[PATCH net-next] tls: Add support for inplace records encryption

copy is used (i.e. plaintext data is not copied), inplace_crypto is set to '0'. Signed-off-by: Vakul Garg --- include/net/tls.h | 1 + net/tls/tls_sw.c | 91 --- 2 files changed, 74 insertions(+), 18 deletions(-) diff --git a/include/net/tls

[PATCH net-next] tls: Remove redundant vars from tls record structure

has been modified to skip first index as it points to aad_space. Signed-off-by: Vakul Garg --- include/net/tls.h | 6 ++-- net/tls/tls_sw.c | 92 ++- 2 files changed, 45 insertions(+), 53 deletions(-) diff --git a/include/net/tls.h b/include

RE: [PATCH net-next] tls: Fix socket mem accounting error under async encryption

> -Original Message- > From: David Miller > Sent: Wednesday, September 26, 2018 9:10 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > Subject: Re: [PATCH net-next] tls: Fix socket

RE: [PATCH net-next] tls: Fix socket mem accounting error under async encryption

> -Original Message- > From: David Miller > Sent: Tuesday, September 25, 2018 11:14 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > Subject: Re: [PATCH net-next] tls: Fix socket

[PATCH net-next] tls: Fixed a memory leak during socket close

that the free record in tx context is being freed inside the function. Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption") Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_

[PATCH net-next] tls: Fix socket mem accounting error under async encryption

up of plaintext data to the time when the record is picked up from tx_list and transmitted/freed. When tls_tx_records() gets called, socket is already locked and thus there is no concurrent access problem. Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption") Signed-off-by:

[PATCH net-next] tls: Fixed uninitialised vars warning

Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index bcb24c498b84..102d84bdb2ab 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -709,7 +709,7 @@ int tls_sw_sendmsg(struct sock *sk, str

[PATCH net-next] net/tls: Fixed race condition in async encryption

t_tx' to 'tx_list'. This is because now, the some of the records at the tail are not ready to transmit. Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption") Signed-off-by: Vakul Garg --- include/net/tls.h | 16 --- net/tls/tls_main.c | 4 +-- net/tls/t

[PATCH net-next v2] net/tls: Add support for async encryption of records for performance

sing macros, accessory functions for CLOSED records have been retained. Signed-off-by: Vakul Garg --- Changes since v1: Addressed Dave Miller's comments. - Removed an extra space between 'inline' and 'bool' in 'is_tx_ready' declaration. - Changed order of variable declarat

RE: [PATCH net-next] net/tls: Add support for async encryption of records for performance

> -Original Message- > From: David Miller > Sent: Thursday, September 20, 2018 11:49 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > Subject: Re: [PATCH net-next] net/tls:

[PATCH net-next] net/tls: Add support for async encryption of records for performance

sing macros, accessory functions for CLOSED records have been retained. Signed-off-by: Vakul Garg --- include/net/tls.h | 70 +-- net/tls/tls_main.c | 54 ++--- net/tls/tls_sw.c | 569 - 3 files changed, 515 insertions(+), 178 delet

RE: [net-next PATCH] tls: async support causes out-of-bounds access in crypto APIs

> -Original Message- > From: netdev-ow...@vger.kernel.org On > Behalf Of John Fastabend > Sent: Saturday, September 15, 2018 1:32 AM > To: Vakul Garg ; davejwat...@fb.com > Cc: doro...@fb.com; netdev@vger.kernel.org; > alexei.starovoi...@gmail.com; dan..

RE: [PATCH net-next v2] net/tls: Add support for async decryption of tls records

> -Original Message- > From: John Fastabend > Sent: Saturday, September 15, 2018 1:10 AM > To: Vakul Garg ; netdev@vger.kernel.org > Cc: bor...@mellanox.com; avia...@mellanox.com; davejwat...@fb.com; > da...@davemloft.net > Subject: Re: [PATCH net-next v2] net/tls:

[PATCH net-next v1] net/tls: Fixed return value when tls_complete_pending_work() fails

In tls_sw_sendmsg() and tls_sw_sendpage(), the variable 'ret' has been set to return value of tls_complete_pending_work(). This allows return of proper error code if tls_complete_pending_work() fails. Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Vakul Garg --- net/tl

