tls: Fix recvmsg() to be able to peek across multiple records

This fixes recvmsg() to be able to peek across multiple tls records. Without this patch, the tls's selftests test case 'recv_peek_large_buf_mult_recs' fails. Each tls receive context now maintains a 'rx_list' to retain incoming skb carrying tls records. If a tls record needs to be retained e.g. for peek case or for the case when the buffer passed to recvmsg() has a length smaller than decrypted record length, then it is added to 'rx_list'. Additionally, records are added in 'rx_list' if the crypto operation runs in async mode. The records are dequeued from 'rx_list' after the decrypted data is consumed by copying into the buffer passed to recvmsg(). In case, the MSG_PEEK flag is used in recvmsg(), then records are not consumed or removed from the 'rx_list'. Signed-off-by: Vakul Garg <vakul.garg@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Vakul Garg <vakul.garg@nxp.com> 2019-01-16 05:40:16 -0500
committer: David S. Miller <davem@davemloft.net> 2019-01-17 17:20:40 -0500
commit: 692d7b5d1f9125a1cf0595e979e3b5fb7210547e (patch)
tree: eec9d65c6440f10cdbefa4d329e3a425babc5456 /net/tls
parent: fb73d620252ea595f217c5ffcdb5425e60e1509f (diff)
1 files changed, 196 insertions, 70 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index b8e50e22b777..86b9527c4826 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -124,6 +124,7 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err)
 {
        struct aead_request *aead_req = (struct aead_request *)req;
        struct scatterlist *sgout = aead_req->dst;
+        struct scatterlist *sgin = aead_req->src;
        struct tls_sw_context_rx *ctx;
        struct tls_context *tls_ctx;
        struct scatterlist *sg;
@@ -134,12 +135,16 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err)
        skb = (struct sk_buff *)req->data;
        tls_ctx = tls_get_ctx(skb->sk);
        ctx = tls_sw_ctx_rx(tls_ctx);
-        pending = atomic_dec_return(&ctx->decrypt_pending);
        /* Propagate if there was an err */
        if (err) {
                ctx->async_wait.err = err;
                tls_err_abort(skb->sk, err);
+        } else {
+                struct strp_msg *rxm = strp_msg(skb);
+                rxm->offset += tls_ctx->rx.prepend_size;
+                rxm->full_len -= tls_ctx->rx.overhead_size;
        }
        /* After using skb->sk to propagate sk through crypto async callback
@@ -147,18 +152,21 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err)
         */
        skb->sk = NULL;
-        /* Release the skb, pages and memory allocated for crypto req */
-        kfree_skb(skb);
-        /* Skip the first S/G entry as it points to AAD */
+        /* Free the destination pages if skb was not decrypted inplace */
-        for_each_sg(sg_next(sgout), sg, UINT_MAX, pages) {
+        if (sgout != sgin) {
-                if (!sg)
+                /* Skip the first S/G entry as it points to AAD */
-                        break;
+                for_each_sg(sg_next(sgout), sg, UINT_MAX, pages) {
-                put_page(sg_page(sg));
+                        if (!sg)
+                                break;
+                        put_page(sg_page(sg));
+                }
        }
        kfree(aead_req);
+        pending = atomic_dec_return(&ctx->decrypt_pending);
        if (!pending && READ_ONCE(ctx->async_notify))
                complete(&ctx->async_wait.completion);
 }
@@ -1271,7 +1279,7 @@ out:
 static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
                            struct iov_iter *out_iov,
                            struct scatterlist *out_sg,
-                            int *chunk, bool *zc)
+                            int *chunk, bool *zc, bool async)
 {
        struct tls_context *tls_ctx = tls_get_ctx(sk);
        struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
@@ -1371,13 +1379,13 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
 fallback_to_reg_recv:
                sgout = sgin;
                pages = 0;
-                *chunk = 0;
+                *chunk = data_len;
                *zc = false;
        }
        /* Prepare and submit AEAD request */
        err = tls_do_decryption(sk, skb, sgin, sgout, iv,
-                                data_len, aead_req, *zc);
+                                data_len, aead_req, async);
        if (err == -EINPROGRESS)
                return err;
@@ -1390,7 +1398,8 @@ fallback_to_reg_recv:
 }
 static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
-                              struct iov_iter *dest, int *chunk, bool *zc)
+                              struct iov_iter *dest, int *chunk, bool *zc,
+                              bool async)
 {
        struct tls_context *tls_ctx = tls_get_ctx(sk);
        struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
@@ -1403,7 +1412,7 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
                return err;
 #endif
        if (!ctx->decrypted) {
-                err = decrypt_internal(sk, skb, dest, NULL, chunk, zc);
+                err = decrypt_internal(sk, skb, dest, NULL, chunk, zc, async);
                if (err < 0) {
                        if (err == -EINPROGRESS)
                                tls_advance_record_sn(sk, &tls_ctx->rx);
@@ -1429,7 +1438,7 @@ int decrypt_skb(struct sock *sk, struct sk_buff *skb,
        bool zc = true;
        int chunk;
-        return decrypt_internal(sk, skb, NULL, sgout, &chunk, &zc);
+        return decrypt_internal(sk, skb, NULL, sgout, &chunk, &zc, false);
 }
 static bool tls_sw_advance_skb(struct sock *sk, struct sk_buff *skb,
@@ -1456,6 +1465,77 @@ static bool tls_sw_advance_skb(struct sock *sk, struct sk_buff *skb,
        return true;
 }
+/* This function traverses the rx_list in tls receive context to copies the
+ * decrypted data records into the buffer provided by caller zero copy is not
+ * true. Further, the records are removed from the rx_list if it is not a peek
+ * case and the record has been consumed completely.
