tcp: Don't coalesce decrypted and encrypted SKBs

Prevent coalescing of decrypted and encrypted SKBs in GRO
and TCP layer.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 12 insertions, 0 deletions

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index fac5d03d4528..91dbb9afb950 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4343,6 +4343,11 @@ static bool tcp_try_coalesce(struct sock *sk,
         if (TCP_SKB_CB(from)->seq != TCP_SKB_CB(to)->end_seq)
                 return false;
 
+#ifdef CONFIG_TLS_DEVICE
+        if (from->decrypted != to->decrypted)
+                return false;
+#endif
+
         if (!skb_try_coalesce(to, from, fragstolen, &delta))
                 return false;
 
@@ -4871,6 +4876,9 @@ restart:
                         break;
 
                 memcpy(nskb->cb, skb->cb, sizeof(skb->cb));
+#ifdef CONFIG_TLS_DEVICE
+                nskb->decrypted = skb->decrypted;
+#endif
                 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(nskb)->end_seq = start;
                 if (list)
                         __skb_queue_before(list, skb, nskb);
@@ -4898,6 +4906,10 @@ restart:
                                     skb == tail ||
                                     (TCP_SKB_CB(skb)->tcp_flags & (TCPHDR_SYN | TCPHDR_FIN)))
                                         goto end;
+#ifdef CONFIG_TLS_DEVICE
+                                if (skb->decrypted != nskb->decrypted)
+                                        goto end;
+#endif
                         }
                 }
         }