queue-5.1/net-tls-fix-state-removal-with-feature-flags-off.patch

   1 From foo@baz Fri 31 May 2019 03:16:39 PM PDT
   2 From: Jakub Kicinski <jakub.kicinski@netronome.com>
   3 Date: Tue, 21 May 2019 19:02:01 -0700
   4 Subject: net/tls: fix state removal with feature flags off
   5
   6 From: Jakub Kicinski <jakub.kicinski@netronome.com>
   7
   8 [ Upstream commit 3686637e507b48525fcea6fb91e1988bdbc14530 ]
   9
  10 TLS offload drivers shouldn't (and currently don't) block
  11 the TLS offload feature changes based on whether there are
  12 active offloaded connections or not.
  13
  14 This seems to be a good idea, because we want the admin to
  15 be able to disable the TLS offload at any time, and there
  16 is no clean way of disabling it for active connections
  17 (TX side is quite problematic).  So if features are cleared
  18 existing connections will stay offloaded until they close,
  19 and new connections will not attempt offload to a given
  20 device.
  21
  22 However, the offload state removal handling is currently
  23 broken if feature flags get cleared while there are
  24 active TLS offloads.
  25
  26 RX side will completely bail from cleanup, even on normal
  27 remove path, leaving device state dangling, potentially
  28 causing issues when the 5-tuple is reused.  It will also
  29 fail to release the netdev reference.
  30
  31 Remove the RX-side warning message, in next release cycle
  32 it should be printed when features are disabled, rather
  33 than when connection dies, but for that we need a more
  34 efficient method of finding connection of a given netdev
  35 (a'la BPF offload code).
  36
  37 Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
  38 Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
  39 Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
  40 Signed-off-by: David S. Miller <davem@davemloft.net>
  41 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  42 ---
  43  net/tls/tls_device.c |    6 ------
  44  1 file changed, 6 deletions(-)
  45
  46 --- a/net/tls/tls_device.c
  47 +++ b/net/tls/tls_device.c
  48 @@ -943,12 +943,6 @@ void tls_device_offload_cleanup_rx(struc
  49         if (!netdev)
  50                 goto out;
  51
  52 -       if (!(netdev->features & NETIF_F_HW_TLS_RX)) {
  53 -               pr_err_ratelimited("%s: device is missing NETIF_F_HW_TLS_RX cap\n",
  54 -                                  __func__);
  55 -               goto out;
  56 -       }
  57 -
  58         netdev->tlsdev_ops->tls_dev_del(netdev, tls_ctx,
  59                                         TLS_OFFLOAD_CTX_DIR_RX);
  60