+ */
+static int process_rx_list(struct tls_sw_context_rx *ctx,
+                           struct msghdr *msg,
+                           size_t skip,
+                           size_t len,
+                           bool zc,
+                           bool is_peek)
+{
+        struct sk_buff *skb = skb_peek(&ctx->rx_list);
+        ssize_t copied = 0;
+        while (skip && skb) {
+                struct strp_msg *rxm = strp_msg(skb);
+                if (skip < rxm->full_len)
+                        break;
+                skip = skip - rxm->full_len;
+                skb = skb_peek_next(skb, &ctx->rx_list);
+        }
+        while (len && skb) {
+                struct sk_buff *next_skb;
+                struct strp_msg *rxm = strp_msg(skb);
+                int chunk = min_t(unsigned int, rxm->full_len - skip, len);
+                if (!zc || (rxm->full_len - skip) > len) {
+                        int err = skb_copy_datagram_msg(skb, rxm->offset + skip,
+                                                    msg, chunk);
+                        if (err < 0)
+                                return err;
+                }
+                len = len - chunk;
+                copied = copied + chunk;
+                /* Consume the data from record if it is non-peek case*/
+                if (!is_peek) {
+                        rxm->offset = rxm->offset + chunk;
+                        rxm->full_len = rxm->full_len - chunk;
+                        /* Return if there is unconsumed data in the record */
+                        if (rxm->full_len - skip)
+                                break;
+                }
+                /* The remaining skip-bytes must lie in 1st record in rx_list.
+                 * So from the 2nd record, 'skip' should be 0.
+                 */
+                skip = 0;
+                if (msg)
+                        msg->msg_flags |= MSG_EOR;
+                next_skb = skb_peek_next(skb, &ctx->rx_list);
+                if (!is_peek) {
+                        skb_unlink(skb, &ctx->rx_list);
+                        kfree_skb(skb);
+                }
+                skb = next_skb;
+        }
+        return copied;
+}
 int tls_sw_recvmsg(struct sock *sk,
                   struct msghdr *msg,
                   size_t len,
@@ -1466,7 +1546,8 @@ int tls_sw_recvmsg(struct sock *sk,
        struct tls_context *tls_ctx = tls_get_ctx(sk);
        struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
        struct sk_psock *psock;
-        unsigned char control;
+        unsigned char control = 0;
+        ssize_t decrypted = 0;
        struct strp_msg *rxm;
        struct sk_buff *skb;
        ssize_t copied = 0;
@@ -1474,6 +1555,7 @@ int tls_sw_recvmsg(struct sock *sk,
        int target, err = 0;
        long timeo;
        bool is_kvec = iov_iter_is_kvec(&msg->msg_iter);
+        bool is_peek = flags & MSG_PEEK;
        int num_async = 0;
        flags |= nonblock;
@@ -1484,11 +1566,28 @@ int tls_sw_recvmsg(struct sock *sk,
        psock = sk_psock_get(sk);
        lock_sock(sk);
-        target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
+        /* Process pending decrypted records. It must be non-zero-copy */
-        timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
+        err = process_rx_list(ctx, msg, 0, len, false, is_peek);
+        if (err < 0) {
+                tls_err_abort(sk, err);
+                goto end;
+        } else {
+                copied = err;
+        }
+        len = len - copied;
+        if (len) {
+                target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
+                timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
+        } else {
+                goto recv_end;
+        }
        do {
-                bool zc = false;
+                bool retain_skb = false;
                bool async = false;
+                bool zc = false;
+                int to_decrypt;
                int chunk = 0;
                skb = tls_wait_data(sk, psock, flags, timeo, &err);
@@ -1498,7 +1597,7 @@ int tls_sw_recvmsg(struct sock *sk,
                                                            msg, len, flags);
                                if (ret > 0) {
-                                        copied += ret;
+                                        decrypted += ret;
                                        len -= ret;
                                        continue;
                                }
@@ -1525,70 +1624,70 @@ int tls_sw_recvmsg(struct sock *sk,
                        goto recv_end;
