> -Original Message-
> From: Florian Westphal
> Sent: Wednesday, August 21, 2019 9:42 PM
> To: Vakul Garg
> Cc: Florian Westphal ; netdev@vger.kernel.org
> Subject: Re: Help needed - Kernel lockup while running ipsec
>
> Vakul Garg wrote:
> > > Polic
> -Original Message-
> From: Vakul Garg
> Sent: Tuesday, August 20, 2019 4:08 PM
> To: Florian Westphal
> Cc: netdev@vger.kernel.org
> Subject: RE: Help needed - Kernel lockup while running ipsec
>
>
>
> >
> > > -Original Message
>
> > -Original Message-
> > From: Florian Westphal
> > Sent: Tuesday, August 20, 2019 3:08 PM
> > To: Vakul Garg
> > Cc: Florian Westphal ; netdev@vger.kernel.org
> > Subject: Re: Help needed - Kernel lockup while
> -Original Message-
> From: Florian Westphal
> Sent: Tuesday, August 20, 2019 3:08 PM
> To: Vakul Garg
> Cc: Florian Westphal ; netdev@vger.kernel.org
> Subject: Re: Help needed - Kernel lockup while running ipsec
>
> Vakul Garg wrote:
> >
&
> > -Original Message-
> > From: Florian Westphal
> > Sent: Tuesday, August 20, 2019 2:53 PM
> > To: Vakul Garg
> > Cc: Florian Westphal ; netdev@vger.kernel.org
> > Subject: Re: Help needed - Kernel lockup while running ipsec
> >
> > V
> -Original Message-
> From: Florian Westphal
> Sent: Tuesday, August 20, 2019 2:53 PM
> To: Vakul Garg
> Cc: Florian Westphal ; netdev@vger.kernel.org
> Subject: Re: Help needed - Kernel lockup while running ipsec
>
> Vakul Garg wrote:
> > > >
Thanks for your response.
> -Original Message-
> From: Florian Westphal
> Sent: Monday, August 19, 2019 11:08 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org
> Subject: Re: Help needed - Kernel lockup while running ipsec
>
> Vakul Garg wrote:
> > Hi
&
Hi
With kernel 4.14.122, I am getting a kernel softlockup while running single
static ipsec tunnel.
The problem reproduces mostly after running 8-10 hours of ipsec encap test (on
my dual core arm board).
I found that in function xfrm_policy_lookup_bytype(), the policy in variable
'ret' shows r
> -Original Message-
> From: Steffen Klassert
> Sent: Friday, May 3, 2019 12:16 PM
> To: Vakul Garg
> Cc: Florian Westphal ; netdev@vger.kernel.org
> Subject: Re: [RFC HACK] xfrm: make state refcounting percpu
>
> On Fri, May 03, 2019 at 06:34:29AM
> -Original Message-
> From: Steffen Klassert
> Sent: Friday, May 3, 2019 11:52 AM
> To: Vakul Garg
> Cc: Florian Westphal ; netdev@vger.kernel.org
> Subject: Re: [RFC HACK] xfrm: make state refcounting percpu
>
> On Fri, May 03, 2019 at 06:13:22AM
> -Original Message-
> From: Steffen Klassert
> Sent: Friday, May 3, 2019 11:38 AM
> To: Florian Westphal
> Cc: Vakul Garg ; netdev@vger.kernel.org
> Subject: Re: [RFC HACK] xfrm: make state refcounting percpu
>
> On Wed, Apr 24, 2019 at 12:40:23PM +0200
> -Original Message-
> From: David Miller
> Sent: Tuesday, April 23, 2019 10:57 PM
> To: f...@strlen.de
> Cc: Vakul Garg ; netdev@vger.kernel.org
> Subject: Re: ipsec tunnel performance degrade
>
> From: Florian Westphal
> Date: Tue, 23 Apr 2019 18:25
> -Original Message-
> From: Florian Westphal
> Sent: Tuesday, April 23, 2019 11:27 AM
> To: Vakul Garg
> Cc: Florian Westphal ; netdev@vger.kernel.org
> Subject: Re: ipsec tunnel performance degrade
>
> Vakul Garg wrote:
> > > Do you use xfrm interf
> -Original Message-
> From: Florian Westphal
> Sent: Monday, April 22, 2019 11:16 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org
> Subject: Re: ipsec tunnel performance degrade
>
> Vakul Garg wrote:
> > Post kernel 4.9, I am experiencing
Hi
Post kernel 4.9, I am experiencing more than 50% degrade in ipsec performance
on my arm64 based systems (with onchip crypto accelerator).
