.
Signed-off-by: Vakul Garg <vakul.g...@nxp.com>
---
net/tls/tls_sw.c | 22 ++
1 file changed, 22 insertions(+)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 73d19210dd49..390e6dc7b135 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -39,6 +39,11 @@
#i
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Wednesday, January 31, 2018 8:52 PM
> To: Vakul Garg <vakul.g...@nxp.com>
> Cc: linux-cry...@vger.kernel.org; il...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net; netdev@vger
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Wednesday, January 31, 2018 11:05 PM
> To: Vakul Garg <vakul.g...@nxp.com>
> Cc: linux-cry...@vger.kernel.org; il...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net; netdev@vger
.
Signed-off-by: Vakul Garg <vakul.g...@nxp.com>
---
net/tls/tls_sw.c | 22 ++
1 file changed, 22 insertions(+)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 73d19210dd49..390e6dc7b135 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -39,6 +39,11 @@
#i
.
Signed-off-by: Vakul Garg <vakul.g...@nxp.com>
---
v1-v2:
- Used crypto_wait_req() to wait for async operation completion
- Passed CRYPTO_TFM_REQ_MAY_BACKLOG to crypto_aead_encrypt
include/net/tls.h | 2 ++
net/tls/tls_sw.c | 8 +++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff
.
Signed-off-by: Vakul Garg <vakul.g...@nxp.com>
---
v1-v2:
- Used crypto_wait_req() to wait for async operation completion
- Passed CRYPTO_TFM_REQ_MAY_BACKLOG to crypto_aead_encrypt
include/net/tls.h | 2 ++
net/tls/tls_sw.c | 8 +++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff
Forgot to add 'v2' in subject line.
I will be resending.
-Original Message-
From: Vakul Garg
Sent: Wednesday, January 31, 2018 9:29 PM
To: linux-cry...@vger.kernel.org
Cc: il...@mellanox.com; avia...@mellanox.com; davejwat...@fb.com;
da...@davemloft.net; netdev@vger.kernel.org; Vakul
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org [mailto:linux-crypto-
> ow...@vger.kernel.org] On Behalf Of Atul Gupta
> Sent: Thursday, February 8, 2018 3:56 PM
> To: Dave Watson
> Cc: s...@queasysnail.net; herb...@gondor.apana.org.au; linux-
>
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Thursday, August 2, 2018 10:17 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next]
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Thursday, August 2, 2018 10:47 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next]
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Thursday, August 2, 2018 2:17 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; Peter Doliwa ; Boris
> Pismenny
> Subject: Re: Security enhancement proposal for kernel TLS
>
>
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Monday, July 23, 2018 10:05 PM
> To: David Miller
> Cc: Vakul Garg ; netdev@vger.kernel.org;
> bor...@mellanox.com; avia...@mellanox.com; Doron Roberts-Kedes
>
> Subject: Re: [net-next
> -Original Message-
> From: Doron Roberts-Kedes [mailto:doro...@fb.com]
> Sent: Friday, August 3, 2018 6:00 AM
> To: David S . Miller
> Cc: Dave Watson ; Vakul Garg
> ; Boris Pismenny ; Aviad
> Yehezkel ; netdev@vger.kernel.org; Doron
> Roberts-Kedes
> Su
Hi David
Could you please correct me if my counter-reasoning behind changing the socket
callback is wrong?
Thanks & Regards
Vakul
> -Original Message-
> From: Vakul Garg
> Sent: Wednesday, July 25, 2018 11:22 AM
> To: David Miller
> Cc: netdev@vger.kernel.org;
> -Original Message-
> From: David Miller [mailto:da...@davemloft.net]
> Sent: Sunday, July 29, 2018 11:48 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com
> Subject: Re: [net-next v6 1/2] net/tls:
> -Original Message-
> From: netdev-ow...@vger.kernel.org [mailto:netdev-
> ow...@vger.kernel.org] On Behalf Of David Miller
> Sent: Thursday, July 26, 2018 1:59 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwa
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Thursday, July 26, 2018 2:31 AM
> To: Vakul Garg
> Cc: David Miller ; netdev@vger.kernel.org;
> bor...@mellanox.com; avia...@mellanox.com; Doron Roberts-Kedes
>
> Subject: Re: [
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Tuesday, July 31, 2018 2:46 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; Peter Doliwa ; Boris
> Pismenny
> Subject: Re: Security enhancement proposal for kernel TLS
>
> On 07
irrespective whether it is zero-copy case or otherwise. The
change also benefits the non-zero copy case as we could use sgin_arr[]
instead of always allocating sg entries from heap.