                }
-                if (!ctx->decrypted) {
+                to_decrypt = rxm->full_len - tls_ctx->rx.overhead_size;
-                        int to_copy = rxm->full_len - tls_ctx->rx.overhead_size;
-                        if (!is_kvec && to_copy <= len &&
+                if (to_decrypt <= len && !is_kvec && !is_peek)
-                            likely(!(flags & MSG_PEEK)))
+                        zc = true;
-                                zc = true;
-                        err = decrypt_skb_update(sk, skb, &msg->msg_iter,
+                err = decrypt_skb_update(sk, skb, &msg->msg_iter,
-                                                 &chunk, &zc);
+                                         &chunk, &zc, ctx->async_capable);
-                        if (err < 0 && err != -EINPROGRESS) {
+                if (err < 0 && err != -EINPROGRESS) {
-                                tls_err_abort(sk, EBADMSG);
+                        tls_err_abort(sk, EBADMSG);
-                                goto recv_end;
+                        goto recv_end;
-                        }
-                        if (err == -EINPROGRESS) {
-                                async = true;
-                                num_async++;
-                                goto pick_next_record;
-                        }
-                        ctx->decrypted = true;
                }
-                if (!zc) {
+                if (err == -EINPROGRESS) {
-                        chunk = min_t(unsigned int, rxm->full_len, len);
+                        async = true;
+                        num_async++;
+                        goto pick_next_record;
+                } else {
+                        if (!zc) {
+                                if (rxm->full_len > len) {
+                                        retain_skb = true;
+                                        chunk = len;
+                                } else {
+                                        chunk = rxm->full_len;
+                                }
+                                err = skb_copy_datagram_msg(skb, rxm->offset,
+                                                            msg, chunk);
+                                if (err < 0)
+                                        goto recv_end;
-                        err = skb_copy_datagram_msg(skb, rxm->offset, msg,
+                                if (!is_peek) {
-                                                    chunk);
+                                        rxm->offset = rxm->offset + chunk;
-                        if (err < 0)
+                                        rxm->full_len = rxm->full_len - chunk;
-                                goto recv_end;
+                                }
+                        }
                }
 pick_next_record:
-                copied += chunk;
+                if (chunk > len)
+                        chunk = len;
+                decrypted += chunk;
                len -= chunk;
-                if (likely(!(flags & MSG_PEEK))) {
-                        u8 control = ctx->control;
+                /* For async or peek case, queue the current skb */
+                if (async || is_peek || retain_skb) {
-                        /* For async, drop current skb reference */
+                        skb_queue_tail(&ctx->rx_list, skb);
-                        if (async)
+                        skb = NULL;
-                                skb = NULL;
+                }
-                        if (tls_sw_advance_skb(sk, skb, chunk)) {
+                if (tls_sw_advance_skb(sk, skb, chunk)) {
-                                /* Return full control message to
+                        /* Return full control message to
-                                 * userspace before trying to parse
+                         * userspace before trying to parse
-                                 * another message type
+                         * another message type
-                                 */
-                                msg->msg_flags |= MSG_EOR;
-                                if (control != TLS_RECORD_TYPE_DATA)
-                                        goto recv_end;
-                        } else {
-                                break;
-                        }
-                } else {
-                        /* MSG_PEEK right now cannot look beyond current skb
-                         * from strparser, meaning we cannot advance skb here
-                         * and thus unpause strparser since we'd loose original
-                         * one.
