Help needed - Kernel lockup while running ipsec

Hi With kernel 4.14.122, I am getting a kernel softlockup while running single static ipsec tunnel. The problem reproduces mostly after running 8-10 hours of ipsec encap test (on my dual core arm board). I found that in function xfrm_policy_lookup_bytype(), the policy in variable 'ret' shows r

RE: Help needed - Kernel lockup while running ipsec

Thanks for your response. > -Original Message- > From: Florian Westphal > Sent: Monday, August 19, 2019 11:08 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org > Subject: Re: Help needed - Kernel lockup while running ipsec > > Vakul Garg wrote: > > Hi &

RE: Help needed - Kernel lockup while running ipsec

> -Original Message- > From: Florian Westphal > Sent: Tuesday, August 20, 2019 2:53 PM > To: Vakul Garg > Cc: Florian Westphal ; netdev@vger.kernel.org > Subject: Re: Help needed - Kernel lockup while running ipsec > > Vakul Garg wrote: > > > >

RE: Help needed - Kernel lockup while running ipsec

> > -Original Message- > > From: Florian Westphal > > Sent: Tuesday, August 20, 2019 2:53 PM > > To: Vakul Garg > > Cc: Florian Westphal ; netdev@vger.kernel.org > > Subject: Re: Help needed - Kernel lockup while running ipsec > > > > V

RE: Help needed - Kernel lockup while running ipsec

> -Original Message- > From: Florian Westphal > Sent: Tuesday, August 20, 2019 3:08 PM > To: Vakul Garg > Cc: Florian Westphal ; netdev@vger.kernel.org > Subject: Re: Help needed - Kernel lockup while running ipsec > > Vakul Garg wrote: > > &

RE: Help needed - Kernel lockup while running ipsec

> > > -Original Message- > > From: Florian Westphal > > Sent: Tuesday, August 20, 2019 3:08 PM > > To: Vakul Garg > > Cc: Florian Westphal ; netdev@vger.kernel.org > > Subject: Re: Help needed - Kernel lockup while

RE: Help needed - Kernel lockup while running ipsec

> -Original Message- > From: Vakul Garg > Sent: Tuesday, August 20, 2019 4:08 PM > To: Florian Westphal > Cc: netdev@vger.kernel.org > Subject: RE: Help needed - Kernel lockup while running ipsec > > > > > > > > -Original Message

RE: Help needed - Kernel lockup while running ipsec

> -Original Message- > From: Florian Westphal > Sent: Wednesday, August 21, 2019 9:42 PM > To: Vakul Garg > Cc: Florian Westphal ; netdev@vger.kernel.org > Subject: Re: Help needed - Kernel lockup while running ipsec > > Vakul Garg wrote: > > > Polic

RE: [PATCH net-next] net/tls: Move protocol constants from cipher context to tls context

> -Original Message- > From: David Miller > Sent: Sunday, February 17, 2019 7:45 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > Subject: Re: [PATCH net-next] net/tls: Move pr

[PATCH net-next] tls: Return type of non-data records retrieved using MSG_PEEK in recvmsg

x_list is left there without consuming any data. Fixes: 692d7b5d1f912 ("tls: Fix recvmsg() to be able to peek across...) Signed-off-by: Vakul Garg --- include/net/tls.h | 10 +++ net/tls/tls_sw.c | 78 +++ 2 files changed, 77 insertions(+

[PATCH net-next] selftest/tls: Add test to verify received 'type' of non-data record

Test case 'control_msg' has been updated to peek non-data record and then verify the type of record received. Subsequently, the same record is retrieved without MSG_PEEK flag in recvmsg(). Signed-off-by: Vakul Garg --- tools/testing/selftests/net/tls.c | 14 ++ 1 file c

[PATCHv2 net-next] tls: Return type of non-data records retrieved using MSG_PEEK in recvmsg

x_list is left there without consuming any data. Fixes: 692d7b5d1f912 ("tls: Fix recvmsg() to be able to peek across multiple records) Signed-off-by: Vakul Garg --- Changes in v2: - Modified 'Fixed:' line to use full commit

