructure

tue for offloaded socket fallback patches 10-11 add new NDOs and capabilities. patch 12 adds the TLS NIC offload infrastructure. Github with mlx5e TLS offload support: https://github.com/Mellanox/tls-offload/tree/tls_device_v2 Paper: https://www.netdevconf.org/1.2/papers/netdevconf-TLS.pdf Ilya Lesok

[PATCH v2 net-next 09/12] net: Add SW fallback infrastructure for offloaded sockets

Offloaded sockets rely on the netdev to transform the transmitted packets before sending them over the network. When a packet from an offloaded socket is looped back or rerouted to a different device we need to detect it and do the transformation in software Signed-off-by: Ilya Lesokhin <

[PATCH v2 net-next 04/12] tls: Move tls_make_aad to header to allow sharing

move tls_make_aad as it is going to be reused by the device offload code Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- include/net/tls.h | 15 +++ net/tls/tls_sw.c | 18 +- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/include/net/t

[PATCH v2 net-next 02/12] tls: Add function to update the TLS socket configuration

The tx configuration is now stored in ctx->tx_conf. And sk->sk_prot is updated trough a function This will simplify things when we add rx and support for different possible tx and rx cross configurations. Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- include/net/tls.h | 2

[PATCH v2 net-next 08/12] net: Rename and export copy_skb_header

copy_skb_header is renamed to skb_copy_header and exported. Exposing this function give more flexibility in copying SKBs. skb_copy and skb_copy_expand do not give enough control over which parts are copied. Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- include/linux/skbuff.h | 1

[PATCH v2 net-next 05/12] tls: Avoid copying crypto_info again after cipher_type check.

Avoid copying crypto_info again after cipher_type check to avoid a TOCTOU exploits. The temporary array on the stack is removed as we don't really need it Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/tls/tls_main.

[PATCH v2 net-next 06/12] tls: don't override sk_write_space if tls_set_sw_offload fails.

If we fail to enable tls in the kernel we shouldn't override the sk_write_space callback Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/tls/tls_main.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/n

[PATCH v2 net-next 12/12] tls: Add generic NIC offload infrastructure.

he context reconstruction request. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/net/tls.h | 55 +++- net/tls/Kconfig | 9 + net/tls

[PATCH v2 net-next 11/12] net: Add TLS TX offload features

This patch adds a netdev feature to configure TLS TX offloads. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/linux/netdev_features.h | 2 ++

[PATCH v2 net-next 10/12] net: Add TLS offload netdev ops

Add new netdev ops to add and delete tls context Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/linux/netdevice.h | 21 + 1 file chan

[PATCH v2 net-next 01/12] tls: Use kzalloc for aead_request allocation

Use kzalloc for aead_request allocation as we don't set all the bits in the request. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c

[PATCH v2 net-next 07/12] tcp: Add clean acked data hook

com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> --- include/net/inet_connection_sock.h | 2 ++ net/ipv4/tcp_input.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/include/net/inet_connection_soc

Using the aesni generic gcm(aes) aead in atomic context

Hi, I've tried using the aesni generic gcm(aes) aead to implement TLS SW fallback and I'm getting [ 3356.839506] BUG: sleeping function called from invalid context at ./include/crypto/algapi.h:417 The warning is coming from a ___might_sleep() macro that is called if CRYPTO_TFM_REQ_MAY_SLEEP

RE: Using the aesni generic gcm(aes) aead in atomic context

On Tuesday, October 31, 2017 11:14 AM Steffen Klassert wrote: > I think Ilya talks about the case where the TLS crypto is intended to be > offloaded > to a NIC. In this case we need a software crypto fallback e.g. if a packet got > rerouted to a device that does not support crypto offloading.