                         */
+                        msg->msg_flags |= MSG_EOR;
+                        if (ctx->control != TLS_RECORD_TYPE_DATA)
+                                goto recv_end;
+                } else {
                        break;
                }
                /* If we have a new message from strparser, continue now. */
-                if (copied >= target && !ctx->recv_pkt)
+                if (decrypted >= target && !ctx->recv_pkt)
                        break;
        } while (len);
@@ -1602,13 +1701,33 @@ recv_end:
                                /* one of async decrypt failed */
                                tls_err_abort(sk, err);
                                copied = 0;
+                                decrypted = 0;
+                                goto end;
                        }
                } else {
                        reinit_completion(&ctx->async_wait.completion);
                }
                WRITE_ONCE(ctx->async_notify, false);
+                /* Drain records from the rx_list & copy if required */
+                if (is_peek || is_kvec)
+                        err = process_rx_list(ctx, msg, copied,
+                                              decrypted, false, is_peek);
+                else
+                        err = process_rx_list(ctx, msg, 0,
+                                              decrypted, true, is_peek);
+                if (err < 0) {
+                        tls_err_abort(sk, err);
+                        copied = 0;
+                        goto end;
+                }
+                WARN_ON(decrypted != err);
        }
+        copied += decrypted;
+end:
        release_sock(sk);
        if (psock)
                sk_psock_put(sk, psock);
@@ -1645,7 +1764,7 @@ ssize_t tls_sw_splice_read(struct socket *sock,  loff_t *ppos,
        }
        if (!ctx->decrypted) {
-                err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc);
+                err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);
                if (err < 0) {
                        tls_err_abort(sk, EBADMSG);
@@ -1832,6 +1951,7 @@ void tls_sw_release_resources_rx(struct sock *sk)
        if (ctx->aead_recv) {
                kfree_skb(ctx->recv_pkt);
                ctx->recv_pkt = NULL;
+                skb_queue_purge(&ctx->rx_list);
                crypto_free_aead(ctx->aead_recv);
                strp_stop(&ctx->strp);
                write_lock_bh(&sk->sk_callback_lock);
@@ -1881,6 +2001,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx)
        struct crypto_aead **aead;
        struct strp_callbacks cb;
        u16 nonce_size, tag_size, iv_size, rec_seq_size;
+        struct crypto_tfm *tfm;
        char *iv, *rec_seq;
        int rc = 0;
@@ -1927,6 +2048,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx)
                crypto_init_wait(&sw_ctx_rx->async_wait);
                crypto_info = &ctx->crypto_recv.info;
                cctx = &ctx->rx;
+                skb_queue_head_init(&sw_ctx_rx->rx_list);
                aead = &sw_ctx_rx->aead_recv;
        }
@@ -1994,6 +2116,10 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx)
                goto free_aead;
        if (sw_ctx_rx) {
+                tfm = crypto_aead_tfm(sw_ctx_rx->aead_recv);
+                sw_ctx_rx->async_capable =
+                        tfm->__crt_alg->cra_flags & CRYPTO_ALG_ASYNC;
                /* Set up strparser */
                memset(&cb, 0, sizeof(cb));
                cb.rcv_msg = tls_queue;
author	Vakul Garg <vakul.garg@nxp.com>	2019-01-16 05:40:16 -0500
committer	David S. Miller <davem@davemloft.net>	2019-01-17 17:20:40 -0500
commit	692d7b5d1f9125a1cf0595e979e3b5fb7210547e (patch)
tree	eec9d65c6440f10cdbefa4d329e3a425babc5456 /net/tls
parent	fb73d620252ea595f217c5ffcdb5425e60e1509f (diff)

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index b8e50e22b777..86b9527c4826 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c
@@ -124,6 +124,7 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err)
124	{	124	{
125	struct aead_request aead_req = (struct aead_request )req;	125	struct aead_request aead_req = (struct aead_request )req;
126	struct scatterlist *sgout = aead_req->dst;	126	struct scatterlist *sgout = aead_req->dst;
		127	struct scatterlist *sgin = aead_req->src;
127	struct tls_sw_context_rx *ctx;	128	struct tls_sw_context_rx *ctx;
128	struct tls_context *tls_ctx;	129	struct tls_context *tls_ctx;
129	struct scatterlist *sg;	130	struct scatterlist *sg;
@@ -134,12 +135,16 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err)
134	skb = (struct sk_buff *)req->data;	135	skb = (struct sk_buff *)req->data;
135	tls_ctx = tls_get_ctx(skb->sk);	136	tls_ctx = tls_get_ctx(skb->sk);
136	ctx = tls_sw_ctx_rx(tls_ctx);	137	ctx = tls_sw_ctx_rx(tls_ctx);
137	pending = atomic_dec_return(&ctx->decrypt_pending);