[PATCH net-next, net v2] net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC

() with 'sg_encrypted_num_elem = 0' and later causes kernel crash. To fix this, set the number of SG elements to the number of elements in plaintext/encrypted SG arrays in case sk_alloc_sg() returns -ENOSPC. Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Vakul Garg --- Changes since v1:

RE: [PATCH net 3/3] tls: zero the crypto information from tls_context before freeing

> -Original Message- > From: netdev-ow...@vger.kernel.org On > Behalf Of Sabrina Dubroca > Sent: Wednesday, September 5, 2018 6:52 PM > To: netdev@vger.kernel.org > Cc: Sabrina Dubroca ; Boris Pismenny > ; Ilya Lesokhin ; Aviad > Yehezkel ; Dave Watson > Subject: [PATCH net 3/3] tls:

[PATCH net-next v1] net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC

() with 'sg_encrypted_num_elem = 0' and later causes kernel crash. To fix this, set the number of SG elements to the number of elements in plaintext/encrypted SG arrays in case sk_alloc_sg() returns -ENOSPC. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/net/tls

RE: [PATCH net-next v2] net/tls: Add support for async decryption of tls records

> -Original Message- > From: David Miller > Sent: Saturday, September 1, 2018 6:31 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com > Subject: Re: [PATCH net-next v2] net/tls: Add support for asyn

[PATCH net-next v1] selftests/tls: Add test for recv(PEEK) spanning across multiple records

Added test case to receive multiple records with a single recvmsg() operation with a MSG_PEEK set. --- tools/testing/selftests/net/tls.c | 22 ++ 1 file changed, 22 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index

[PATCH net-next v2] net/tls: Add support for async decryption of tls records

the sleeping user context when recvmsg() flags that it has done sending all the decryption requests and there are no more decryption requests pending to be completed. Signed-off-by: Vakul Garg Reviewed-by: Dave Watson --- Changes since v1: - Simplified recvmsg() so to drop reference

RE: [PATCH net-next v1] net/tls: Add support for async decryption of tls records

> -Original Message- > From: Dave Watson > Sent: Saturday, August 18, 2018 3:43 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net > Subject: Re: [PATCH net-next v1] net/tls: Add support for asyn

[PATCH net-next v1] net/tls: Add support for async decryption of tls records

the sleeping user context when recvmsg() flags that it has done sending all the decryption requests and there are no more decryption requests pending to be completed. Signed-off-by: Vakul Garg --- Changes since RFC version: 1) Improved commit message. 2) Fixed dequeued record

RE: [PATCH net-next][RFC] net/tls: Add support for async decryption of tls records

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Wednesday, August 15, 2018 10:26 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net > Subject: Re: [PATCH net-next][RFC]

[PATCH net-next][RFC] net/tls: Add support for async decryption of tls records

requests and is waiting for all the async operations to finish. Since the splice() operation does not use zero-copy decryption, async remains disabled for splice(). Signed-off-by: Vakul Garg --- include/net/tls.h | 6 +++ net/tls/tls_sw.c | 134

RE: [PATCH net-next v2 1/1] net/tls: Combined memory allocation for decryption request

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Thursday, August 9, 2018 9:56 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net > Subject: Re: [PATCH net-next v2 1/1] net

[PATCH net-next v3 1/1] net/tls: Combined memory allocation for decryption request

be separately kmalloced each, but it is inefficient. This patch does a combined allocation for preparing decryption request and then segments into aead_req || sgin || sgout || iv || aad. Signed-off-by: Vakul Garg --- Changes since v2: - Rebased to not require following Doron Roberts-Kedes's

[PATCH net-next v3 0/1] net/tls: Combined memory allocation for decryption request

to be able to submit multiple async decryption requests while the previous one is pending i.e. being processed or queued. Vakul Garg (1): net/tls: Combined memory allocation for decryption request include/net/tls.h | 4 - net/tls/tls_sw.c | 238

RE: [PATCH net-next v1 1/1] net/tls: Combined memory allocation for decryption request

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Wednesday, August 8, 2018 10:37 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net > Subject: Re: [PATCH net-next v1 1