[PATCHv3 net-next] tls: Return type of non-data records retrieved using MSG_PEEK in recvmsg

x_list is left there without consuming any data. Fixes: 692d7b5d1f912 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Vakul Garg --- Changes in v2: - Modified 'Fixed:' line to use full commit header line. Changes in v3: - Adde

RE: kTLS getsockopt TLS_RX support

> -Original Message- > From: netdev-ow...@vger.kernel.org On > Behalf Of Hayakawa Yutaro > Sent: Saturday, February 23, 2019 10:59 PM > To: netdev@vger.kernel.org > Subject: kTLS getsockopt TLS_RX support > > Hello, > > While trying the kTLS, I found out that currently, there is no su

RE: kTLS getsockopt TLS_RX support

> -Original Message- > From: Hayakawa Yutaro > Sent: Sunday, February 24, 2019 11:01 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org > Subject: Re: kTLS getsockopt TLS_RX support > > > > 2019/02/24 10:50、Vakul Garg のメール: > > > > > > &

RE: [PATCHv3 net-next] tls: Return type of non-data records retrieved using MSG_PEEK in recvmsg

> -Original Message- > From: netdev-ow...@vger.kernel.org On > Behalf Of David Miller > Sent: Monday, February 25, 2019 11:29 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > S

RE: [PATCH net 3/4] tls: Fix mixing between async capable and async

> -Original Message- > From: Boris Pismenny > Sent: Tuesday, February 26, 2019 5:43 PM > To: avia...@mellanox.com; davejwat...@fb.com; > john.fastab...@gmail.com; dan...@iogearbox.net; Vakul Garg > ; netdev@vger.kernel.org > Cc: era...@mellanox.com; bor...@m

RE: [PATCH net 2/4] tls: Fix write space handling

> -Original Message- > From: Boris Pismenny > Sent: Tuesday, February 26, 2019 5:43 PM > To: avia...@mellanox.com; davejwat...@fb.com; > john.fastab...@gmail.com; dan...@iogearbox.net; Vakul Garg > ; netdev@vger.kernel.org > Cc: era...@mellanox.com; bor...@m

RE: [PATCH net 1/4] tls: Fix tls_device handling of partial records

> -Original Message- > From: Boris Pismenny > Sent: Tuesday, February 26, 2019 5:43 PM > To: avia...@mellanox.com; davejwat...@fb.com; > john.fastab...@gmail.com; dan...@iogearbox.net; Vakul Garg > ; netdev@vger.kernel.org > Cc: era...@mellanox.com; bor...@m

RE: [PATCH net 4/4] tls: Fix tls_device receive

> -Original Message- > From: Boris Pismenny > Sent: Tuesday, February 26, 2019 5:43 PM > To: avia...@mellanox.com; davejwat...@fb.com; > john.fastab...@gmail.com; dan...@iogearbox.net; Vakul Garg > ; netdev@vger.kernel.org > Cc: era...@mellanox.com; bor...@m

RE: [PATCH net 4/4] tls: Fix tls_device receive

> -Original Message- > From: Dave Watson > Sent: Wednesday, February 27, 2019 2:05 AM > To: Boris Pismenny > Cc: avia...@mellanox.com; john.fastab...@gmail.com; > dan...@iogearbox.net; Vakul Garg ; > netdev@vger.kernel.org; era...@mellanox.com > Subject: Re:

RE: [PATCH net 4/4] tls: Fix tls_device receive

> -Original Message- > From: Boris Pismenny > Sent: Wednesday, February 27, 2019 8:54 PM > To: Vakul Garg ; Dave Watson > > Cc: Aviad Yehezkel ; john.fastab...@gmail.com; > dan...@iogearbox.net; netdev@vger.kernel.org; Eran Ben Elisha > > Subject: R

kernel tls interface with user space modification proposal

Hi The present interface of kernel tls with user space has few shortcomings. The biggest one is that when we need to add a ciphersuite in kernel tls, then we need to define new structures for passing cryptographic parameters required by record layer. And the user space ssl stack also has to be