138		138
139	/* Propagate if there was an err */	139	/* Propagate if there was an err */
140	if (err) {	140	if (err) {
141	ctx->async_wait.err = err;	141	ctx->async_wait.err = err;
142	tls_err_abort(skb->sk, err);	142	tls_err_abort(skb->sk, err);
		143	} else {
		144	struct strp_msg *rxm = strp_msg(skb);
		145
		146	rxm->offset += tls_ctx->rx.prepend_size;
		147	rxm->full_len -= tls_ctx->rx.overhead_size;
143	}	148	}
144		149
145	/* After using skb->sk to propagate sk through crypto async callback	150	/* After using skb->sk to propagate sk through crypto async callback
@@ -147,18 +152,21 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err)
147	*/	152	*/
148	skb->sk = NULL;	153	skb->sk = NULL;
149		154
150	/* Release the skb, pages and memory allocated for crypto req */
151	kfree_skb(skb);
152		155
153	/* Skip the first S/G entry as it points to AAD */	156	/* Free the destination pages if skb was not decrypted inplace */
154	for_each_sg(sg_next(sgout), sg, UINT_MAX, pages) {	157	if (sgout != sgin) {
155	if (!sg)	158	/* Skip the first S/G entry as it points to AAD */
156	break;	159	for_each_sg(sg_next(sgout), sg, UINT_MAX, pages) {
157	put_page(sg_page(sg));	160	if (!sg)
		161	break;
		162	put_page(sg_page(sg));
		163	}
158	}	164	}
159		165
160	kfree(aead_req);	166	kfree(aead_req);
161		167
		168	pending = atomic_dec_return(&ctx->decrypt_pending);
		169
162	if (!pending && READ_ONCE(ctx->async_notify))	170	if (!pending && READ_ONCE(ctx->async_notify))
163	complete(&ctx->async_wait.completion);	171	complete(&ctx->async_wait.completion);
164	}	172	}
@@ -1271,7 +1279,7 @@ out:
1271	static int decrypt_internal(struct sock sk, struct sk_buff skb,	1279	static int decrypt_internal(struct sock sk, struct sk_buff skb,
1272	struct iov_iter *out_iov,	1280	struct iov_iter *out_iov,
1273	struct scatterlist *out_sg,	1281	struct scatterlist *out_sg,
1274	int chunk, bool zc)	1282	int chunk, bool zc, bool async)
1275	{	1283	{
1276	struct tls_context *tls_ctx = tls_get_ctx(sk);	1284	struct tls_context *tls_ctx = tls_get_ctx(sk);
1277	struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);	1285	struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
@@ -1371,13 +1379,13 @@ static int decrypt_internal(struct sock sk, struct sk_buff skb,
1371	fallback_to_reg_recv:	1379	fallback_to_reg_recv:
1372	sgout = sgin;	1380	sgout = sgin;
1373	pages = 0;	1381	pages = 0;
1374	*chunk = 0;	1382	*chunk = data_len;
1375	*zc = false;	1383	*zc = false;
1376	}	1384	}
1377		1385
1378	/* Prepare and submit AEAD request */	1386	/* Prepare and submit AEAD request */
1379	err = tls_do_decryption(sk, skb, sgin, sgout, iv,	1387	err = tls_do_decryption(sk, skb, sgin, sgout, iv,
1380	data_len, aead_req, *zc);	1388	data_len, aead_req, async);
1381	if (err == -EINPROGRESS)	1389	if (err == -EINPROGRESS)
1382	return err;	1390	return err;
1383		1391
@@ -1390,7 +1398,8 @@ fallback_to_reg_recv:
1390	}	1398	}
1391		1399
1392	static int decrypt_skb_update(struct sock sk, struct sk_buff skb,	1400	static int decrypt_skb_update(struct sock sk, struct sk_buff skb,
1393	struct iov_iter dest, int chunk, bool *zc)	1401	struct iov_iter dest, int chunk, bool *zc,
		1402	bool async)
1394	{	1403	{
1395	struct tls_context *tls_ctx = tls_get_ctx(sk);	1404	struct tls_context *tls_ctx = tls_get_ctx(sk);
1396	struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);	1405	struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
@@ -1403,7 +1412,7 @@ static int decrypt_skb_update(struct sock sk, struct sk_buff skb,
1403	return err;	1412	return err;
1404	#endif	1413	#endif
1405	if (!ctx->decrypted) {	1414	if (!ctx->decrypted) {
1406	err = decrypt_internal(sk, skb, dest, NULL, chunk, zc);	1415	err = decrypt_internal(sk, skb, dest, NULL, chunk, zc, async);
1407	if (err < 0) {	1416	if (err < 0) {
1408	if (err == -EINPROGRESS)	1417	if (err == -EINPROGRESS)
1409	tls_advance_record_sn(sk, &tls_ctx->rx);	1418	tls_advance_record_sn(sk, &tls_ctx->rx);
@@ -1429,7 +1438,7 @@ int decrypt_skb(struct sock sk, struct sk_buff skb,
1429	bool zc = true;	1438	bool zc = true;
1430	int chunk;	1439	int chunk;
1431		1440
1432	return decrypt_internal(sk, skb, NULL, sgout, &chunk, &zc);	1441	return decrypt_internal(sk, skb, NULL, sgout, &chunk, &zc, false);
1433	}	1442	}
1434		1443
1435	static bool tls_sw_advance_skb(struct sock sk, struct sk_buff skb,	1444	static bool tls_sw_advance_skb(struct sock sk, struct sk_buff skb,
@@ -1456,6 +1465,77 @@ static bool tls_sw_advance_skb(struct sock sk, struct sk_buff skb,
1456	return true;	1465	return true;
1457	}	1466	}
1458		1467
		1468	/* This function traverses the rx_list in tls receive context to copies the
		1469	* decrypted data records into the buffer provided by caller zero copy is not
		1470	* true. Further, the records are removed from the rx_list if it is not a peek
		1471	* case and the record has been consumed completely.
