git: d958bc7963d4 - main - ktls: Try to enable TOE TLS after marking existing data not ready.

Mon, 31 Jan 2022 16:44:51 -0800 

The branch main has been updated by jhb:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=d958bc7963d415d6745abf3e6829f05dabf4c9ed

commit d958bc7963d415d6745abf3e6829f05dabf4c9ed
Author:     John Baldwin <j...@freebsd.org>
AuthorDate: 2022-02-01 00:39:21 +0000
Commit:     John Baldwin <j...@freebsd.org>
CommitDate: 2022-02-01 00:39:21 +0000

    ktls: Try to enable TOE TLS after marking existing data not ready.
    
    At the moment this is mostly a no-op but in the future there will be
    in-flight encrypted data which requires software decryption.  This
    same setup is also needed for NIC TLS RX.
    
    Note that this does break TOE TLS RX for AES-CBC ciphers since there
    is no software fallback for AES-CBC receive.  This will be resolved
    one way or another before 14.0 is released.
    
    Reviewed by:    hselasky
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D34082
---
 sys/kern/uipc_ktls.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index 620536f28b34..b3235e8a1e0c 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -1195,12 +1195,6 @@ ktls_enable_rx(struct socket *so, struct tls_enable *en)
                return (error);
        }
 
-#ifdef TCP_OFFLOAD
-       error = ktls_try_toe(so, tls, KTLS_RX);
-       if (error)
-#endif
-               ktls_use_sw(tls);
-
        /* Mark the socket as using TLS offload. */
        SOCKBUF_LOCK(&so->so_rcv);
        so->so_rcv.sb_tls_seqno = be64dec(en->rec_seq);
@@ -1208,12 +1202,16 @@ ktls_enable_rx(struct socket *so, struct tls_enable *en)
        so->so_rcv.sb_flags |= SB_TLS_RX;
 
        /* Mark existing data as not ready until it can be decrypted. */
-       if (tls->mode != TCP_TLS_MODE_TOE) {
-               sb_mark_notready(&so->so_rcv);
-               ktls_check_rx(&so->so_rcv);
-       }
+       sb_mark_notready(&so->so_rcv);
+       ktls_check_rx(&so->so_rcv);
        SOCKBUF_UNLOCK(&so->so_rcv);
 
+#ifdef TCP_OFFLOAD
+       error = ktls_try_toe(so, tls, KTLS_RX);
+       if (error)
+#endif
+               ktls_use_sw(tls);
+
        counter_u64_add(ktls_offload_total, 1);
 
        return (0);

Reply via email to