RE: [PATCH net 2/4] tls: Fix write space handling

> -Original Message- > From: Boris Pismenny > Sent: Tuesday, February 26, 2019 7:43 PM > To: Vakul Garg ; Aviad Yehezkel > ; davejwat...@fb.com; > john.fastab...@gmail.com; dan...@iogearbox.net; netdev@vger.kernel.org > Cc: Eran Ben Elisha > Subject: Re: [PATCH

RE: [PATCH net 2/4] tls: Fix write space handling

> -Original Message- > From: Boris Pismenny > Sent: Monday, March 11, 2019 9:29 PM > To: Vakul Garg ; Aviad Yehezkel > ; davejwat...@fb.com; > john.fastab...@gmail.com; dan...@iogearbox.net; netdev@vger.kernel.org > Cc: Eran Ben Elisha > Subject: Re: [PATCH

[PATCH net] net/tls: Inform user space about send buffer availability

db0ef ("tls: Fix write space handling") Signed-off-by: Vakul Garg --- net/tls/tls_main.c | 1 - net/tls/tls_sw.c | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 17e8667917aa..1d16562f86ed 100644 --- a/net/tls/tls_mai

[PATCH net v2] net/tls: Inform user space about send buffer availability

ould be called from tls_write_space. So whenever tcp stack invokes sk->sk_write_space after freeing socket send buffer, we always declare the same to user space by the way of invoking ctx->sk_write_space. Fixes: 7463d3a2db0ef ("tls: Fix write space handling") Signed-off-by: Vakul Garg Review

[PATCH net-next] net/tls: Add support of AES128-CCM based ciphers

'2'. Further, CCM implementation in kernel requires IV passed in crypto_aead_request() to be full '16' bytes. Therefore, the record structure 'struct tls_rec' has been modified to reserve '16' bytes for IV. This works for both GCM and CCM based cipher. Sig

RE: [PATCH net-next] net/tls: Add support of AES128-CCM based ciphers

> -Original Message- > From: Boris Pismenny > Sent: Tuesday, March 19, 2019 10:36 PM > To: Vakul Garg ; netdev@vger.kernel.org > Cc: Aviad Yehezkel ; davejwat...@fb.com; > da...@davemloft.net; doro...@fb.com > Subject: Re: [PATCH net-next] net/tls: Add suppor

[PATCH net-next v2] net/tls: Add support of AES128-CCM based ciphers

'2'. Further, CCM implementation in kernel requires IV passed in crypto_aead_request() to be full '16' bytes. Therefore, the record structure 'struct tls_rec' has been modified to reserve '16' bytes for IV. This works for both GCM and CCM based cipher. Sign

[PATCH net-next] net/tls: Replace kfree_skb() with consume_skb()

To free the skb in normal course of processing, consume_skb() should be used. Only for failure paths, skb_free() is intended to be used. https://www.kernel.org/doc/htmldocs/networking/API-consume-skb.html Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 8 1 file changed, 4 insertions

[PATCH net-next v2 1/1] net/tls: Replace kfree_skb() with consume_skb()

To free the skb in normal course of processing, consume_skb() should be used. Only for failure paths, skb_free() is intended to be used. https://www.kernel.org/doc/htmldocs/networking/API-consume-skb.html Signed-off-by: Vakul Garg --- v1 -> v2: Reverted consume_skb() to kfree_skb()

RE: ipsec tunnel performance degrade

> -Original Message- > From: David Miller > Sent: Tuesday, April 23, 2019 10:57 PM > To: f...@strlen.de > Cc: Vakul Garg ; netdev@vger.kernel.org > Subject: Re: ipsec tunnel performance degrade > > From: Florian Westphal > Date: Tue, 23 Apr 2019 18:25