[PATCH net-next v2 0/1] net/tls: Combined memory allocation for decryption request

to be able to submit multiple async decryption requests while the previous one is pending i.e. being processed or queued. This patch needs to be applied over Doron Roberts-Kedes's patch. net/tls: Calculate nsg for zerocopy path without skb_cow_data. Vakul Garg (1): net/tls: Combined

[PATCH net-next v2 1/1] net/tls: Combined memory allocation for decryption request

be separately kmalloced each, but it is inefficient. This patch does a combined allocation for preparing decryption request and then segments into aead_req || sgin || sgout || iv || aad. Signed-off-by: Vakul Garg --- This patch needs to be applied over Doron Roberts-Kedes's patch. net/tls

[PATCH net-next v1 0/1] net/tls: Combined memory allocation for decryption request

to be able to submit multiple async decryption requests while the previous one is pending i.e. being processed or queued. This patch needs to be applied over Doron Roberts-Kedes's patch. net/tls: Calculate nsg for zerocopy path without skb_cow_data. Vakul Garg (1): net/tls: Combined

[PATCH net-next v1 1/1] net/tls: Combined memory allocation for decryption request

be separately kmalloced each, but it is inefficient. This patch does a combined allocation for preparing decryption request and then segments into aead_req || sgin || sgout || iv || aad. Signed-off-by: Vakul Garg --- This patch needs to be applied over Doron Roberts-Kedes's patch. net/tls

RE: [PATCH net-next,v3] net/tls: Calculate nsg for zerocopy path without skb_cow_data.

> -Original Message- > From: Doron Roberts-Kedes [mailto:doro...@fb.com] > Sent: Tuesday, August 7, 2018 1:18 AM > To: David S . Miller > Cc: Vakul Garg ; Dave Watson > ; Boris Pismenny ; Aviad > Yehezkel ; netdev@vger.kernel.org; Doron > Roberts-Kedes >

RE: [PATCH RFC net-next 1/1] net/tls: Combined memory allocation for decryption request

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Tuesday, August 7, 2018 8:26 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net > Subject: Re: [PATCH RFC net-next 1/1] net

RE: [PATCH net-next] net/tls: Calculate nsg for zerocopy path without skb_cow_data.

> -Original Message- > From: Doron Roberts-Kedes [mailto:doro...@fb.com] > Sent: Tuesday, August 7, 2018 12:02 AM > To: Vakul Garg > Cc: David S . Miller ; Dave Watson > ; Boris Pismenny ; Aviad > Yehezkel ; netdev@vger.kernel.org > Subject: Re: [PATCH net-next

[PATCH RFC net-next 0/1] net/tls: Combined memory allocation for decryption request

to be able to submit multiple async decryption requests while the previous one is pending i.e. being processed or queued. This patch has been built over Doron Roberts-Kedes's patch: "net/tls: Calculate nsg for zerocopy path without skb_cow_data" Vakul Garg (1): net/tls: Combi

[PATCH RFC net-next 1/1] net/tls: Combined memory allocation for decryption request

be separately kmalloced each, but it is inefficient. This patch does a combined allocation for preparing decryption request and then segments into aead_req || sgin || sgout || iv || aad. Signed-off-by: Vakul Garg --- include/net/tls.h | 4 - net/tls/tls_sw.c | 257

RE: [PATCH net-next] net/tls: Calculate nsg for zerocopy path without skb_cow_data.

> -Original Message- > From: Doron Roberts-Kedes [mailto:doro...@fb.com] > Sent: Friday, August 3, 2018 6:00 AM > To: David S . Miller > Cc: Dave Watson ; Vakul Garg > ; Boris Pismenny ; Aviad > Yehezkel ; netdev@vger.kernel.org; Doron > Roberts-Kedes > Su

RE: [PATCH net-next] net/tls: Mark the end in scatterlist table

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Thursday, August 2, 2018 10:47 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net > Subject: Re: [PATCH net-next]

RE: Security enhancement proposal for kernel TLS

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Thursday, August 2, 2018 2:17 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; Peter Doliwa ; Boris > Pismenny > Subject: Re: Security enhancement proposal for kernel TLS > >

RE: [PATCH net-next] net/tls: Mark the end in scatterlist table

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Thursday, August 2, 2018 10:17 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net > Subject: Re: [PATCH net-next]

