** Description changed: [IMPACT] Clearing the sock TX queue in sk_set_socket() might cause unexpected out-of-order transmit when called from sock_orphan(), as outstanding packets can pick a different TX queue and bypass the ones already queued. This is undesired in general. More specifically, it breaks the in-order scheduling property guarantee for device-offloaded TLS sockets. Remove the call to sk_tx_queue_clear() in sk_set_socket(), and add it explicitly only where needed. - [FIXES] e022f0b4a03f "net: Introduce sk_tx_queue_mapping" This cleanly cherry picks into 5.4 from 5.8. It can be checked out in my branch here: https://git.launchpad.net/~bladernr/ubuntu/+source/linux/+git/focal 1889625-mxl-ktls-bugfix [REGRESSION RISK] - + low! [TEST] + reproducing the bug is not trivial. in general terms: + nic: ConnectX6-dx with crypto enabled + send intense encrypted tcp traffic with tls offload between many clients and one server. + * clients may run on the same machine. + * clients continuously opens and closes connection to server + + at some point decryption errores might arise on some of the clients.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1889625 Title: Bug fix for ktls feature Status in linux package in Ubuntu: In Progress Status in linux source package in Focal: In Progress Bug description: [IMPACT] Clearing the sock TX queue in sk_set_socket() might cause unexpected out-of-order transmit when called from sock_orphan(), as outstanding packets can pick a different TX queue and bypass the ones already queued. This is undesired in general. More specifically, it breaks the in-order scheduling property guarantee for device-offloaded TLS sockets. Remove the call to sk_tx_queue_clear() in sk_set_socket(), and add it explicitly only where needed. [FIXES] e022f0b4a03f "net: Introduce sk_tx_queue_mapping" This cleanly cherry picks into 5.4 from 5.8. It can be checked out in my branch here: https://git.launchpad.net/~bladernr/ubuntu/+source/linux/+git/focal 1889625-mxl-ktls-bugfix [REGRESSION RISK] low! [TEST] reproducing the bug is not trivial. in general terms: nic: ConnectX6-dx with crypto enabled send intense encrypted tcp traffic with tls offload between many clients and one server. * clients may run on the same machine. * clients continuously opens and closes connection to server at some point decryption errores might arise on some of the clients. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1889625/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