RE: [RFC HACK] xfrm: make state refcounting percpu

> -Original Message- > From: Steffen Klassert > Sent: Friday, May 3, 2019 11:38 AM > To: Florian Westphal > Cc: Vakul Garg ; netdev@vger.kernel.org > Subject: Re: [RFC HACK] xfrm: make state refcounting percpu > > On Wed, Apr 24, 2019 at 12:40:23PM +0200

RE: [RFC HACK] xfrm: make state refcounting percpu

> -Original Message- > From: Steffen Klassert > Sent: Friday, May 3, 2019 11:52 AM > To: Vakul Garg > Cc: Florian Westphal ; netdev@vger.kernel.org > Subject: Re: [RFC HACK] xfrm: make state refcounting percpu > > On Fri, May 03, 2019 at 06:13:22AM

RE: [RFC HACK] xfrm: make state refcounting percpu

> -Original Message- > From: Steffen Klassert > Sent: Friday, May 3, 2019 12:16 PM > To: Vakul Garg > Cc: Florian Westphal ; netdev@vger.kernel.org > Subject: Re: [RFC HACK] xfrm: make state refcounting percpu > > On Fri, May 03, 2019 at 06:34:29AM

[PATCH net-next] strparser: Call skb_unclone conditionally

Calling skb_unclone() is expensive as it triggers a memcpy operation. Instead of calling skb_unclone() unconditionally, call it only when skb has a shared frag_list. This improves tls rx throughout significantly. Signed-off-by: Vakul Garg Suggested-by: Boris Pismenny --- net/strparser

[PATCH net-next] net/tls: Removed redundant variable from 'struct tls_sw_context_rx'

The variable 'decrypted' in 'struct tls_sw_context_rx' is redundant and is being set/unset without purpose. Simplified the code by removing it. Signed-off-by: Vakul Garg --- include/net/tls.h | 1 - net/tls/tls_sw.c | 87

RE: [PATCH net-next] net/tls: Removed redundant variable from 'struct tls_sw_context_rx'

ssage- > From: Boris Pismenny [mailto:bor...@mellanox.com] > Sent: Thursday, July 12, 2018 4:11 PM > To: Vakul Garg ; da...@davemloft.net; > davejwat...@fb.com; netdev@vger.kernel.org > Cc: avia...@mellanox.com > Subject: Re: [PATCH net-next] net/tls: Removed redundant variable from >

[PATCH net-next 2/3] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index d31dc2487488..a184c70

[PATCH net-next 1/3] net/tls: Do not enable zero-copy prematurely

Zero-copy mode was left enabled even when zerocopy_from_iter() failed. Set the zero-copy mode only when zerocopy_from_iter() succeeds. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index

[PATCH net-next 3/3] net/tls: Remove redundant variable assignments and wakeup

y is useless as tls_do_decryption() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index a184c70ee0ac..a53fdcc33e31 100644 --- a/net/tls/tls_sw.

[net-next v2 1/5] net/tls: Do not enable zero-copy prematurely

is set since it is never called if ctx->decrypted is true. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 22 +- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7d194c0cd6cf..e94cb54a6994 100644 --- a/net/tls/tls_sw

[net-next v2 4/5] net/tls: Remove redundant array allocation.

In function decrypt_skb(), array allocation in case when sgout is NULL is unnecessary. Instead, local variable sgin_arr[] can be used. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 6eaaa587db71

[net-next v2 5/5] net/tls: Rework error checking after decrypt_skb_update()

Error checking code after invoking decrypt_skb_update() for zero-copy and non-zero-copy cases in tls_sw_recvmsg has been made common. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 14 ++ 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls

[net-next v2 3/5] net/tls: Remove redundant variable assignments and wakeup

useless as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 186152dced25..6eaaa587db71 100644 --- a/net/tls/tls_sw.c