Signed-off-by: Vakul Garg
---
The said problem has been discussed with Dave Watson over mail list.
net/tls/tls_sw.c
-off-by: Vakul Garg
---
net/tls/tls_sw.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index ff3a6904a722..83d67df33f0c 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -311,6 +311,9 @@ static int zerocopy_from_iter(struct sock *sk, struct
callback sk_state_change which
points to sock_def_wakeup() which issues a wakeup unconditionally
(without event mask).
Signed-off-by: Vakul Garg
---
v6->v7: Improved the commit message to contain the detailed reasoning.
(The same analysis was shared on the mail list.)
net/tls/tls_sw.c | 2 +-
Sorry for a delayed response.
Kindly see inline.
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Wednesday, July 25, 2018 9:30 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; Peter Doliwa ; Boris
> Pismenny
> Subject: Re: Security
> -Original Message-
> From: Doron Roberts-Kedes [mailto:doro...@fb.com]
> Sent: Tuesday, August 7, 2018 12:02 AM
> To: Vakul Garg
> Cc: David S . Miller ; Dave Watson
> ; Boris Pismenny ; Aviad
> Yehezkel ; netdev@vger.kernel.org
> Subject: Re: [PATCH net-next
to be able to submit multiple
async decryption requests while the previous one is pending i.e. being
processed or queued.
This patch needs to be applied over Doron Roberts-Kedes's patch.
net/tls: Calculate nsg for zerocopy path without skb_cow_data.
Vakul Garg (1):
net/tls: Combined
be separately kmalloced each, but it is inefficient.
This patch does a combined allocation for preparing decryption request
and then segments into aead_req || sgin || sgout || iv || aad.
Signed-off-by: Vakul Garg
---
This patch needs to be applied over Doron Roberts-Kedes's patch.
net/tls
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Wednesday, August 15, 2018 10:26 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next][RFC]
the
sleeping user context when recvmsg() flags that it has done sending
all the decryption requests and there are no more decryption requests
pending to be completed.
Signed-off-by: Vakul Garg
---
Changes since RFC version:
1) Improved commit message.
2) Fixed dequeued record
requests and is waiting for all the async
operations to finish. Since the splice() operation does not use
zero-copy decryption, async remains disabled for splice().
Signed-off-by: Vakul Garg
---
include/net/tls.h | 6 +++
net/tls/tls_sw.c | 134
to be able to submit multiple
async decryption requests while the previous one is pending i.e. being
processed or queued.
This patch has been built over Doron Roberts-Kedes's patch:
"net/tls: Calculate nsg for zerocopy path without skb_cow_data"
Vakul Garg (1):
net/tls: Combi
be separately kmalloced each, but it is inefficient.
This patch does a combined allocation for preparing decryption request
and then segments into aead_req || sgin || sgout || iv || aad.
Signed-off-by: Vakul Garg
---
include/net/tls.h | 4 -
net/tls/tls_sw.c | 257
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Tuesday, August 7, 2018 8:26 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH RFC net-next 1/1] net
> -Original Message-
> From: Doron Roberts-Kedes [mailto:doro...@fb.com]
> Sent: Tuesday, August 7, 2018 1:18 AM
> To: David S . Miller
> Cc: Vakul Garg ; Dave Watson
> ; Boris Pismenny ; Aviad
> Yehezkel ; netdev@vger.kernel.org; Doron
> Roberts-Kedes
>
to be able to submit multiple
async decryption requests while the previous one is pending i.e. being
processed or queued.