(We use only lts kernels). My understanding is that it is mainly due to xfrm
flow cache removal in version 4.12.
I am not sure whether any subsequent work
To free the skb in normal course of processing, consume_skb() should be
used. Only for failure paths, skb_free() is intended to be used.
https://www.kernel.org/doc/htmldocs/networking/API-consume-skb.html
Signed-off-by: Vakul Garg
---
v1 -> v2:
Reverted consume_skb() to kfree_skb()
To free the skb in normal course of processing, consume_skb() should be
used. Only for failure paths, skb_free() is intended to be used.
https://www.kernel.org/doc/htmldocs/networking/API-consume-skb.html
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 8
1 file changed, 4 insertions
'2'. Further, CCM implementation in kernel
requires IV passed in crypto_aead_request() to be full '16' bytes.
Therefore, the record structure 'struct tls_rec' has been modified to
reserve '16' bytes for IV. This works for both GCM and CCM based cipher.
Sign
> -Original Message-
> From: Boris Pismenny
> Sent: Tuesday, March 19, 2019 10:36 PM
> To: Vakul Garg ; netdev@vger.kernel.org
> Cc: Aviad Yehezkel ; davejwat...@fb.com;
> da...@davemloft.net; doro...@fb.com
> Subject: Re: [PATCH net-next] net/tls: Add suppor
'2'. Further, CCM implementation in kernel
requires IV passed in crypto_aead_request() to be full '16' bytes.
Therefore, the record structure 'struct tls_rec' has been modified to
reserve '16' bytes for IV. This works for both GCM and CCM based cipher.
Sig
ould be
called from tls_write_space. So whenever tcp stack invokes
sk->sk_write_space after freeing socket send buffer, we always declare
the same to user space by the way of invoking ctx->sk_write_space.
Fixes: 7463d3a2db0ef ("tls: Fix write space handling")
Signed-off-by: Vakul Garg
Review
db0ef ("tls: Fix write space handling")
Signed-off-by: Vakul Garg
---
net/tls/tls_main.c | 1 -
net/tls/tls_sw.c | 2 ++
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 17e8667917aa..1d16562f86ed 100644
--- a/net/tls/tls_mai
> -Original Message-
> From: Boris Pismenny
> Sent: Monday, March 11, 2019 9:29 PM
> To: Vakul Garg ; Aviad Yehezkel
> ; davejwat...@fb.com;
> john.fastab...@gmail.com; dan...@iogearbox.net; netdev@vger.kernel.org
> Cc: Eran Ben Elisha
> Subject: Re: [PATCH
> -Original Message-
> From: Boris Pismenny
> Sent: Tuesday, February 26, 2019 7:43 PM
> To: Vakul Garg ; Aviad Yehezkel
> ; davejwat...@fb.com;
> john.fastab...@gmail.com; dan...@iogearbox.net; netdev@vger.kernel.org
> Cc: Eran Ben Elisha
> Subject: Re: [PATCH
Hi
The present interface of kernel tls with user space has few shortcomings.
The biggest one is that when we need to add a ciphersuite in kernel tls, then
we need to define new structures for passing cryptographic parameters required
by record layer.