[net-next v2 2/5] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e94cb54a6994..186152d

RE: [PATCH v9 crypto 00/12] Chelsio Inline TLS

> -Original Message- > From: linux-crypto-ow...@vger.kernel.org [mailto:linux-crypto- > ow...@vger.kernel.org] On Behalf Of Atul Gupta > Sent: Tuesday, March 6, 2018 9:05 PM > To: davejwat...@fb.com; da...@davemloft.net; > herb...@gondor.apana.org.au > Cc: linux-cry...@vger.kernel.org; ne

RE: [PATCH net-next v1] net/tls: Add support for async decryption of tls records

> -Original Message- > From: Dave Watson > Sent: Saturday, August 18, 2018 3:43 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; da...@davemloft.net > Subject: Re: [PATCH net-next v1] net/tls: Add support for asyn

[PATCH net-next v2] net/tls: Add support for async decryption of tls records

the sleeping user context when recvmsg() flags that it has done sending all the decryption requests and there are no more decryption requests pending to be completed. Signed-off-by: Vakul Garg Reviewed-by: Dave Watson --- Changes since v1: - Simplified recvmsg() so to drop reference to

[PATCH net-next v1] selftests/tls: Add test for recv(PEEK) spanning across multiple records

Added test case to receive multiple records with a single recvmsg() operation with a MSG_PEEK set. --- tools/testing/selftests/net/tls.c | 22 ++ 1 file changed, 22 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index b3ebf264

RE: [PATCH net-next v2] net/tls: Add support for async decryption of tls records

> -Original Message- > From: David Miller > Sent: Saturday, September 1, 2018 6:31 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com > Subject: Re: [PATCH net-next v2] net/tls: Add support for asyn

[PATCH net-next v1] net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC

ord() with 'sg_encrypted_num_elem = 0' and later causes kernel crash. To fix this, set the number of SG elements to the number of elements in plaintext/encrypted SG arrays in case sk_alloc_sg() returns -ENOSPC. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 6 ++ 1 file changed, 6 insertions(+)

RE: [PATCH net 3/3] tls: zero the crypto information from tls_context before freeing

> -Original Message- > From: netdev-ow...@vger.kernel.org On > Behalf Of Sabrina Dubroca > Sent: Wednesday, September 5, 2018 6:52 PM > To: netdev@vger.kernel.org > Cc: Sabrina Dubroca ; Boris Pismenny > ; Ilya Lesokhin ; Aviad > Yehezkel ; Dave Watson > Subject: [PATCH net 3/3] tls: z

[PATCH net-next, net v2] net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC

ord() with 'sg_encrypted_num_elem = 0' and later causes kernel crash. To fix this, set the number of SG elements to the number of elements in plaintext/encrypted SG arrays in case sk_alloc_sg() returns -ENOSPC. Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Vakul Garg --- Cha

[PATCH net-next v1] net/tls: Fixed return value when tls_complete_pending_work() fails

In tls_sw_sendmsg() and tls_sw_sendpage(), the variable 'ret' has been set to return value of tls_complete_pending_work(). This allows return of proper error code if tls_complete_pending_work() fails. Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Vakul Garg -

RE: [PATCH net-next v2] net/tls: Add support for async decryption of tls records

> -Original Message- > From: John Fastabend > Sent: Saturday, September 15, 2018 1:10 AM > To: Vakul Garg ; netdev@vger.kernel.org > Cc: bor...@mellanox.com; avia...@mellanox.com; davejwat...@fb.com; > da...@davemloft.net > Subject: Re: [PATCH net-next v2] net/tls:

RE: [net-next PATCH] tls: async support causes out-of-bounds access in crypto APIs

> -Original Message- > From: netdev-ow...@vger.kernel.org On > Behalf Of John Fastabend > Sent: Saturday, September 15, 2018 1:32 AM > To: Vakul Garg ; davejwat...@fb.com > Cc: doro...@fb.com; netdev@vger.kernel.org; > alexei.starovoi...@gmail.com; dan..