		1472	*/
		1473	static int process_rx_list(struct tls_sw_context_rx *ctx,
		1474	struct msghdr *msg,
		1475	size_t skip,
		1476	size_t len,
		1477	bool zc,
		1478	bool is_peek)
		1479	{
		1480	struct sk_buff *skb = skb_peek(&ctx->rx_list);
		1481	ssize_t copied = 0;
		1482
		1483	while (skip && skb) {
		1484	struct strp_msg *rxm = strp_msg(skb);
		1485
		1486	if (skip < rxm->full_len)
		1487	break;
		1488
		1489	skip = skip - rxm->full_len;
		1490	skb = skb_peek_next(skb, &ctx->rx_list);
		1491	}
		1492
		1493	while (len && skb) {
		1494	struct sk_buff *next_skb;
		1495	struct strp_msg *rxm = strp_msg(skb);
		1496	int chunk = min_t(unsigned int, rxm->full_len - skip, len);
		1497
		1498	if (!zc \|\| (rxm->full_len - skip) > len) {
		1499	int err = skb_copy_datagram_msg(skb, rxm->offset + skip,
		1500	msg, chunk);
		1501	if (err < 0)
		1502	return err;
		1503	}
		1504
		1505	len = len - chunk;
		1506	copied = copied + chunk;
		1507
		1508	/* Consume the data from record if it is non-peek case*/
		1509	if (!is_peek) {
		1510	rxm->offset = rxm->offset + chunk;
		1511	rxm->full_len = rxm->full_len - chunk;
		1512
		1513	/* Return if there is unconsumed data in the record */
		1514	if (rxm->full_len - skip)
		1515	break;
		1516	}
		1517
		1518	/* The remaining skip-bytes must lie in 1st record in rx_list.
		1519	* So from the 2nd record, 'skip' should be 0.
		1520	*/
		1521	skip = 0;
		1522
		1523	if (msg)
		1524	msg->msg_flags \|= MSG_EOR;
		1525
		1526	next_skb = skb_peek_next(skb, &ctx->rx_list);
		1527
		1528	if (!is_peek) {
		1529	skb_unlink(skb, &ctx->rx_list);
		1530	kfree_skb(skb);
		1531	}
		1532
		1533	skb = next_skb;
		1534	}
		1535
		1536	return copied;
		1537	}
		1538
1459	int tls_sw_recvmsg(struct sock *sk,	1539	int tls_sw_recvmsg(struct sock *sk,
1460	struct msghdr *msg,	1540	struct msghdr *msg,
1461	size_t len,	1541	size_t len,
@@ -1466,7 +1546,8 @@ int tls_sw_recvmsg(struct sock *sk,
1466	struct tls_context *tls_ctx = tls_get_ctx(sk);	1546	struct tls_context *tls_ctx = tls_get_ctx(sk);
1467	struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);	1547	struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
1468	struct sk_psock *psock;	1548	struct sk_psock *psock;
1469	unsigned char control;	1549	unsigned char control = 0;
		1550	ssize_t decrypted = 0;
1470	struct strp_msg *rxm;	1551	struct strp_msg *rxm;
1471	struct sk_buff *skb;	1552	struct sk_buff *skb;
1472	ssize_t copied = 0;	1553	ssize_t copied = 0;
@@ -1474,6 +1555,7 @@ int tls_sw_recvmsg(struct sock *sk,
1474	int target, err = 0;	1555	int target, err = 0;
1475	long timeo;	1556	long timeo;
1476	bool is_kvec = iov_iter_is_kvec(&msg->msg_iter);	1557	bool is_kvec = iov_iter_is_kvec(&msg->msg_iter);
		1558	bool is_peek = flags & MSG_PEEK;
1477	int num_async = 0;	1559	int num_async = 0;
1478		1560
1479	flags \|= nonblock;	1561	flags \|= nonblock;
@@ -1484,11 +1566,28 @@ int tls_sw_recvmsg(struct sock *sk,
1484	psock = sk_psock_get(sk);	1566	psock = sk_psock_get(sk);
1485	lock_sock(sk);	1567	lock_sock(sk);
1486		1568
1487	target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);	1569	/* Process pending decrypted records. It must be non-zero-copy */
1488	timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);	1570	err = process_rx_list(ctx, msg, 0, len, false, is_peek);
		1571	if (err < 0) {
		1572	tls_err_abort(sk, err);
		1573	goto end;
		1574	} else {
		1575	copied = err;
		1576	}
		1577
		1578	len = len - copied;
		1579	if (len) {
		1580	target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
		1581	timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