[PATCH net-next] net/tls: Always get number of sg entries for skb to be decrypted

irrespective whether it is zero-copy case or otherwise. The change also benefits the non-zero copy case as we could use sgin_arr[] instead of always allocating sg entries from heap. Signed-off-by: Vakul Garg --- The said problem has been discussed with Dave Watson over mail list. net/tls/tls_sw.c

[PATCH net-next] net/tls: Mark the end in scatterlist table

-off-by: Vakul Garg --- net/tls/tls_sw.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index ff3a6904a722..83d67df33f0c 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -311,6 +311,9 @@ static int zerocopy_from_iter(struct sock *sk, struct

RE: [net-next v5 3/3] net/tls: Remove redundant array allocation.

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Monday, July 23, 2018 10:05 PM > To: David Miller > Cc: Vakul Garg ; netdev@vger.kernel.org; > bor...@mellanox.com; avia...@mellanox.com; Doron Roberts-Kedes > > Subject: Re: [net-next

RE: Security enhancement proposal for kernel TLS

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Tuesday, July 31, 2018 2:46 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; Peter Doliwa ; Boris > Pismenny > Subject: Re: Security enhancement proposal for kernel TLS > > On 07

RE: Security enhancement proposal for kernel TLS

Sorry for a delayed response. Kindly see inline. > -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Wednesday, July 25, 2018 9:30 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; Peter Doliwa ; Boris > Pismenny > Subject: Re: Security

[PATCH net-next v7] net/tls: Use socket data_ready callback on record availability

callback sk_state_change which points to sock_def_wakeup() which issues a wakeup unconditionally (without event mask). Signed-off-by: Vakul Garg --- v6->v7: Improved the commit message to contain the detailed reasoning. (The same analysis was shared on the mail list.) net/tls/tls_sw.c | 2 +-

RE: [net-next v6 1/2] net/tls: Use socket data_ready callback on record availability

> -Original Message- > From: David Miller [mailto:da...@davemloft.net] > Sent: Sunday, July 29, 2018 11:48 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com > Subject: Re: [net-next v6 1/2] net/tls:

RE: [net-next v6 1/2] net/tls: Use socket data_ready callback on record availability

Hi David Could you please correct me if my counter-reasoning behind changing the socket callback is wrong? Thanks & Regards Vakul > -Original Message- > From: Vakul Garg > Sent: Wednesday, July 25, 2018 11:22 AM > To: David Miller > Cc: netdev@vger.kernel.org;

RE: [net-next v5 3/3] net/tls: Remove redundant array allocation.

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Thursday, July 26, 2018 2:31 AM > To: Vakul Garg > Cc: David Miller ; netdev@vger.kernel.org; > bor...@mellanox.com; avia...@mellanox.com; Doron Roberts-Kedes > > Subject: Re: [

RE: [PATCH net-next] net/tls: Corrected enabling of zero-copy mode

> -Original Message- > From: netdev-ow...@vger.kernel.org [mailto:netdev- > ow...@vger.kernel.org] On Behalf Of David Miller > Sent: Thursday, July 26, 2018 1:59 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwa

RE: [PATCH net-next] tls: Fix improper revert in zerocopy_from_iter

> -Original Message- > From: Doron Roberts-Kedes [mailto:doro...@fb.com] > Sent: Wednesday, July 25, 2018 1:50 AM > To: Vakul Garg > Cc: David S . Miller ; Dave Watson > ; Matt Mullins ; > netdev@vger.kernel.org > Subject: Re: [PATCH net-next]

RE: [net-next v6 1/2] net/tls: Use socket data_ready callback on record availability

> -Original Message- > From: David Miller [mailto:da...@davemloft.net] > Sent: Wednesday, July 25, 2018 1:43 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com > Subject: Re: [net-next v6 1/2] net/tls:

Re: [PATCH net-next] net/tls: Do not call msg_data_left() twice

From: Al Viro Sent: Wednesday, 25 July, 7:19 AM Subject: Re: [PATCH net-next] net/tls: Do not call msg_data_left() twice To: Vakul Garg Cc: netdev@vger.kernel.org, bor...@mellanox.com, avia...@mellanox.com, davejwat...@fb.com, da...@davemloft.net On Tue, Jul 24, 2018 at 04:41:18PM +0530

RE: [net-next v5 3/3] net/tls: Remove redundant array allocation.