[PATCH net-next] net/tls: Add support for async encryption of records for performance

_device.c is still using macros, accessory functions for CLOSED records have been retained. Signed-off-by: Vakul Garg --- include/net/tls.h | 70 +-- net/tls/tls_main.c | 54 ++--- net/tls/tls_sw.c | 569 - 3 files changed, 515 inse

RE: [PATCH net-next] net/tls: Add support for async encryption of records for performance

> -Original Message- > From: David Miller > Sent: Thursday, September 20, 2018 11:49 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > Subject: Re: [PATCH net-next] net/tls:

[PATCH net-next v2] net/tls: Add support for async encryption of records for performance

_device.c is still using macros, accessory functions for CLOSED records have been retained. Signed-off-by: Vakul Garg --- Changes since v1: Addressed Dave Miller's comments. - Removed an extra space between 'inline' and 'bool' in 'is_tx_ready' de

ipsec tunnel performance degrade

Hi Post kernel 4.9, I am experiencing more than 50% degrade in ipsec performance on my arm64 based systems (with onchip crypto accelerator). (We use only lts kernels). My understanding is that it is mainly due to xfrm flow cache removal in version 4.12. I am not sure whether any subsequent work

RE: ipsec tunnel performance degrade

> -Original Message- > From: Florian Westphal > Sent: Monday, April 22, 2019 11:16 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org > Subject: Re: ipsec tunnel performance degrade > > Vakul Garg wrote: > > Post kernel 4.9, I am experiencing

RE: ipsec tunnel performance degrade

> -Original Message- > From: Florian Westphal > Sent: Tuesday, April 23, 2019 11:27 AM > To: Vakul Garg > Cc: Florian Westphal ; netdev@vger.kernel.org > Subject: Re: ipsec tunnel performance degrade > > Vakul Garg wrote: > > > Do you use xfrm interf

[RESEND PATCH net-next] Optimize sk_msg_clone() by data merge to end dst sg entry

G_MORE. Signed-off-by: Vakul Garg --- The patch is being resent since it net-next was closed when it was sent earlier. net/core/skmsg.c | 25 + 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/net/core/skmsg.c b/net/core/skmsg.c index 26458876d763..f15393ab7fe1

[PATCH net-next 1/1] tls: Fix recvmsg() to be able to peek across multiple records

ueued from 'rx_list' after the decrypted data is consumed by copying into the buffer passed to recvmsg(). In case, the MSG_PEEK flag is used in recvmsg(), then records are not consumed or removed from the 'rx_list'. Signed-off-by: Vak

[PATCH net-next] selftests/tls: Fix recv partial/large_buff test cases

vmsg(). Signed-off-by: Vakul Garg --- tools/testing/selftests/net/tls.c | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index fac68d710f35..ff68ed19c0ef 100644 --- a/tools/testing/selftests/net/t

[PATCH net-next v2 1/1] tls: Fix recvmsg() to be able to peek across multiple records

ueued from 'rx_list' after the decrypted data is consumed by copying into the buffer passed to recvmsg(). In case, the MSG_PEEK flag is used in recvmsg(), then records are not consumed or removed from the 'rx_list'. Signed-off-by: Vakul Garg --- Changes since v1: 1. Added c

[PATCH net-next] strparser: Return if socket does not have required number of bytes

. Signed-off-by: Vakul Garg --- net/strparser/strparser.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/net/strparser/strparser.c b/net/strparser/strparser.c index da1a676860ca..38f8d8d8f4ad 100644 --- a/net/strparser/strparser.c +++ b/net/strparser/strparser.c

RE: [PATCH net-next] strparser: Return if socket does not have required number of bytes

> -Original Message- > From: David Miller > Sent: Thursday, January 31, 2019 11:30 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > Subject: Re: [PATCH net-next] strparser: Retu