And the user space ssl stack also has to be
> -Original Message-
> From: Boris Pismenny
> Sent: Wednesday, February 27, 2019 8:54 PM
> To: Vakul Garg ; Dave Watson
>
> Cc: Aviad Yehezkel ; john.fastab...@gmail.com;
> dan...@iogearbox.net; netdev@vger.kernel.org; Eran Ben Elisha
>
> Subject: R
> -Original Message-
> From: Dave Watson
> Sent: Wednesday, February 27, 2019 2:05 AM
> To: Boris Pismenny
> Cc: avia...@mellanox.com; john.fastab...@gmail.com;
> dan...@iogearbox.net; Vakul Garg ;
> netdev@vger.kernel.org; era...@mellanox.com
> Subject: Re:
> -Original Message-
> From: Boris Pismenny
> Sent: Tuesday, February 26, 2019 5:43 PM
> To: avia...@mellanox.com; davejwat...@fb.com;
> john.fastab...@gmail.com; dan...@iogearbox.net; Vakul Garg
> ; netdev@vger.kernel.org
> Cc: era...@mellanox.com; bor...@m
> -Original Message-
> From: Boris Pismenny
> Sent: Tuesday, February 26, 2019 5:43 PM
> To: avia...@mellanox.com; davejwat...@fb.com;
> john.fastab...@gmail.com; dan...@iogearbox.net; Vakul Garg
> ; netdev@vger.kernel.org
> Cc: era...@mellanox.com; bor...@m
> -Original Message-
> From: Boris Pismenny
> Sent: Tuesday, February 26, 2019 5:43 PM
> To: avia...@mellanox.com; davejwat...@fb.com;
> john.fastab...@gmail.com; dan...@iogearbox.net; Vakul Garg
> ; netdev@vger.kernel.org
> Cc: era...@mellanox.com; bor...@m
> -Original Message-
> From: Boris Pismenny
> Sent: Tuesday, February 26, 2019 5:43 PM
> To: avia...@mellanox.com; davejwat...@fb.com;
> john.fastab...@gmail.com; dan...@iogearbox.net; Vakul Garg
> ; netdev@vger.kernel.org
> Cc: era...@mellanox.com; bor...@m
> -Original Message-
> From: netdev-ow...@vger.kernel.org On
> Behalf Of David Miller
> Sent: Monday, February 25, 2019 11:29 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> S
> -Original Message-
> From: Hayakawa Yutaro
> Sent: Sunday, February 24, 2019 11:01 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org
> Subject: Re: kTLS getsockopt TLS_RX support
>
>
> > 2019/02/24 10:50、Vakul Garg のメール:
> >
> >
> >
&
> -Original Message-
> From: netdev-ow...@vger.kernel.org On
> Behalf Of Hayakawa Yutaro
> Sent: Saturday, February 23, 2019 10:59 PM
> To: netdev@vger.kernel.org
> Subject: kTLS getsockopt TLS_RX support
>
> Hello,
>
> While trying the kTLS, I found out that currently, there is no su
x_list is
left there without consuming any data.
Fixes: 692d7b5d1f912 ("tls: Fix recvmsg() to be able to peek across
multiple records")
Signed-off-by: Vakul Garg
---
Changes in v2:
- Modified 'Fixed:' line to use full commit header line.
Changes in v3:
- Adde
x_list is
left there without consuming any data.
Fixes: 692d7b5d1f912 ("tls: Fix recvmsg() to be able to peek across
multiple records)
Signed-off-by: Vakul Garg
---
Changes in v2:
- Modified 'Fixed:' line to use full commit
Test case 'control_msg' has been updated to peek non-data record and
then verify the type of record received. Subsequently, the same record
is retrieved without MSG_PEEK flag in recvmsg().
Signed-off-by: Vakul Garg
---
tools/testing/selftests/net/tls.c | 14 ++
1 file c
x_list is
left there without consuming any data.
Fixes: 692d7b5d1f912 ("tls: Fix recvmsg() to be able to peek across...)
Signed-off-by: Vakul Garg
---
include/net/tls.h | 10 +++
net/tls/tls_sw.c | 78 +++
2 files changed, 77 insertions(+
> -Original Message-
> From: David Miller
> Sent: Sunday, February 17, 2019 7:45 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> Subject: Re: [PATCH net-next] net/tls: Move pr
from 'struct cipher_context' to 'struct
tls_prot_info' and stored only once in 'struct tls_context'.
Signed-off-by: Vakul Garg
---
include/net/tls.h| 46 +-
net/tls/tls_device.c | 24 ---
net/tls/tls_main.c | 17 +++
s 1.3 support")
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 18 --
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index fe8c287cbaa1..ae4784734547 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1645,10 +1645
hat
ktls has already submitted some records i(which are encrypted with new
keys) for decryption using old keys. This would lead to decrypt failure.
Therefore, async decryption of records should be disabled for tls1.3.
Fixes: 130b392c6cd6b ("net: tls: Add tls 1.3 support")
Signed-off-b
> -Original Message-
> From: David Miller
> Sent: Thursday, January 31, 2019 11:30 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> Subject: Re: [PATCH net-next] strparser: Retu
.
Signed-off-by: Vakul Garg
---
net/strparser/strparser.c | 13 -
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/net/strparser/strparser.c b/net/strparser/strparser.c
index da1a676860ca..38f8d8d8f4ad 100644
--- a/net/strparser/strparser.c
+++ b/net/strparser/strparser.c
ueued from 'rx_list' after the decrypted data is consumed
by copying into the buffer passed to recvmsg(). In case, the MSG_PEEK
flag is used in recvmsg(), then records are not consumed or removed
from the 'rx_list'.