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Monday, July 23, 2018 10:05 PM > To: David Miller > Cc: Vakul Garg ; netdev@vger.kernel.org; > bor...@mellanox.com; avia...@mellanox.com; Doron Roberts-Kedes > > Subject: Re: [net-next

[PATCH net-next] net/tls: Removed redundant checks for non-NULL

Removed checks against non-NULL before calling kfree_skb() and crypto_free_aead(). These functions are safe to be called with NULL as an argument. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 9 +++-- 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/net/tls/tls_sw.c b/net

[PATCH net-next] net/tls: Do not call msg_data_left() twice

In function tls_sw_sendmsg(), msg_data_left() needs to be called only once. The second invocation of msg_data_left() for assigning variable try_to_copy can be removed and merged with the first one. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 3 +-- 1 file changed, 1 insertion(+), 2

RE: [PATCH net-next] tls: Fix improper revert in zerocopy_from_iter

> -Original Message- > From: Doron Roberts-Kedes [mailto:doro...@fb.com] > Sent: Tuesday, July 24, 2018 3:50 AM > To: David S . Miller > Cc: Dave Watson ; Vakul Garg > ; Matt Mullins ; > netdev@vger.kernel.org; Doron Roberts-Kedes > Subject: [PATCH net-next]

[net-next v6 0/2] Minor code cleanup patches

This patch series improves tls_sw.c code by: 1) Using correct socket callback for flagging data availability. 2) Removing redundant variable assignments and wakeup callbacks. Vakul Garg (2): net/tls: Use socket data_ready callback on record availability net/tls: Remove redundant variable

[net-next v6 1/2] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 0c2d029c9d4c..fee1240eff92

[net-next v6 2/2] net/tls: Remove redundant variable assignments and wakeup

as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index fee1240eff92..6c71da7b147f 100644 --- a/net/tls/tls_sw.c +++ b/net

Re: [net-next v5 3/3] net/tls: Remove redundant array allocation.

: Vakul Garg; netdev@vger.kernel.org; bor...@mellanox.com; avia...@mellanox.com; doro...@fb.com Subject: Re: [net-next v5 3/3] net/tls: Remove redundant array allocation. From: Dave Watson Date: Mon, 23 Jul 2018 09:35:09 -0700 > I don't think this patch is safe as-is. sgin_arr is a stack ar

[PATCH net-next] net/tls: Corrected enabling of zero-copy mode

to be copied into user space provided buffer. Hence zero-copy mode should be enabled/disabled as per the success/failure of zerocopy_from_iter(). Fixes: c46234ebb4d1 ("tls: RX path for ktls") Signed-off-by: Vakul Garg --- The patch does not need to be applied to 'net' branch as it does n

Security enhancement proposal for kernel TLS

Hi The kernel based TLS record layer allows the user space world to use a decoupled TLS implementation. The applications need not be linked with TLS stack. The TLS handshake can be done by a TLS daemon on the behalf of applications. Presently, as soon as the handshake process derives keys, it

Query about tls patch

Hi I got a query reading patch https://patchwork.ozlabs.org/patch/943442/ (already merged). [PATCH]: tls: Fix zerocopy_from_iter iov handling In tls_sw_sendmsg(), if zerocopy_from_iter() fails, we go to fallback_to_reg_send. Here we first call iov_iter_revert(). But the iov_iter_advance

[net-next v5 3/3] net/tls: Remove redundant array allocation.