Vakul Garg (1):
net/tls: Combined memory allocation for decryption request
include/net/tls.h | 4 -
net/tls/tls_sw.c | 238
be separately kmalloced each, but it is inefficient.
This patch does a combined allocation for preparing decryption request
and then segments into aead_req || sgin || sgout || iv || aad.
Signed-off-by: Vakul Garg
---
Changes since v2:
- Rebased to not require following Doron Roberts-Kedes's
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Thursday, August 9, 2018 9:56 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next v2 1/1] net
be separately kmalloced each, but it is inefficient.
This patch does a combined allocation for preparing decryption request
and then segments into aead_req || sgin || sgout || iv || aad.
Signed-off-by: Vakul Garg
---
This patch needs to be applied over Doron Roberts-Kedes's patch.
net/tls
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Wednesday, August 8, 2018 10:37 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next v1 1
to be able to submit multiple
async decryption requests while the previous one is pending i.e. being
processed or queued.
This patch needs to be applied over Doron Roberts-Kedes's patch.
net/tls: Calculate nsg for zerocopy path without skb_cow_data.
Vakul Garg (1):
net/tls: Combined
Added test case to receive multiple records with a single recvmsg()
operation with a MSG_PEEK set.
---
tools/testing/selftests/net/tls.c | 22 ++
1 file changed, 22 insertions(+)
diff --git a/tools/testing/selftests/net/tls.c
b/tools/testing/selftests/net/tls.c
index
the
sleeping user context when recvmsg() flags that it has done sending
all the decryption requests and there are no more decryption requests
pending to be completed.
Signed-off-by: Vakul Garg
Reviewed-by: Dave Watson
---
Changes since v1:
- Simplified recvmsg() so to drop reference
> -Original Message-
> From: Dave Watson
> Sent: Saturday, August 18, 2018 3:43 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next v1] net/tls: Add support for asyn
nce it is never called if ctx->decrypted is
true.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 22 +-
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 7d194c0cd6cf..e94cb54a6994 100644
--- a/net/tls/tls_sw.c
+++ b/n
In function decrypt_skb(), array allocation in case when sgout is NULL
is unnecessary. Instead, local variable sgin_arr[] can be used.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 4
1 file changed, 4 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 6eaaa587db71
Error checking code after invoking decrypt_skb_update() for zero-copy
and non-zero-copy cases in tls_sw_recvmsg has been made common.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 14 ++
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls
as decrypt_skb_update() is invoked from user processes only. This
patch cleans these up.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 186152dced25..6eaaa587db71 100644
--- a/net/tls/tls_sw.c
+++ b/net
On receipt of a complete tls record, use socket's saved data_ready
callback instead of state_change callback.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index e94cb54a6994..186152dced25
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Monday, July 23, 2018 10:05 PM
> To: David Miller
> Cc: Vakul Garg ; netdev@vger.kernel.org;
> bor...@mellanox.com; avia...@mellanox.com; Doron Roberts-Kedes
>
> Subject: Re: [net-next
Removed checks against non-NULL before calling kfree_skb() and
crypto_free_aead(). These functions are safe to be called with NULL
as an argument.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/net/tls/tls_sw.c b/net
In function tls_sw_sendmsg(), msg_data_left() needs to be called only
once. The second invocation of msg_data_left() for assigning variable
try_to_copy can be removed and merged with the first one.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 3 +--
1 file changed, 1 insertion(+), 2
On receipt of a complete tls record, use socket's saved data_ready
callback instead of state_change callback.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 0c2d029c9d4c..fee1240eff92
as decrypt_skb_update() is invoked from user processes only. This
patch cleans these up.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index fee1240eff92..6c71da7b147f 100644
--- a/net/tls/tls_sw.c
+++ b/net
> -Original Message-
> From: Doron Roberts-Kedes [mailto:doro...@fb.com]
> Sent: Tuesday, July 24, 2018 3:50 AM
> To: David S . Miller
> Cc: Dave Watson ; Vakul Garg
> ; Matt Mullins ;
> netdev@vger.kernel.org; Doron Roberts-Kedes
> Subject: [PATCH net-next]
: Vakul Garg; netdev@vger.kernel.org; bor...@mellanox.com;
avia...@mellanox.com; doro...@fb.com
Subject: Re: [net-next v5 3/3] net/tls: Remove redundant array allocation.