Signed-off-by: Vakul Garg
---
Changes since v1:
1. Added c
vmsg().
Signed-off-by: Vakul Garg
---
tools/testing/selftests/net/tls.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/net/tls.c
b/tools/testing/selftests/net/tls.c
index fac68d710f35..ff68ed19c0ef 100644
--- a/tools/testing/selftests/net/t
ueued from 'rx_list' after the decrypted data is consumed
by copying into the buffer passed to recvmsg(). In case, the MSG_PEEK
flag is used in recvmsg(), then records are not consumed or removed
from the 'rx_list'.
Signed-off-by: Vak
G_MORE.
Signed-off-by: Vakul Garg
---
The patch is being resent since it net-next was closed when it was sent
earlier.
net/core/skmsg.c | 25 +
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index 26458876d763..f15393ab7fe1
G_MORE.
Signed-off-by: Vakul Garg
---
net/core/skmsg.c | 25 +
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index 26458876d763..f15393ab7fe1 100644
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -78,11 +78,9 @@ int sk_msg
> -Original Message-
> From: David Miller
> Sent: Friday, December 21, 2018 10:39 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> Subject: Re: [PATCH net-next] tls: Do not call
5f 54fff788 940169b1 f9000320 (b9400801)
[ 79.046283] ---[ end trace 74db007d069c1cf7 ]---
Signed-off-by: Vakul Garg
Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface")
---
net/core/skmsg.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/core/skmsg.c b/net/c
, do not call sk_msg_memcopy_from_iter()
when number of bytes to copy (indicated by 'try_to_copy') is zero.
Signed-off-by: Vakul Garg
Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface")
---
net/tls/tls_sw.c | 10 ++
1 file changed, 6 insertions(+), 4 dele
rec(). If zero-copy is
used (i.e. plaintext data is not copied), inplace_crypto is set to '0'.
Signed-off-by: Vakul Garg
---
include/net/tls.h | 1 +
net/tls/tls_sw.c | 91 ---
2 files changed, 74 insertions(+), 18 deletions(-)
dif
ntext_data has been modified to skip first
index as it points to aad_space.
Signed-off-by: Vakul Garg
---
include/net/tls.h | 6 ++--
net/tls/tls_sw.c | 92 ++-
2 files changed, 45 insertions(+), 53 deletions(-)
diff --git a/include/net/tls.h
> -Original Message-
> From: David Miller
> Sent: Wednesday, September 26, 2018 9:10 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> Subject: Re: [PATCH net-next] tls: Fix socket
> -Original Message-
> From: David Miller
> Sent: Tuesday, September 25, 2018 11:14 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> Subject: Re: [PATCH net-next] tls: Fix socket
free record in tx context is being freed inside the
function.
Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption")
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_
up of plaintext data to the time
when the record is picked up from tx_list and transmitted/freed. When
tls_tx_records() gets called, socket is already locked and thus there is
no concurrent access problem.
Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption")
Signed-off-by:
ort for async encryption")
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index bcb24c498b84..102d84bdb2ab 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -709,7 +709,7 @@ int
_ready_list in 'struct tls_sw_context_tx' to
'tx_list'. This is because now, the some of the records at the tail are
not ready to transmit.
Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption")
Signed-off-by: Vakul Garg
---
include/net/tls
_device.c is still using macros, accessory
functions for CLOSED records have been retained.
Signed-off-by: Vakul Garg
---
Changes since v1: Addressed Dave Miller's comments.
- Removed an extra space between 'inline' and 'bool' in
'is_tx_ready' de
> -Original Message-
> From: David Miller
> Sent: Thursday, September 20, 2018 11:49 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> Subject: Re: [PATCH net-next] net/tls:
_device.c is still using macros, accessory
functions for CLOSED records have been retained.
Signed-off-by: Vakul Garg
---
include/net/tls.h | 70 +--
net/tls/tls_main.c | 54 ++---
net/tls/tls_sw.c | 569 -
3 files changed, 515 inse
> -Original Message-
> From: netdev-ow...@vger.kernel.org On
> Behalf Of John Fastabend
> Sent: Saturday, September 15, 2018 1:32 AM
> To: Vakul Garg ; davejwat...@fb.com
> Cc: doro...@fb.com; netdev@vger.kernel.org;
> alexei.starovoi...@gmail.com; dan..