		1582	} else {
		1583	goto recv_end;
		1584	}
		1585
1489	do {	1586	do {
1490	bool zc = false;	1587	bool retain_skb = false;
1491	bool async = false;	1588	bool async = false;
		1589	bool zc = false;
		1590	int to_decrypt;
1492	int chunk = 0;	1591	int chunk = 0;
1493		1592
1494	skb = tls_wait_data(sk, psock, flags, timeo, &err);	1593	skb = tls_wait_data(sk, psock, flags, timeo, &err);
@@ -1498,7 +1597,7 @@ int tls_sw_recvmsg(struct sock *sk,
1498	msg, len, flags);	1597	msg, len, flags);
1499		1598
1500	if (ret > 0) {	1599	if (ret > 0) {
1501	copied += ret;	1600	decrypted += ret;
1502	len -= ret;	1601	len -= ret;
1503	continue;	1602	continue;
1504	}	1603	}
@@ -1525,70 +1624,70 @@ int tls_sw_recvmsg(struct sock *sk,
1525	goto recv_end;	1624	goto recv_end;
1526	}	1625	}
1527		1626
1528	if (!ctx->decrypted) {	1627	to_decrypt = rxm->full_len - tls_ctx->rx.overhead_size;
1529	int to_copy = rxm->full_len - tls_ctx->rx.overhead_size;
1530		1628
1531	if (!is_kvec && to_copy <= len &&	1629	if (to_decrypt <= len && !is_kvec && !is_peek)
1532	likely(!(flags & MSG_PEEK)))	1630	zc = true;
1533	zc = true;
1534		1631
1535	err = decrypt_skb_update(sk, skb, &msg->msg_iter,	1632	err = decrypt_skb_update(sk, skb, &msg->msg_iter,
1536	&chunk, &zc);	1633	&chunk, &zc, ctx->async_capable);
1537	if (err < 0 && err != -EINPROGRESS) {	1634	if (err < 0 && err != -EINPROGRESS) {
1538	tls_err_abort(sk, EBADMSG);	1635	tls_err_abort(sk, EBADMSG);
1539	goto recv_end;	1636	goto recv_end;
1540	}
1541
1542	if (err == -EINPROGRESS) {
1543	async = true;
1544	num_async++;
1545	goto pick_next_record;
1546	}
1547
1548	ctx->decrypted = true;
1549	}	1637	}
1550		1638
1551	if (!zc) {	1639	if (err == -EINPROGRESS) {
1552	chunk = min_t(unsigned int, rxm->full_len, len);	1640	async = true;
		1641	num_async++;
		1642	goto pick_next_record;
		1643	} else {
		1644	if (!zc) {
		1645	if (rxm->full_len > len) {
		1646	retain_skb = true;
		1647	chunk = len;
		1648	} else {
		1649	chunk = rxm->full_len;
		1650	}
		1651
		1652	err = skb_copy_datagram_msg(skb, rxm->offset,
		1653	msg, chunk);
		1654	if (err < 0)
		1655	goto recv_end;
1553		1656
1554	err = skb_copy_datagram_msg(skb, rxm->offset, msg,	1657	if (!is_peek) {
1555	chunk);	1658	rxm->offset = rxm->offset + chunk;
1556	if (err < 0)	1659	rxm->full_len = rxm->full_len - chunk;
1557	goto recv_end;	1660	}
		1661	}
1558	}	1662	}
1559		1663
1560	pick_next_record:	1664	pick_next_record:
1561	copied += chunk;	1665	if (chunk > len)
		1666	chunk = len;
		1667
		1668	decrypted += chunk;
1562	len -= chunk;	1669	len -= chunk;
1563	if (likely(!(flags & MSG_PEEK))) {	1670
1564	u8 control = ctx->control;	1671	/* For async or peek case, queue the current skb */
1565		1672	if (async \|\| is_peek \|\| retain_skb) {
1566	/* For async, drop current skb reference */	1673	skb_queue_tail(&ctx->rx_list, skb);
1567	if (async)	1674	skb = NULL;
1568	skb = NULL;	1675	}
1569		1676
1570	if (tls_sw_advance_skb(sk, skb, chunk)) {	1677	if (tls_sw_advance_skb(sk, skb, chunk)) {
1571	/* Return full control message to	1678	/* Return full control message to
1572	* userspace before trying to parse	1679	* userspace before trying to parse
1573	* another message type	1680	* another message type
1574	*/
1575	msg->msg_flags \|= MSG_EOR;
1576	if (control != TLS_RECORD_TYPE_DATA)
1577	goto recv_end;
1578	} else {
1579	break;
1580	}
1581	} else {
1582	/* MSG_PEEK right now cannot look beyond current skb
1583	* from strparser, meaning we cannot advance skb here
1584	* and thus unpause strparser since we'd loose original
1585	* one.