[PATCH net-next] tls: Do not call sk_memcopy_from_iter with zero length

, do not call sk_msg_memcopy_from_iter() when number of bytes to copy (indicated by 'try_to_copy') is zero. Signed-off-by: Vakul Garg Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface") --- net/tls/tls_sw.c | 10 ++ 1 file changed, 6 insertions(+), 4 dele

[PATCH net-next] Prevent overflow of sk_msg in sk_msg_clone()

5f 54fff788 940169b1 f9000320 (b9400801) [ 79.046283] ---[ end trace 74db007d069c1cf7 ]--- Signed-off-by: Vakul Garg Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface") --- net/core/skmsg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/core/skmsg.c b/net/c

RE: [PATCH net-next] tls: Do not call sk_memcopy_from_iter with zero length

> -Original Message- > From: David Miller > Sent: Friday, December 21, 2018 10:39 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > Subject: Re: [PATCH net-next] tls: Do not call

[PATCH net-next] Optimize sk_msg_clone() by data merge to end dst sg entry

G_MORE. Signed-off-by: Vakul Garg --- net/core/skmsg.c | 25 + 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/net/core/skmsg.c b/net/core/skmsg.c index 26458876d763..f15393ab7fe1 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -78,11 +78,9 @@ int sk_msg

[PATCH net-next] net/tls: Fixed race condition in async encryption

_ready_list in 'struct tls_sw_context_tx' to 'tx_list'. This is because now, the some of the records at the tail are not ready to transmit. Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption") Signed-off-by: Vakul Garg --- include/net/tls

[PATCH net-next] tls: Fixed uninitialised vars warning

ort for async encryption") Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index bcb24c498b84..102d84bdb2ab 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -709,7 +709,7 @@ int

[PATCH net-next] tls: Fix socket mem accounting error under async encryption

up of plaintext data to the time when the record is picked up from tx_list and transmitted/freed. When tls_tx_records() gets called, socket is already locked and thus there is no concurrent access problem. Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption") Signed-off-by:

[PATCH net-next] tls: Fixed a memory leak during socket close

free record in tx context is being freed inside the function. Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption") Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_

RE: [PATCH net-next] tls: Fix socket mem accounting error under async encryption

> -Original Message- > From: David Miller > Sent: Tuesday, September 25, 2018 11:14 PM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > Subject: Re: [PATCH net-next] tls: Fix socket

RE: [PATCH net-next] tls: Fix socket mem accounting error under async encryption

> -Original Message- > From: David Miller > Sent: Wednesday, September 26, 2018 9:10 AM > To: Vakul Garg > Cc: netdev@vger.kernel.org; bor...@mellanox.com; > avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com > Subject: Re: [PATCH net-next] tls: Fix socket

[PATCH net-next] tls: Remove redundant vars from tls record structure

ntext_data has been modified to skip first index as it points to aad_space. Signed-off-by: Vakul Garg --- include/net/tls.h | 6 ++-- net/tls/tls_sw.c | 92 ++- 2 files changed, 45 insertions(+), 53 deletions(-) diff --git a/include/net/tls.h

[PATCH net-next] tls: Add support for inplace records encryption

rec(). If zero-copy is used (i.e. plaintext data is not copied), inplace_crypto is set to '0'. Signed-off-by: Vakul Garg --- include/net/tls.h | 1 + net/tls/tls_sw.c | 91 --- 2 files changed, 74 insertions(+), 18 deletions(-) dif

[PATCH net-next] net/tls: Disable async decrytion for tls1.3

hat ktls has already submitted some records i(which are encrypted with new keys) for decryption using old keys. This would lead to decrypt failure. Therefore, async decryption of records should be disabled for tls1.3. Fixes: 130b392c6cd6b ("net: tls: Add tls 1.3 support") Signed-off-b

[PATCH net-next] net/tls: Do not use async crypto for non-data records

s 1.3 support") Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 18 -- 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index fe8c287cbaa1..ae4784734547 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1645,10 +1645

[PATCH net-next] net/tls: Move protocol constants from cipher context to tls context

from 'struct cipher_context' to 'struct tls_prot_info' and stored only once in 'struct tls_context'. Signed-off-by: Vakul Garg --- include/net/tls.h| 46 +- net/tls/tls_device.c | 24 --- net/tls/tls_main.c | 17 +++

[net-next v3 3/5] net/tls: Remove redundant variable assignments and wakeup

useless as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- v2 -> v3 Removed compilation warning. net/tls/tls_sw.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 186152dced25.

