5.15-stable patches

added patches:
	net-tls-fix-async-vs-nic-crypto-offload.patch
	revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch

diff --git a/queue-5.15/net-tls-fix-async-vs-nic-crypto-offload.patch b/queue-5.15/net-tls-fix-async-vs-nic-crypto-offload.patch
new file mode 100644 (file)
index 0000000..2a4f8f4
--- /dev/null
+++ b/queue-5.15/net-tls-fix-async-vs-nic-crypto-offload.patch
@@ -0,0 +1,43 @@
+From c706b2b5ed74d30436b85cbd8e63e969f6b5873a Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 25 Apr 2022 16:33:09 -0700
+Subject: net: tls: fix async vs NIC crypto offload
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit c706b2b5ed74d30436b85cbd8e63e969f6b5873a upstream.
+
+When NIC takes care of crypto (or the record has already
+been decrypted) we forget to update darg->async. ->async
+is supposed to mean whether record is async capable on
+input and whether record has been queued for async crypto
+on output.
+
+Reported-by: Gal Pressman <gal@nvidia.com>
+Fixes: 3547a1f9d988 ("tls: rx: use async as an in-out argument")
+Tested-by: Gal Pressman <gal@nvidia.com>
+Link: https://lore.kernel.org/r/20220425233309.344858-1-kuba@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tls/tls_sw.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -1568,6 +1568,7 @@ static int decrypt_skb_update(struct soc
+ 
+       if (tlm->decrypted) {
+               darg->zc = false;
++              darg->async = false;
+               return 0;
+       }
+ 
+@@ -1578,6 +1579,7 @@ static int decrypt_skb_update(struct soc
+               if (err > 0) {
+                       tlm->decrypted = 1;
+                       darg->zc = false;
++                      darg->async = false;
+                       goto decrypt_done;
+               }
+       }

diff --git a/queue-5.15/revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch b/queue-5.15/revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch
new file mode 100644 (file)
index 0000000..7f0803c
--- /dev/null
+++ b/queue-5.15/revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch
@@ -0,0 +1,59 @@
+From a069a90554168ac4cc81af65f000557d2a8a0745 Mon Sep 17 00:00:00 2001
+From: Gal Pressman <gal@nvidia.com>
+Date: Tue, 5 Jul 2022 14:08:37 +0300
+Subject: Revert "tls: rx: move counting TlsDecryptErrors for sync"
+
+From: Gal Pressman <gal@nvidia.com>
+
+commit a069a90554168ac4cc81af65f000557d2a8a0745 upstream.
+
+This reverts commit 284b4d93daee56dff3e10029ddf2e03227f50dbf.
+When using TLS device offload and coming from tls_device_reencrypt()
+flow, -EBADMSG error in tls_do_decryption() should not be counted
+towards the TLSTlsDecryptError counter.
+
+Move the counter increase back to the decrypt_internal() call site in
+decrypt_skb_update().
+This also fixes an issue where:
+       if (n_sgin < 1)
+               return -EBADMSG;
+
+Errors in decrypt_internal() were not counted after the cited patch.
+
+Fixes: 284b4d93daee ("tls: rx: move counting TlsDecryptErrors for sync")
+Cc: Jakub Kicinski <kuba@kernel.org>
+Reviewed-by: Maxim Mikityanskiy <maximmi@nvidia.com>
+Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
+Signed-off-by: Gal Pressman <gal@nvidia.com>
+Reviewed-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tls/tls_sw.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -278,9 +278,6 @@ static int tls_do_decryption(struct sock
+       }
+       darg->async = false;
+ 
+-      if (ret == -EBADMSG)
+-              TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
+-
+       return ret;
+ }
+ 
+@@ -1585,8 +1582,11 @@ static int decrypt_skb_update(struct soc
+       }
+ 
+       err = decrypt_internal(sk, skb, dest, NULL, darg);
+-      if (err < 0)
++      if (err < 0) {
++              if (err == -EBADMSG)
++                      TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
+               return err;
++      }
+       if (darg->async)
+               goto decrypt_next;
+ 

diff --git a/queue-5.15/series b/queue-5.15/series
index 17af970ba0526f5162dea80738f933175d922726..b0e6cdfec4a98a1c4459c5e30c713b54d4c6082a 100644 (file)
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -80,3 +80,5 @@ revert-interconnect-teach-lockdep-about-icc_bw_lock-order.patch
 bpf-add-bpf_fib_lookup_skip_neigh-for-bpf_fib_lookup.patch
 bpf-add-table-id-to-bpf_fib_lookup-bpf-helper.patch
 bpf-derive-source-ip-addr-via-bpf_-_fib_lookup.patch
+net-tls-fix-async-vs-nic-crypto-offload.patch
+revert-tls-rx-move-counting-tlsdecrypterrors-for-sync.patch