From: Boris Pismenny <bor...@mellanox.com>
In driver request resync, the hardware requests a resynchronization
request at some TCP sequence number. If that TCP sequence number does
not point to a TLS record header, then the resync attempt has failed.
Failed resync should reset the resync request to avoid spurious resyncs
after the TCP sequence number has wrapped around.
Fix this by resetting the resync request when the TLS record header
sequence number is not before the requested sequence number.
As a result, drivers may be called with a sequence number that is not
equal to the requested sequence number.
Fixes: f953d33ba122 ("net/tls: add kernel-driven TLS RX resync")
Signed-off-by: Boris Pismenny <bor...@mellanox.com>
Signed-off-by: Tariq Toukan <tar...@mellanox.com>
Reviewed-by: Saeed Mahameed <sae...@mellanox.com>
---
net/tls/tls_device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index a562ebaaa33c..cbb13001b4a9 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -714,7 +714,7 @@ void tls_device_rx_resync_new_rec(struct sock *sk, u32
rcd_len, u32 seq)
seq += TLS_HEADER_SIZE - 1;
is_req_pending = resync_req;
- if (likely(!is_req_pending) || req_seq != seq ||
+ if (likely(!is_req_pending) || before(seq, req_seq) ||
!atomic64_try_cmpxchg(&rx_ctx->resync_req, &resync_req, 0))
return;
break;
--
2.21.0
