From nobody Thu Oct 21 17:08:56 2021
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0BD73180A9C2;
Thu, 21 Oct 2021 17:08:58 +0000 (UTC)
(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4HZv8T313Bz4jxs;
Thu, 21 Oct 2021 17:08:57 +0000 (UTC)
(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CD6451ED79;
Thu, 21 Oct 2021 17:08:56 +0000 (UTC)
(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LH8u4w081045;
Thu, 21 Oct 2021 17:08:56 GMT
(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LH8ukn081044;
Thu, 21 Oct 2021 17:08:56 GMT
(envelope-from git)
Date: Thu, 21 Oct 2021 17:08:56 GMT
Message-Id: <202110211708.19LH8ukn081044@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
dev-commits-src-main@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: 96668a81aef7 - main - ktls: Always create a software backend for receive sessions.
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 96668a81aef7e9be74386820f1583961eee43ea6
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=96668a81aef7e9be74386820f1583961eee43ea6
commit 96668a81aef7e9be74386820f1583961eee43ea6
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-10-21 16:37:17 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-10-21 16:37:17 +0000
ktls: Always create a software backend for receive sessions.
A future change to TOE TLS will require a software fallback for the
first few TLS records received. Future support for NIC TLS on receive
will also require a software fallback for certain cases.
Reviewed by: gallatin, hselasky
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D32566
---
sys/kern/uipc_ktls.c | 36 ++++++++++++++++++++++--------------
sys/sys/ktls.h | 6 ++----
2 files changed, 24 insertions(+), 18 deletions(-)
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index eb1f8dec8c1e..f97bf9d1117f 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -784,7 +784,6 @@ ktls_cleanup(struct ktls_session *tls)
counter_u64_add(ktls_sw_chacha20, -1);
break;
}
- ktls_ocf_free(tls);
break;
case TCP_TLS_MODE_IFNET:
switch (tls->params.cipher_algorithm) {
@@ -817,6 +816,8 @@ ktls_cleanup(struct ktls_session *tls)
break;
#endif
}
+ if (tls->ocf_session != NULL)
+ ktls_ocf_free(tls);
if (tls->params.auth_key != NULL) {
zfree(tls->params.auth_key, M_KTLS);
tls->params.auth_key = NULL;
@@ -1004,14 +1005,9 @@ ktls_try_ifnet(struct socket *so, struct ktls_session *tls, bool force)
return (error);
}
-static int
-ktls_try_sw(struct socket *so, struct ktls_session *tls, int direction)
+static void
+ktls_use_sw(struct ktls_session *tls)
{
- int error;
-
- error = ktls_ocf_try(so, tls, direction);
- if (error)
- return (error);
tls->mode = TCP_TLS_MODE_SW;
switch (tls->params.cipher_algorithm) {
case CRYPTO_AES_CBC:
@@ -1024,6 +1020,17 @@ ktls_try_sw(struct socket *so, struct ktls_session *tls, int direction)
counter_u64_add(ktls_sw_chacha20, 1);
break;
}
+}
+
+static int
+ktls_try_sw(struct socket *so, struct ktls_session *tls, int direction)
+{
+ int error;
+
+ error = ktls_ocf_try(so, tls, direction);
+ if (error)
+ return (error);
+ ktls_use_sw(tls);
return (0);
}
@@ -1184,17 +1191,18 @@ ktls_enable_rx(struct socket *so, struct tls_enable *en)
if (error)
return (error);
-#ifdef TCP_OFFLOAD
- error = ktls_try_toe(so, tls, KTLS_RX);
- if (error)
-#endif
- error = ktls_try_sw(so, tls, KTLS_RX);
-
+ error = ktls_ocf_try(so, tls, KTLS_RX);
if (error) {
ktls_cleanup(tls);
return (error);
}
+#ifdef TCP_OFFLOAD
+ error = ktls_try_toe(so, tls, KTLS_RX);
+ if (error)
+#endif
+ ktls_use_sw(tls);
+
/* Mark the socket as using TLS offload. */
SOCKBUF_LOCK(&so->so_rcv);
so->so_rcv.sb_tls_seqno = be64dec(en->rec_seq);
diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h
index aea13d2d8ce1..a3eac69b5eeb 100644
--- a/sys/sys/ktls.h
+++ b/sys/sys/ktls.h
@@ -184,10 +184,8 @@ struct ktls_session {
const struct tls_record_layer *hdr, struct mbuf *m,
uint64_t seqno, int *trailer_len);
};
- union {
- struct ktls_ocf_session *ocf_session;
- struct m_snd_tag *snd_tag;
- };
+ struct ktls_ocf_session *ocf_session;
+ struct m_snd_tag *snd_tag;
struct tls_session_params params;
u_int wq_index;
volatile u_int refcount;