In function decrypt_skb(), array allocation in case when sgout is NULL is unnecessary. Instead, local variable sgin_arr[] can be used. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e15ace0ebd79

[net-next v5 0/3] net/tls: Minor code cleanup patches

t; tag has not been used. From patch series v3, this series v4 contains two patches less. They will be submitted separately. Vakul Garg (3): net/tls: Use socket data_ready callback on record availability net/tls: Remove redundant variable assignments and wakeup net/tls: Remove redundant array allocat

[net-next v5 1/3] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7d194c0cd6cf..a58661c624ec

[net-next v5 2/3] net/tls: Remove redundant variable assignments and wakeup

as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- Changes from v4->v5: Fixed compilation issue. net/tls/tls_sw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index a58661c62

[net-next v5 2/3] net/tls: Remove redundant variable assignments and wakeup

as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- Changes from v4->v5: Fixed compilation issue. net/tls/tls_sw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index a58661c62

[net-next v4 0/3] net/tls: Minor code cleanup patches

t; tag has not been used. From patch series v3, this series v4 contains two patches less. They will be submitted separately. Vakul Garg (3): net/tls: Use socket data_ready callback on record availability net/tls: Remove redundant variable assignments and wakeup net/tls: Remove redundant array allocat

[net-next v5 3/3] net/tls: Remove redundant array allocation.

In function decrypt_skb(), array allocation in case when sgout is NULL is unnecessary. Instead, local variable sgin_arr[] can be used. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e15ace0ebd79

[net-next v5 1/3] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7d194c0cd6cf..a58661c624ec

[net-next v4 2/3] net/tls: Remove redundant variable assignments and wakeup

as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index a58661c624ec..e62f288fda31 100644 --- a/net/tls/tls_sw.c +++ b/net

[net-next v4 3/3] net/tls: Remove redundant array allocation.

In function decrypt_skb(), array allocation in case when sgout is NULL is unnecessary. Instead, local variable sgin_arr[] can be used. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e62f288fda31

[net-next v4 1/3] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7d194c0cd6cf..a58661c624ec

[net-next v4 0/3] net/tls: Minor code cleanup patches

t; tag has not been used. From patch series v3, this series v4 contains two patches less. They will be submitted separately. Vakul Garg (3): net/tls: Use socket data_ready callback on record availability net/tls: Remove redundant variable assignments and wakeup net/tls: Remove redundant array allocat

RE: [net-next v3 1/5] net/tls: Do not enable zero-copy prematurely

Thanks for the comment. I will take this patch out of the series. > -Original Message- > From: Boris Pismenny [mailto:bor...@mellanox.com] > Sent: Thursday, July 19, 2018 3:58 PM > To: Vakul Garg ; netdev@vger.kernel.org > Cc: avia...@mellanox.com; davejwat...@fb.com; da..

[net-next v3 0/5] net/tls: Minor code cleanup patches

common error checking code for zero-copy, non zero-copy modes. The patches do not fix any functional bug. Hence "Fixes:" tag has not been used. Vakul Garg (5): net/tls: Do not enable zero-copy prematurely net/tls: Use socket data_ready callback on record availability net/tls: Remove

[net-next v3 4/5] net/tls: Remove redundant array allocation.

In function decrypt_skb(), array allocation in case when sgout is NULL is unnecessary. Instead, local variable sgin_arr[] can be used. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 5dcfbaf33680

[net-next v3 5/5] net/tls: Rework error checking after decrypt_skb_update()

Error checking code after invoking decrypt_skb_update() for zero-copy and non-zero-copy cases in tls_sw_recvmsg has been made common. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 14 ++ 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls

[net-next v3 3/5] net/tls: Remove redundant variable assignments and wakeup

as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- v2 -> v3 Removed compilation warning. net/tls/tls_sw.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 186152dced25..5dcfbaf33

[net-next v3 2/5] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e94cb54a6994..186152dced25

[net-next v3 1/5] net/tls: Do not enable zero-copy prematurely

nce it is never called if ctx->decrypted is true. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 22 +- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7d194c0cd6cf..e94cb54a6994 100644 --- a/net/tls/tls_sw.c +++ b/n

[net-next v2 4/5] net/tls: Remove redundant array allocation.