> -Original Message-
> From: John Fastabend
> Sent: Saturday, September 15, 2018 1:10 AM
> To: Vakul Garg ; netdev@vger.kernel.org
> Cc: bor...@mellanox.com; avia...@mellanox.com; davejwat...@fb.com;
> da...@davemloft.net
> Subject: Re: [PATCH net-next v2] net/tls:
In tls_sw_sendmsg() and tls_sw_sendpage(), the variable 'ret' has
been set to return value of tls_complete_pending_work(). This allows
return of proper error code if tls_complete_pending_work() fails.
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Vakul Garg
-
ord() with 'sg_encrypted_num_elem = 0' and later causes
kernel crash. To fix this, set the number of SG elements to the number
of elements in plaintext/encrypted SG arrays in case sk_alloc_sg()
returns -ENOSPC.
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Vakul Garg
---
Cha
> -Original Message-
> From: netdev-ow...@vger.kernel.org On
> Behalf Of Sabrina Dubroca
> Sent: Wednesday, September 5, 2018 6:52 PM
> To: netdev@vger.kernel.org
> Cc: Sabrina Dubroca ; Boris Pismenny
> ; Ilya Lesokhin ; Aviad
> Yehezkel ; Dave Watson
> Subject: [PATCH net 3/3] tls: z
ord() with 'sg_encrypted_num_elem = 0' and later causes
kernel crash. To fix this, set the number of SG elements to the number
of elements in plaintext/encrypted SG arrays in case sk_alloc_sg()
returns -ENOSPC.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 6 ++
1 file changed, 6 insertions(+)
> -Original Message-
> From: David Miller
> Sent: Saturday, September 1, 2018 6:31 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com
> Subject: Re: [PATCH net-next v2] net/tls: Add support for asyn
Added test case to receive multiple records with a single recvmsg()
operation with a MSG_PEEK set.
---
tools/testing/selftests/net/tls.c | 22 ++
1 file changed, 22 insertions(+)
diff --git a/tools/testing/selftests/net/tls.c
b/tools/testing/selftests/net/tls.c
index b3ebf264
the
sleeping user context when recvmsg() flags that it has done sending
all the decryption requests and there are no more decryption requests
pending to be completed.
Signed-off-by: Vakul Garg
Reviewed-by: Dave Watson
---
Changes since v1:
- Simplified recvmsg() so to drop reference to
> -Original Message-
> From: Dave Watson
> Sent: Saturday, August 18, 2018 3:43 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next v1] net/tls: Add support for asyn
the
sleeping user context when recvmsg() flags that it has done sending
all the decryption requests and there are no more decryption requests
pending to be completed.
Signed-off-by: Vakul Garg
---
Changes since RFC version:
1) Improved commit message.
2) Fixed dequeued record
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Wednesday, August 15, 2018 10:26 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next][RFC] net
requests and is waiting for all the async
operations to finish. Since the splice() operation does not use
zero-copy decryption, async remains disabled for splice().
Signed-off-by: Vakul Garg
---
include/net/tls.h | 6 +++
net/tls/tls_sw.c | 134
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Thursday, August 9, 2018 9:56 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next v2 1/1] net
separately kmalloced each, but it is inefficient.
This patch does a combined allocation for preparing decryption request
and then segments into aead_req || sgin || sgout || iv || aad.
Signed-off-by: Vakul Garg
---
Changes since v2:
- Rebased to not require following Doron Roberts-Kedes&#
to be able to submit multiple
async decryption requests while the previous one is pending i.e. being
processed or queued.
Vakul Garg (1):
net/tls: Combined memory allocation for decryption request
include/net/tls.h | 4 -
net/tls/tls_sw.c | 238
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Wednesday, August 8, 2018 10:37 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next v1 1
to be able to submit multiple
async decryption requests while the previous one is pending i.e. being
processed or queued.
This patch needs to be applied over Doron Roberts-Kedes's patch.
net/tls: Calculate nsg for zerocopy path without skb_cow_data.
Vakul Garg (1):
net/tls: Com
separately kmalloced each, but it is inefficient.
This patch does a combined allocation for preparing decryption request
and then segments into aead_req || sgin || sgout || iv || aad.
Signed-off-by: Vakul Garg
---
This patch needs to be applied over Doron Roberts-Kedes's patch.
ne
to be able to submit multiple
async decryption requests while the previous one is pending i.e. being
processed or queued.
