git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Shahar Shitrit <shshitrit@nvidia.com>
	Sun, 26 Oct 2025 20:03:02 +0000 (22:03 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 1 Dec 2025 10:46:04 +0000 (11:46 +0100)
commit	2df89d7976190369fa505ab5a579bb58e1754619
tree	a54165b5e7833bcb1b8a27e092ccb4925625fa10	tree \| snapshot
parent	ede502101fc5da22264648e7c74bc338b72e7a53	commit \| diff

net: tls: Cancel RX async resync request on rcd_delta overflow

[ Upstream commit c15d5c62ab313c19121f10e25d4fec852bd1c40c ]

When a netdev issues a RX async resync request for a TLS connection,
the TLS module handles it by logging record headers and attempting to
match them to the tcp_sn provided by the device. If a match is found,
the TLS module approves the tcp_sn for resynchronization.

While waiting for a device response, the TLS module also increments
rcd_delta each time a new TLS record is received, tracking the distance
from the original resync request.

However, if the device response is delayed or fails (e.g due to
unstable connection and device getting out of tracking, hardware
errors, resource exhaustion etc.), the TLS module keeps logging and
incrementing, which can lead to a WARN() when rcd_delta exceeds the
threshold.

To address this, introduce tls_offload_rx_resync_async_request_cancel()
to explicitly cancel resync requests when a device response failure is
detected. Call this helper also as a final safeguard when rcd_delta
crosses its threshold, as reaching this point implies that earlier
cancellation did not occur.

Signed-off-by: Shahar Shitrit <shshitrit@nvidia.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://patch.msgid.link/1761508983-937977-3-git-send-email-tariqt@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/net/tls.h		diff \| blob \| blame \| history
net/tls/tls_device.c		diff \| blob \| blame \| history