From: Dave Watson
Date: Mon, 23 Jul 2018 09:35:09 -0700
> I don't think this patch is safe as-is. sgin_arr is a stack ar
This patch series improves tls_sw.c code by:
1) Using correct socket callback for flagging data availability.
2) Removing redundant variable assignments and wakeup callbacks.
Vakul Garg (2):
net/tls: Use socket data_ready callback on record availability
net/tls: Remove redundant variable
From: Al Viro
Sent: Wednesday, 25 July, 7:19 AM
Subject: Re: [PATCH net-next] net/tls: Do not call msg_data_left() twice
To: Vakul Garg
Cc: netdev@vger.kernel.org, bor...@mellanox.com, avia...@mellanox.com,
davejwat...@fb.com, da...@davemloft.net
On Tue, Jul 24, 2018 at 04:41:18PM +0530
Hi
The kernel based TLS record layer allows the user space world to use a
decoupled TLS implementation.
The applications need not be linked with TLS stack.
The TLS handshake can be done by a TLS daemon on the behalf of applications.
Presently, as soon as the handshake process derives keys, it
Hi
I got a query reading patch https://patchwork.ozlabs.org/patch/943442/ (already
merged).
[PATCH]: tls: Fix zerocopy_from_iter iov handling
In tls_sw_sendmsg(), if zerocopy_from_iter() fails, we go to
fallback_to_reg_send.
Here we first call iov_iter_revert(). But the iov_iter_advance
to be copied into user space provided buffer. Hence zero-copy
mode should be enabled/disabled as per the success/failure of
zerocopy_from_iter().
Fixes: c46234ebb4d1 ("tls: RX path for ktls")
Signed-off-by: Vakul Garg
---
The patch does not need to be applied to 'net' branch as it does n
Thanks for the comment.
I will take this patch out of the series.
> -Original Message-
> From: Boris Pismenny [mailto:bor...@mellanox.com]
> Sent: Thursday, July 19, 2018 3:58 PM
> To: Vakul Garg ; netdev@vger.kernel.org
> Cc: avia...@mellanox.com; davejwat...@fb.com; da..
In function decrypt_skb(), array allocation in case when sgout is NULL
is unnecessary. Instead, local variable sgin_arr[] can be used.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 4
1 file changed, 4 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index e15ace0ebd79
t; tag has not
been used. From patch series v3, this series v4 contains two patches
less. They will be submitted separately.
Vakul Garg (3):
net/tls: Use socket data_ready callback on record availability
net/tls: Remove redundant variable assignments and wakeup
net/tls: Remove redundant array allocat
In function decrypt_skb(), array allocation in case when sgout is NULL
is unnecessary. Instead, local variable sgin_arr[] can be used.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 4
1 file changed, 4 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index e62f288fda31
On receipt of a complete tls record, use socket's saved data_ready
callback instead of state_change callback.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 7d194c0cd6cf..a58661c624ec
as decrypt_skb_update() is invoked from user processes only. This
patch cleans these up.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index a58661c624ec..e62f288fda31 100644
--- a/net/tls/tls_sw.c
+++ b/net
t; tag has not
been used. From patch series v3, this series v4 contains two patches
less. They will be submitted separately.
Vakul Garg (3):
net/tls: Use socket data_ready callback on record availability
net/tls: Remove redundant variable assignments and wakeup
net/tls: Remove redundant array allocat
as decrypt_skb_update() is invoked from user processes only. This
patch cleans these up.
