]>
Commit | Line | Data |
---|---|---|
ffc20820 GKH |
1 | From foo@baz Fri 31 May 2019 03:16:39 PM PDT |
2 | From: Jakub Kicinski <jakub.kicinski@netronome.com> | |
3 | Date: Tue, 21 May 2019 19:02:01 -0700 | |
4 | Subject: net/tls: fix state removal with feature flags off | |
5 | ||
6 | From: Jakub Kicinski <jakub.kicinski@netronome.com> | |
7 | ||
8 | [ Upstream commit 3686637e507b48525fcea6fb91e1988bdbc14530 ] | |
9 | ||
10 | TLS offload drivers shouldn't (and currently don't) block | |
11 | the TLS offload feature changes based on whether there are | |
12 | active offloaded connections or not. | |
13 | ||
14 | This seems to be a good idea, because we want the admin to | |
15 | be able to disable the TLS offload at any time, and there | |
16 | is no clean way of disabling it for active connections | |
17 | (TX side is quite problematic). So if features are cleared | |
18 | existing connections will stay offloaded until they close, | |
19 | and new connections will not attempt offload to a given | |
20 | device. | |
21 | ||
22 | However, the offload state removal handling is currently | |
23 | broken if feature flags get cleared while there are | |
24 | active TLS offloads. | |
25 | ||
26 | RX side will completely bail from cleanup, even on normal | |
27 | remove path, leaving device state dangling, potentially | |
28 | causing issues when the 5-tuple is reused. It will also | |
29 | fail to release the netdev reference. | |
30 | ||
31 | Remove the RX-side warning message, in next release cycle | |
32 | it should be printed when features are disabled, rather | |
33 | than when connection dies, but for that we need a more | |
34 | efficient method of finding connection of a given netdev | |
35 | (a'la BPF offload code). | |
36 | ||
37 | Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload") | |
38 | Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> | |
39 | Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> | |
40 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
41 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
42 | --- | |
43 | net/tls/tls_device.c | 6 ------ | |
44 | 1 file changed, 6 deletions(-) | |
45 | ||
46 | --- a/net/tls/tls_device.c | |
47 | +++ b/net/tls/tls_device.c | |
cd010321 | 48 | @@ -943,12 +943,6 @@ void tls_device_offload_cleanup_rx(struc |
ffc20820 GKH |
49 | if (!netdev) |
50 | goto out; | |
51 | ||
52 | - if (!(netdev->features & NETIF_F_HW_TLS_RX)) { | |
53 | - pr_err_ratelimited("%s: device is missing NETIF_F_HW_TLS_RX cap\n", | |
54 | - __func__); | |
55 | - goto out; | |
56 | - } | |
57 | - | |
58 | netdev->tlsdev_ops->tls_dev_del(netdev, tls_ctx, | |
59 | TLS_OFFLOAD_CTX_DIR_RX); | |
60 |