--- /dev/null
+From c706b2b5ed74d30436b85cbd8e63e969f6b5873a Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 25 Apr 2022 16:33:09 -0700
+Subject: net: tls: fix async vs NIC crypto offload
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit c706b2b5ed74d30436b85cbd8e63e969f6b5873a upstream.
+
+When NIC takes care of crypto (or the record has already
+been decrypted) we forget to update darg->async. ->async
+is supposed to mean whether record is async capable on
+input and whether record has been queued for async crypto
+on output.
+
+Reported-by: Gal Pressman <gal@nvidia.com>
+Fixes: 3547a1f9d988 ("tls: rx: use async as an in-out argument")
+Tested-by: Gal Pressman <gal@nvidia.com>
+Link: https://lore.kernel.org/r/20220425233309.344858-1-kuba@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tls/tls_sw.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -1568,6 +1568,7 @@ static int decrypt_skb_update(struct soc
+
+ if (tlm->decrypted) {
+ darg->zc = false;
++ darg->async = false;
+ return 0;
+ }
+
+@@ -1578,6 +1579,7 @@ static int decrypt_skb_update(struct soc
+ if (err > 0) {
+ tlm->decrypted = 1;
+ darg->zc = false;
++ darg->async = false;
+ goto decrypt_done;
+ }
+ }
--- /dev/null
+From a069a90554168ac4cc81af65f000557d2a8a0745 Mon Sep 17 00:00:00 2001
+From: Gal Pressman <gal@nvidia.com>
+Date: Tue, 5 Jul 2022 14:08:37 +0300
+Subject: Revert "tls: rx: move counting TlsDecryptErrors for sync"
+
+From: Gal Pressman <gal@nvidia.com>
+
+commit a069a90554168ac4cc81af65f000557d2a8a0745 upstream.
+
+This reverts commit 284b4d93daee56dff3e10029ddf2e03227f50dbf.
+When using TLS device offload and coming from tls_device_reencrypt()
+flow, -EBADMSG error in tls_do_decryption() should not be counted
+towards the TLSTlsDecryptError counter.
+
+Move the counter increase back to the decrypt_internal() call site in
+decrypt_skb_update().
+This also fixes an issue where:
+ if (n_sgin < 1)
+ return -EBADMSG;
+
+Errors in decrypt_internal() were not counted after the cited patch.
+
+Fixes: 284b4d93daee ("tls: rx: move counting TlsDecryptErrors for sync")
+Cc: Jakub Kicinski <kuba@kernel.org>
+Reviewed-by: Maxim Mikityanskiy <maximmi@nvidia.com>
+Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
+Signed-off-by: Gal Pressman <gal@nvidia.com>
+Reviewed-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tls/tls_sw.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -278,9 +278,6 @@ static int tls_do_decryption(struct sock
+ }
+ darg->async = false;
+
+- if (ret == -EBADMSG)
+- TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
+-
+ return ret;
+ }
+
+@@ -1585,8 +1582,11 @@ static int decrypt_skb_update(struct soc
+ }
+
+ err = decrypt_internal(sk, skb, dest, NULL, darg);
+- if (err < 0)
++ if (err < 0) {
++ if (err == -EBADMSG)
++ TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
+ return err;
++ }
+ if (darg->async)
+ goto decrypt_next;
+