From nobody Thu Oct 21 17:08:56 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0BD73180A9C2; Thu, 21 Oct 2021 17:08:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HZv8T313Bz4jxs; Thu, 21 Oct 2021 17:08:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CD6451ED79; Thu, 21 Oct 2021 17:08:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LH8u4w081045; Thu, 21 Oct 2021 17:08:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LH8ukn081044; Thu, 21 Oct 2021 17:08:56 GMT (envelope-from git) Date: Thu, 21 Oct 2021 17:08:56 GMT Message-Id: <202110211708.19LH8ukn081044@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 96668a81aef7 - main - ktls: Always create a software backend for receive sessions. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 96668a81aef7e9be74386820f1583961eee43ea6 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=96668a81aef7e9be74386820f1583961eee43ea6 commit 96668a81aef7e9be74386820f1583961eee43ea6 Author: John Baldwin AuthorDate: 2021-10-21 16:37:17 +0000 Commit: John Baldwin CommitDate: 2021-10-21 16:37:17 +0000 ktls: Always create a software backend for receive sessions. A future change to TOE TLS will require a software fallback for the first few TLS records received. Future support for NIC TLS on receive will also require a software fallback for certain cases. Reviewed by: gallatin, hselasky Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D32566 --- sys/kern/uipc_ktls.c | 36 ++++++++++++++++++++++-------------- sys/sys/ktls.h | 6 ++---- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index eb1f8dec8c1e..f97bf9d1117f 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -784,7 +784,6 @@ ktls_cleanup(struct ktls_session *tls) counter_u64_add(ktls_sw_chacha20, -1); break; } - ktls_ocf_free(tls); break; case TCP_TLS_MODE_IFNET: switch (tls->params.cipher_algorithm) { @@ -817,6 +816,8 @@ ktls_cleanup(struct ktls_session *tls) break; #endif } + if (tls->ocf_session != NULL) + ktls_ocf_free(tls); if (tls->params.auth_key != NULL) { zfree(tls->params.auth_key, M_KTLS); tls->params.auth_key = NULL; @@ -1004,14 +1005,9 @@ ktls_try_ifnet(struct socket *so, struct ktls_session *tls, bool force) return (error); } -static int -ktls_try_sw(struct socket *so, struct ktls_session *tls, int direction) +static void +ktls_use_sw(struct ktls_session *tls) { - int error; - - error = ktls_ocf_try(so, tls, direction); - if (error) - return (error); tls->mode = TCP_TLS_MODE_SW; switch (tls->params.cipher_algorithm) { case CRYPTO_AES_CBC: @@ -1024,6 +1020,17 @@ ktls_try_sw(struct socket *so, struct ktls_session *tls, int direction) counter_u64_add(ktls_sw_chacha20, 1); break; } +} + +static int +ktls_try_sw(struct socket *so, struct ktls_session *tls, int direction) +{ + int error; + + error = ktls_ocf_try(so, tls, direction); + if (error) + return (error); + ktls_use_sw(tls); return (0); } @@ -1184,17 +1191,18 @@ ktls_enable_rx(struct socket *so, struct tls_enable *en) if (error) return (error); -#ifdef TCP_OFFLOAD - error = ktls_try_toe(so, tls, KTLS_RX); - if (error) -#endif - error = ktls_try_sw(so, tls, KTLS_RX); - + error = ktls_ocf_try(so, tls, KTLS_RX); if (error) { ktls_cleanup(tls); return (error); } +#ifdef TCP_OFFLOAD + error = ktls_try_toe(so, tls, KTLS_RX); + if (error) +#endif + ktls_use_sw(tls); + /* Mark the socket as using TLS offload. */ SOCKBUF_LOCK(&so->so_rcv); so->so_rcv.sb_tls_seqno = be64dec(en->rec_seq); diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h index aea13d2d8ce1..a3eac69b5eeb 100644 --- a/sys/sys/ktls.h +++ b/sys/sys/ktls.h @@ -184,10 +184,8 @@ struct ktls_session { const struct tls_record_layer *hdr, struct mbuf *m, uint64_t seqno, int *trailer_len); }; - union { - struct ktls_ocf_session *ocf_session; - struct m_snd_tag *snd_tag; - }; + struct ktls_ocf_session *ocf_session; + struct m_snd_tag *snd_tag; struct tls_session_params params; u_int wq_index; volatile u_int refcount;