This patch needs to be applied over Doron Roberts-Kedes's patch.
net/tls: Calculate nsg for zerocopy path without skb_cow_data.
Vakul Garg (1):
net/tls: Com
separately kmalloced each, but it is inefficient.
This patch does a combined allocation for preparing decryption request
and then segments into aead_req || sgin || sgout || iv || aad.
Signed-off-by: Vakul Garg
---
This patch needs to be applied over Doron Roberts-Kedes's patch.
ne
> -Original Message-
> From: Doron Roberts-Kedes [mailto:doro...@fb.com]
> Sent: Tuesday, August 7, 2018 1:18 AM
> To: David S . Miller
> Cc: Vakul Garg ; Dave Watson
> ; Boris Pismenny ; Aviad
> Yehezkel ; netdev@vger.kernel.org; Doron
> Roberts-Kedes
>
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Tuesday, August 7, 2018 8:26 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH RFC net-next 1/1] net
> -Original Message-
> From: Doron Roberts-Kedes [mailto:doro...@fb.com]
> Sent: Tuesday, August 7, 2018 12:02 AM
> To: Vakul Garg
> Cc: David S . Miller ; Dave Watson
> ; Boris Pismenny ; Aviad
> Yehezkel ; netdev@vger.kernel.org
> Subject: Re: [PATCH net-next
to be able to submit multiple
async decryption requests while the previous one is pending i.e. being
processed or queued.
This patch has been built over Doron Roberts-Kedes's patch:
"net/tls: Calculate nsg for zerocopy path without skb_cow_data"
Vakul Garg (1):
net/tls:
separately kmalloced each, but it is inefficient.
This patch does a combined allocation for preparing decryption request
and then segments into aead_req || sgin || sgout || iv || aad.
Signed-off-by: Vakul Garg
---
include/net/tls.h | 4 -
net/tls/tls_sw.c | 257
> -Original Message-
> From: Doron Roberts-Kedes [mailto:doro...@fb.com]
> Sent: Friday, August 3, 2018 6:00 AM
> To: David S . Miller
> Cc: Dave Watson ; Vakul Garg
> ; Boris Pismenny ; Aviad
> Yehezkel ; netdev@vger.kernel.org; Doron
> Roberts-Kedes
> Su
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Thursday, August 2, 2018 10:47 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next] net
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Thursday, August 2, 2018 2:17 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; Peter Doliwa ; Boris
> Pismenny
> Subject: Re: Security enhancement proposal for kernel TLS
>
>
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Thursday, August 2, 2018 10:17 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; da...@davemloft.net
> Subject: Re: [PATCH net-next] net
irrespective whether it is zero-copy case or otherwise. The
change also benefits the non-zero copy case as we could use sgin_arr[]
instead of always allocating sg entries from heap.
Signed-off-by: Vakul Garg
---
The said problem has been discussed with Dave Watson over mail list.
net/tls/tls_sw.c
try it
adds.
Signed-off-by: Vakul Garg
---
net/tls/tls_sw.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index ff3a6904a722..83d67df33f0c 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -311,6 +311,9 @@ static int zerocopy_from_iter(str
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Monday, July 23, 2018 10:05 PM
> To: David Miller
> Cc: Vakul Garg ; netdev@vger.kernel.org;
> bor...@mellanox.com; avia...@mellanox.com; Doron Roberts-Kedes
>
> Subject: Re: [net-next
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Tuesday, July 31, 2018 2:46 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; Peter Doliwa ; Boris
> Pismenny
> Subject: Re: Security enhancement proposal for kernel TLS
>
> On 07
Sorry for a delayed response.
Kindly see inline.
> -Original Message-
> From: Dave Watson [mailto:davejwat...@fb.com]
> Sent: Wednesday, July 25, 2018 9:30 PM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; Peter Doliwa ; Boris
> Pismenny
> Subject: Re: Security enh
ocket callback sk_state_change which
points to sock_def_wakeup() which issues a wakeup unconditionally
(without event mask).
Signed-off-by: Vakul Garg
---
v6->v7: Improved the commit message to contain the detailed reasoning.
(The same analysis was shared on the mail list.)
net/tls/tls_sw.c |
> -Original Message-
> From: David Miller [mailto:da...@davemloft.net]
> Sent: Sunday, July 29, 2018 11:48 AM
> To: Vakul Garg
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com
> Subject: Re: [net-next v6 1/2] net/tls:
1 - 100 of 156 matches
Mail list logo