RE: Using the aesni generic gcm(aes) aead in atomic context

On Tuesday, October 31, 2017 9:33 AM, Herbert Xu wrote: > You are right. generic-gcm-aesni is completely broken. > > It needs to be rewritten to use a wrapper as is done with rfc4106. I think we should consider having a synchronous implementation that falls back to integer implementation when

RE: Using the aesni generic gcm(aes) aead in atomic context

On Tuesday, October 31, 2017 9:17 AM, Herbert Xu wrote: > > Users of the crypto API shouldn't need to check irq_fpu_usable(). > The crypto API should work regardless of what context you're in. > I agree, I'm just saying that as far as I can tell that's not true for the aesni generic gcm(aes)

RE: Using the aesni generic gcm(aes) aead in atomic context

On Tuesday, October 31, 2017 9:45 AM, Herbert Xu wrote: > > For your intended use case I think async processing should work just fine as > it > does for IPsec. > I haven't dived into the async IPSEC fallback code yet, but it seems complicated. I'm not sure it make the correct

RE: Using the aesni generic gcm(aes) aead in atomic context

On Mon Tuesday, October 31, 2017 6:10 AM, Herbert Xu wrote: > > Are you allocating the tfm from atomic context? That is not allowed. > > Normally you would allocate the tfm in process context, e.g., when the > connection is setup. > I call crypto_alloc_aead("gcm(aes)", 0, flags) in process

RE: [PATCH v3 net-next 0/6] tls: Add generic NIC offload infrastructure

> > > Dave, would you prefer to get the driver patches that use this infra > > before the infra? > > The arguments you present are silly. > > In order to analyze any proposed API, the users of it must be presented for > the > reviewers to see as well. > > Logically, you must have tried to

[PATCH net 1/1] net/tls: Only attach to sockets in ESTABLISHED state

attached to it. We restrict the TLS ulp to sockets in ESTABLISHED state to prevent the scenario above. Fixes: 3c4d755 ('tls: kernel TLS support') Reported-by: syzbot+904e7cd6c5c741609...@syzkaller.appspotmail.com Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/tls/tls_main.c | 9 ++

RE: [PATCH net 1/1] net/tls: Only attach to sockets in ESTABLISHED state

I'm sorry, I've noticed that I have a typo in my comment. It should read: /*The TLS ulp is currently supported only for TCP sockets * in ESTABLISHED state. * Supporting sockets in LISTEN state will require us * to modify the accept implementation to clone rather then * share the ulp context.

[PATCH v2 net 1/1] net/tls: Only attach to sockets in ESTABLISHED state

attached to it. We restrict the TLS ulp to sockets in ESTABLISHED state to prevent the scenario above. Fixes: 3c4d7559159b ("tls: kernel TLS support") Reported-by: syzbot+904e7cd6c5c741609...@syzkaller.appspotmail.com Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- v2: Fix

[PATCH 1/1] tcp: Honor the eor bit in tcp_mtu_probe

Avoid SKB coalescing if eor bit is set in one of the relevant SKBs. Fixes: c134ecb87817 ("tcp: Make use of MSG_EOR in tcp_sendmsg") Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/ipv4/tcp_output.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/net/ipv

[PATCH v4 1/1] tcp: Honor the eor bit in tcp_mtu_probe

Avoid SKB coalescing if eor bit is set in one of the relevant SKBs. Change-Id: I64d4f9874f2e23b3fd03daddccbefed53e098028 Fixes: c134ecb87817 ("tcp: Make use of MSG_EOR in tcp_sendmsg") Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/ipv4/tcp_output.c | 25

[PATCH v5 1/1] tcp: Honor the eor bit in tcp_mtu_probe

Avoid SKB coalescing if eor bit is set in one of the relevant SKBs. Fixes: c134ecb87817 ("tcp: Make use of MSG_EOR in tcp_sendmsg") Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- Changes from v4: - Remove Gerrit Change-Id Changes from v3: - Fix coding style

[PATCH v2 1/1] tcp: Honor the eor bit in tcp_mtu_probe

Avoid SKB coalescing if eor bit is set in one of the relevant SKBs. Fixes: c134ecb87817 ("tcp: Make use of MSG_EOR in tcp_sendmsg") Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/ipv4/tcp_output.c | 12 1 file changed, 12 insertions(+) diff --git a/net/i

[PATCH v3 1/1] tcp: Honor the eor bit in tcp_mtu_probe

Avoid SKB coalescing if eor bit is set in one of the relevant SKBs. Fixes: c134ecb87817 ("tcp: Make use of MSG_EOR in tcp_sendmsg") Signed-off-by: Ilya Lesokhin <il...@mellanox.com> --- net/ipv4/tcp_output.c | 26 ++ 1 file changed, 26 insertions(+) diff