[net-next v3 2/5] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e94cb54a6994..186152d

[net-next v3 1/5] net/tls: Do not enable zero-copy prematurely

is set since it is never called if ctx->decrypted is true. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 22 +- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7d194c0cd6cf..e94cb54a6994 100644 --- a/net/tls/tls_sw

[net-next v3 5/5] net/tls: Rework error checking after decrypt_skb_update()

Error checking code after invoking decrypt_skb_update() for zero-copy and non-zero-copy cases in tls_sw_recvmsg has been made common. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 14 ++ 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls

[net-next v3 0/5] net/tls: Minor code cleanup patches

common error checking code for zero-copy, non zero-copy modes. The patches do not fix any functional bug. Hence "Fixes:" tag has not been used. Vakul Garg (5): net/tls: Do not enable zero-copy prematurely net/tls: Use socket data_ready callback on record availability net/tls: Remove

[net-next v3 4/5] net/tls: Remove redundant array allocation.

In function decrypt_skb(), array allocation in case when sgout is NULL is unnecessary. Instead, local variable sgin_arr[] can be used. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 5dcfbaf33680

RE: [net-next v3 1/5] net/tls: Do not enable zero-copy prematurely

Thanks for the comment. I will take this patch out of the series. > -Original Message- > From: Boris Pismenny [mailto:bor...@mellanox.com] > Sent: Thursday, July 19, 2018 3:58 PM > To: Vakul Garg ; netdev@vger.kernel.org > Cc: avia...@mellanox.com; davejwat...@fb.com; da..

[net-next v4 0/3] net/tls: Minor code cleanup patches

ag has not been used. From patch series v3, this series v4 contains two patches less. They will be submitted separately. Vakul Garg (3): net/tls: Use socket data_ready callback on record availability net/tls: Remove redundant variable assignments and wakeup net/tls: Remove redundant array allocat

[net-next v4 3/3] net/tls: Remove redundant array allocation.

In function decrypt_skb(), array allocation in case when sgout is NULL is unnecessary. Instead, local variable sgin_arr[] can be used. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e62f288fda31

[net-next v4 1/3] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7d194c0cd6cf..a58661c

[net-next v4 2/3] net/tls: Remove redundant variable assignments and wakeup

useless as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index a58661c624ec..e62f288fda31 100644 --- a/net/tls/tls_sw.c

[net-next v5 3/3] net/tls: Remove redundant array allocation.

In function decrypt_skb(), array allocation in case when sgout is NULL is unnecessary. Instead, local variable sgin_arr[] can be used. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 4 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e15ace0ebd79

[net-next v5 1/3] net/tls: Use socket data_ready callback on record availability

On receipt of a complete tls record, use socket's saved data_ready callback instead of state_change callback. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7d194c0cd6cf..a58661c

[net-next v4 0/3] net/tls: Minor code cleanup patches

ag has not been used. From patch series v3, this series v4 contains two patches less. They will be submitted separately. Vakul Garg (3): net/tls: Use socket data_ready callback on record availability net/tls: Remove redundant variable assignments and wakeup net/tls: Remove redundant array allocat

[net-next v5 2/3] net/tls: Remove redundant variable assignments and wakeup

useless as decrypt_skb_update() is invoked from user processes only. This patch cleans these up. Signed-off-by: Vakul Garg --- Changes from v4->v5: Fixed compilation issue. net/tls/tls_sw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index

  1   2   >