In function decrypt_skb(), array allocation in case when sgout is NULL is unnecessary. Instead, local variable sgin_arr[] can be used. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 6eaaa587db71

[net-next v2 5/5] net/tls: Rework error checking after decrypt_skb_update()

Error checking code after invoking decrypt_skb_update() for zero-copy and non-zero-copy cases in tls_sw_recvmsg has been made common. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 14 ++ 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls

[net-next v2 3/5] net/tls: Remove redundant variable assignments and wakeup

as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 186152dced25..6eaaa587db71 100644 --- a/net/tls/tls_sw.c +++ b/net

[net-next v2 2/5] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e94cb54a6994..186152dced25

[net-next v2 1/5] net/tls: Do not enable zero-copy prematurely

nce it is never called if ctx->decrypted is true. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 22 +- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7d194c0cd6cf..e94cb54a6994 100644 --- a/net/tls/tls_sw.c +++ b/n

[PATCH net-next 3/3] net/tls: Remove redundant variable assignments and wakeup

as tls_do_decryption() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index a184c70ee0ac..a53fdcc33e31 100644 --- a/net/tls/tls_sw.c +++ b/net/tls

[PATCH net-next 1/3] net/tls: Do not enable zero-copy prematurely

Zero-copy mode was left enabled even when zerocopy_from_iter() failed. Set the zero-copy mode only when zerocopy_from_iter() succeeds. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index

[PATCH net-next 2/3] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index d31dc2487488..a184c70ee0ac

RE: [PATCH net-next] net/tls: Removed redundant variable from 'struct tls_sw_context_rx'

From: Boris Pismenny [mailto:bor...@mellanox.com] > Sent: Thursday, July 12, 2018 4:11 PM > To: Vakul Garg ; da...@davemloft.net; > davejwat...@fb.com; netdev@vger.kernel.org > Cc: avia...@mellanox.com > Subject: Re: [PATCH net-next] net/tls: Removed redundant variable from > 'struct tls_sw_

[PATCH net-next] net/tls: Removed redundant variable from 'struct tls_sw_context_rx'

The variable 'decrypted' in 'struct tls_sw_context_rx' is redundant and is being set/unset without purpose. Simplified the code by removing it. Signed-off-by: Vakul Garg --- include/net/tls.h | 1 - net/tls/tls_sw.c | 87 --- 2 files changed

[PATCH net-next] strparser: Call skb_unclone conditionally

Calling skb_unclone() is expensive as it triggers a memcpy operation. Instead of calling skb_unclone() unconditionally, call it only when skb has a shared frag_list. This improves tls rx throughout significantly. Signed-off-by: Vakul Garg Suggested-by: Boris Pismenny --- net/strparser

RE: [PATCH v9 crypto 00/12] Chelsio Inline TLS

> -Original Message- > From: linux-crypto-ow...@vger.kernel.org [mailto:linux-crypto- > ow...@vger.kernel.org] On Behalf Of Atul Gupta > Sent: Tuesday, March 6, 2018 9:05 PM > To: davejwat...@fb.com; da...@davemloft.net; > herb...@gondor.apana.org.au > Cc: linux-cry...@vger.kernel.org;

RE: [RFC crypto v3 8/9] chtls: Register the ULP

> -Original Message- > From: linux-crypto-ow...@vger.kernel.org [mailto:linux-crypto- > ow...@vger.kernel.org] On Behalf Of Atul Gupta > Sent: Thursday, February 8, 2018 3:56 PM > To: Dave Watson > Cc: s...@queasysnail.net; herb...@gondor.apana.org.au; linux- >

RE: [PATCHv2] tls: Add support for encryption using async offload accelerator

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Wednesday, January 31, 2018 11:05 PM > To: Vakul Garg <vakul.g...@nxp.com> > Cc: linux-cry...@vger.kernel.org; il...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net; netdev@vger

RE: [PATCHv2] tls: Add support for encryption using async offload accelerator

> -Original Message- > From: Dave Watson [mailto:davejwat...@fb.com] > Sent: Wednesday, January 31, 2018 8:52 PM > To: Vakul Garg <vakul.g...@nxp.com> > Cc: linux-cry...@vger.kernel.org; il...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net; netdev@vger

[PATCHv2] tls: Add support for encryption using async offload accelerator

. Signed-off-by: Vakul Garg <vakul.g...@nxp.com> --- v1-v2: - Used crypto_wait_req() to wait for async operation completion - Passed CRYPTO_TFM_REQ_MAY_BACKLOG to crypto_aead_encrypt include/net/tls.h | 2 ++ net/tls/tls_sw.c | 8 +++- 2 files changed, 9 insertions(+), 1 deletion(-) diff

  1   2   >