Signed-off-by: Vakul Garg
---
Changes from v4->v5: Fixed compilation issue.
net/tls/tls_sw.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index a58661c62
In function decrypt_skb(), array allocation in case when sgout is NULL
is unnecessary. Instead, local variable sgin_arr[] can be used.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 4
1 file changed, 4 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index e15ace0ebd79
On receipt of a complete tls record, use socket's saved data_ready
callback instead of state_change callback.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 7d194c0cd6cf..a58661c624ec
t; tag has not
been used. From patch series v3, this series v4 contains two patches
less. They will be submitted separately.
Vakul Garg (3):
net/tls: Use socket data_ready callback on record availability
net/tls: Remove redundant variable assignments and wakeup
net/tls: Remove redundant array allocat
On receipt of a complete tls record, use socket's saved data_ready
callback instead of state_change callback.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 7d194c0cd6cf..a58661c624ec
as decrypt_skb_update() is invoked from user processes only. This
patch cleans these up.
Signed-off-by: Vakul Garg
---
Changes from v4->v5: Fixed compilation issue.
net/tls/tls_sw.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index a58661c62
as decrypt_skb_update() is invoked from user processes only. This
patch cleans these up.
Signed-off-by: Vakul Garg
---
v2 -> v3
Removed compilation warning.
net/tls/tls_sw.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 186152dced25..5dcfbaf33
On receipt of a complete tls record, use socket's saved data_ready
callback instead of state_change callback.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index e94cb54a6994..186152dced25
nce it is never called if ctx->decrypted is
true.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 22 +-
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 7d194c0cd6cf..e94cb54a6994 100644
--- a/net/tls/tls_sw.c
+++ b/n
Error checking code after invoking decrypt_skb_update() for zero-copy
and non-zero-copy cases in tls_sw_recvmsg has been made common.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 14 ++
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls
common error checking code for zero-copy, non zero-copy modes.
The patches do not fix any functional bug. Hence "Fixes:" tag has not
been used.
Vakul Garg (5):
net/tls: Do not enable zero-copy prematurely
net/tls: Use socket data_ready callback on record availability
net/tls: Remove
In function decrypt_skb(), array allocation in case when sgout is NULL
is unnecessary. Instead, local variable sgin_arr[] can be used.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 4
1 file changed, 4 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 5dcfbaf33680
> -Original Message-
> From: David Miller [mailto:da...@davemloft.net]
> Sent: Wednesday, July 25, 2018 1:43 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com
> Subject: Re: [net-next v6 1/2] net/tls:
> -Original Message-
> From: Doron Roberts-Kedes [mailto:doro...@fb.com]
> Sent: Wednesday, July 25, 2018 1:50 AM
> To: Vakul Garg
> Cc: David S . Miller ; Dave Watson
> ; Matt Mullins ;
> netdev@vger.kernel.org
> Subject: Re: [PATCH net-next]
> -Original Message-
> From: David Miller
> Sent: Saturday, September 1, 2018 6:31 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com
> Subject: Re: [PATCH net-next v2] net/tls: Add support for asyn
> -Original Message-
> From: netdev-ow...@vger.kernel.org On
> Behalf Of Sabrina Dubroca
> Sent: Wednesday, September 5, 2018 6:52 PM
> To: netdev@vger.kernel.org
> Cc: Sabrina Dubroca ; Boris Pismenny
> ; Ilya Lesokhin ; Aviad
> Yehezkel ; Dave Watson
> Subject: [PATCH net 3/3] tls:
() with 'sg_encrypted_num_elem = 0' and later causes
kernel crash. To fix this, set the number of SG elements to the number
of elements in plaintext/encrypted SG arrays in case sk_alloc_sg()
returns -ENOSPC.
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Vakul Garg
---
Changes since v1:
In tls_sw_sendmsg() and tls_sw_sendpage(), the variable 'ret' has
been set to return value of tls_complete_pending_work(). This allows
return of proper error code if tls_complete_pending_work() fails.
