Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.11.6 2020-11-28T02:25:27+00:00 2020-11-28T02:25:27+00:00 Jakub Kicinski kuba@kernel.org 2020-11-28T02:25:27+00:00 urn:sha1:5c39f26e67c984db0fa95f9faecf06eb0198dce7 Trivial conflict in CAN, keep the net-next + the byteswap wrapper. Conflicts: drivers/net/can/usb/gs_usb.c Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-11-27T22:32:37+00:00 Vadim Fedorenko vfedorenko@novek.ru 2020-11-24T15:24:48+00:00 urn:sha1:a6acbe62353834dc1913d96e1ace140bc9aafca3 RFC 7905 defines special behavior for ChaCha-Poly TLS sessions. The differences are in the calculation of nonce and the absence of explicit IV. This behavior is like TLSv1.3 partly. Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-11-27T22:32:37+00:00 Vadim Fedorenko vfedorenko@novek.ru 2020-11-24T15:24:47+00:00 urn:sha1:923c40c4651ed8b30cbd9fbac0f0ab612216cccc To provide support for ChaCha-Poly cipher we need to define specific constants and structures. Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-11-27T22:32:37+00:00 Vadim Fedorenko vfedorenko@novek.ru 2020-11-24T15:24:46+00:00 urn:sha1:6942a284fb3e6bcb8ab03c98ef5cb048e0fbb3e9 Inline functions defined in tls.h have a lot of AES-specific constants. Remove these constants and change argument to struct tls_prot_info to have an access to cipher type in later patches Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-11-26T01:31:06+00:00 Maxim Mikityanskiy maximmi@mellanox.com 2020-11-25T22:18:10+00:00 urn:sha1:025cc2fb6a4e84e9a0552c0017dcd1c24b7ac7da tls_device_offload_cleanup_rx doesn't clear tls_ctx->netdev after calling tls_dev_del if TLX TX offload is also enabled. Clearing tls_ctx->netdev gets postponed until tls_device_gc_task. It leaves a time frame when tls_device_down may get called and call tls_dev_del for RX one extra time, confusing the driver, which may lead to a crash. This patch corrects this racy behavior by adding a flag to prevent tls_device_down from calling tls_dev_del the second time. Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure") Signed-off-by: Maxim Mikityanskiy <maximmi@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com> Link: https://lore.kernel.org/r/20201125221810.69870-1-saeedm@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-11-17T22:41:20+00:00 Tariq Toukan tariqt@nvidia.com 2020-11-15T13:14:48+00:00 urn:sha1:138559b9f99d3b6b1d5e75c78facc067a23871c6 In async_resync mode, we log the TCP seq of records until the async request is completed. Later, in case one of the logged seqs matches the resync request, we return it, together with its record serial number. Before this fix, we mistakenly returned the serial number of the current record instead. Fixes: ed9b7646b06a ("net/tls: Add asynchronous resync") Signed-off-by: Tariq Toukan <tariqt@nvidia.com> Reviewed-by: Boris Pismenny <borisp@nvidia.com> Link: https://lore.kernel.org/r/20201115131448.2702-1-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-10-09T23:49:57+00:00 Randy Dunlap rdunlap@infradead.org 2020-10-09T05:49:00+00:00 urn:sha1:923527dcb4d164925a2fed0b53c6a1625a60a472 Remove one of the two instances of the function prototype for tls_validate_xmit_skb(). Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Boris Pismenny <borisp@nvidia.com> Cc: Aviad Yehezkel <aviadye@nvidia.com> Cc: John Fastabend <john.fastabend@gmail.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-06-30T20:36:56+00:00 Colin Ian King colin.king@canonical.com 2020-06-30T14:27:46+00:00 urn:sha1:a6ed3ebca49b62d7a917287b9986feff4e9fa7b1 Left shifting the u16 value promotes it to a int and then it gets sign extended to a u64. If len << 16 is greater than 0x7fffffff then the upper bits get set to 1 because of the implicit sign extension. Fix this by casting len to u64 before shifting it. Addresses-Coverity: ("integer handling issues") Fixes: ed9b7646b06a ("net/tls: Add asynchronous resync") Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Tariq Toukan <tariqt@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-06-27T21:00:22+00:00 Boris Pismenny borisp@mellanox.com 2020-06-08T16:11:38+00:00 urn:sha1:ed9b7646b06a2ed2450dd9437fc7d1ad2783140c This patch adds support for asynchronous resynchronization in tls_device. Async resync follows two distinct stages: 1. The NIC driver indicates that it would like to resync on some TLS record within the received packet (P), but the driver does not know (yet) which of the TLS records within the packet. At this stage, the NIC driver will query the device to find the exact TCP sequence for resync (tcpsn), however, the driver does not wait for the device to provide the response. 2. Eventually, the device responds, and the driver provides the tcpsn within the resync packet to KTLS. Now, KTLS can check the tcpsn against any processed TLS records within packet P, and also against any record that is processed in the future within packet P. The asynchronous resync path simplifies the device driver, as it can save bits on the packet completion (32-bit TCP sequence), and pass this information on an asynchronous command instead. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Signed-off-by: Tariq Toukan <tariqt@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> 2020-06-27T21:00:21+00:00 Boris Pismenny borisp@mellanox.com 2020-06-08T09:42:52+00:00 urn:sha1:acb5a07aaf2723cd273a4089e62611a414fb1c35 This reverts commit b3ae2459f89773adcbf16fef4b68deaaa3be1929. Revert the force resync API. Not in use. To be replaced by a better async resync API downstream. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Signed-off-by: Tariq Toukan <tariqt@mellanox.com> Reviewed-by: Maxim Mikityanskiy <maximmi@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>