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Vakul Garg
---
net/tl
() with 'sg_encrypted_num_elem = 0' and later causes
kernel crash. To fix this, set the number of SG elements to the number
of elements in plaintext/encrypted SG arrays in case sk_alloc_sg()
returns -ENOSPC.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/net/tls
The variable 'decrypted' in 'struct tls_sw_context_rx' is redundant and
is being set/unset without purpose. Simplified the code by removing it.
Signed-off-by: Vakul Garg
---
include/net/tls.h | 1 -
net/tls/tls_sw.c | 87 ---
2 files changed
From: Boris Pismenny [mailto:bor...@mellanox.com]
> Sent: Thursday, July 12, 2018 4:11 PM
> To: Vakul Garg ; da...@davemloft.net;
> davejwat...@fb.com; netdev@vger.kernel.org
> Cc: avia...@mellanox.com
> Subject: Re: [PATCH net-next] net/tls: Removed redundant variable from
> 'struct tls_sw_
as tls_do_decryption() is invoked from user processes only. This
patch cleans these up.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 4
1 file changed, 4 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index a184c70ee0ac..a53fdcc33e31 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls
On receipt of a complete tls record, use socket's saved data_ready
callback instead of state_change callback.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index d31dc2487488..a184c70ee0ac
Zero-copy mode was left enabled even when zerocopy_from_iter() failed.
Set the zero-copy mode only when zerocopy_from_iter() succeeds.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org [mailto:linux-crypto-
> ow...@vger.kernel.org] On Behalf Of Atul Gupta
> Sent: Tuesday, March 6, 2018 9:05 PM
> To: davejwat...@fb.com; da...@davemloft.net;
> herb...@gondor.apana.org.au
> Cc: linux-cry...@vger.kernel.org;
Calling skb_unclone() is expensive as it triggers a memcpy operation.
Instead of calling skb_unclone() unconditionally, call it only when skb
has a shared frag_list. This improves tls rx throughout significantly.
Signed-off-by: Vakul Garg
Suggested-by: Boris Pismenny
---
net/strparser
copy is
used (i.e. plaintext data is not copied), inplace_crypto is set to '0'.
Signed-off-by: Vakul Garg
---
include/net/tls.h | 1 +
net/tls/tls_sw.c | 91 ---
2 files changed, 74 insertions(+), 18 deletions(-)
diff --git a/include/net/tls
sing macros, accessory
functions for CLOSED records have been retained.
Signed-off-by: Vakul Garg
---
Changes since v1: Addressed Dave Miller's comments.
- Removed an extra space between 'inline' and 'bool' in
'is_tx_ready' declaration.
- Changed order of variable declarat
> -Original Message-
> From: David Miller
> Sent: Thursday, September 20, 2018 11:49 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> Subject: Re: [PATCH net-next] net/tls:
sing macros, accessory
functions for CLOSED records have been retained.
Signed-off-by: Vakul Garg
---
include/net/tls.h | 70 +--
net/tls/tls_main.c | 54 ++---
net/tls/tls_sw.c | 569 -
3 files changed, 515 insertions(+), 178 delet
t_tx' to
'tx_list'. This is because now, the some of the records at the tail are
not ready to transmit.
Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption")
Signed-off-by: Vakul Garg
---
include/net/tls.h | 16 ---
net/tls/tls_main.c | 4 +--
net/tls/t
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index bcb24c498b84..102d84bdb2ab 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -709,7 +709,7 @@ int tls_sw_sendmsg(struct sock *sk, str
has been modified to skip first
index as it points to aad_space.
Signed-off-by: Vakul Garg
---
include/net/tls.h | 6 ++--
net/tls/tls_sw.c | 92 ++-
2 files changed, 45 insertions(+), 53 deletions(-)
diff --git a/include/net/tls.h b/include
up of plaintext data to the time
when the record is picked up from tx_list and transmitted/freed. When
tls_tx_records() gets called, socket is already locked and thus there is
no concurrent access problem.
Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption")
Signed-off-by:
> -Original Message-
> From: David Miller
> Sent: Tuesday, September 25, 2018 11:14 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> Subject: Re: [PATCH net-next] tls: Fix socket
1 - 100 of 104 matches
Mail list logo