1586	*/	1681	*/
		1682	msg->msg_flags \|= MSG_EOR;
		1683	if (ctx->control != TLS_RECORD_TYPE_DATA)
		1684	goto recv_end;
		1685	} else {
1587	break;	1686	break;
1588	}	1687	}
1589		1688
1590	/* If we have a new message from strparser, continue now. */	1689	/* If we have a new message from strparser, continue now. */
1591	if (copied >= target && !ctx->recv_pkt)	1690	if (decrypted >= target && !ctx->recv_pkt)
1592	break;	1691	break;
1593	} while (len);	1692	} while (len);
1594		1693
@@ -1602,13 +1701,33 @@ recv_end:
1602	/* one of async decrypt failed */	1701	/* one of async decrypt failed */
1603	tls_err_abort(sk, err);	1702	tls_err_abort(sk, err);
1604	copied = 0;	1703	copied = 0;
		1704	decrypted = 0;
		1705	goto end;
1605	}	1706	}
1606	} else {	1707	} else {
1607	reinit_completion(&ctx->async_wait.completion);	1708	reinit_completion(&ctx->async_wait.completion);
1608	}	1709	}
1609	WRITE_ONCE(ctx->async_notify, false);	1710	WRITE_ONCE(ctx->async_notify, false);
		1711
		1712	/* Drain records from the rx_list & copy if required */
		1713	if (is_peek \|\| is_kvec)
		1714	err = process_rx_list(ctx, msg, copied,
		1715	decrypted, false, is_peek);
		1716	else
		1717	err = process_rx_list(ctx, msg, 0,
		1718	decrypted, true, is_peek);
		1719	if (err < 0) {
		1720	tls_err_abort(sk, err);
		1721	copied = 0;
		1722	goto end;
		1723	}
		1724
		1725	WARN_ON(decrypted != err);
1610	}	1726	}
1611		1727
		1728	copied += decrypted;
		1729
		1730	end:
1612	release_sock(sk);	1731	release_sock(sk);
1613	if (psock)	1732	if (psock)
1614	sk_psock_put(sk, psock);	1733	sk_psock_put(sk, psock);
@@ -1645,7 +1764,7 @@ ssize_t tls_sw_splice_read(struct socket sock, loff_t ppos,
1645	}	1764	}
1646		1765
1647	if (!ctx->decrypted) {	1766	if (!ctx->decrypted) {
1648	err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc);	1767	err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);
1649		1768
1650	if (err < 0) {	1769	if (err < 0) {
1651	tls_err_abort(sk, EBADMSG);	1770	tls_err_abort(sk, EBADMSG);
@@ -1832,6 +1951,7 @@ void tls_sw_release_resources_rx(struct sock *sk)
1832	if (ctx->aead_recv) {	1951	if (ctx->aead_recv) {
1833	kfree_skb(ctx->recv_pkt);	1952	kfree_skb(ctx->recv_pkt);
1834	ctx->recv_pkt = NULL;	1953	ctx->recv_pkt = NULL;
		1954	skb_queue_purge(&ctx->rx_list);
1835	crypto_free_aead(ctx->aead_recv);	1955	crypto_free_aead(ctx->aead_recv);
1836	strp_stop(&ctx->strp);	1956	strp_stop(&ctx->strp);
1837	write_lock_bh(&sk->sk_callback_lock);	1957	write_lock_bh(&sk->sk_callback_lock);
@@ -1881,6 +2001,7 @@ int tls_set_sw_offload(struct sock sk, struct tls_context ctx, int tx)
1881	struct crypto_aead **aead;	2001	struct crypto_aead **aead;
1882	struct strp_callbacks cb;	2002	struct strp_callbacks cb;
1883	u16 nonce_size, tag_size, iv_size, rec_seq_size;	2003	u16 nonce_size, tag_size, iv_size, rec_seq_size;
		2004	struct crypto_tfm *tfm;
1884	char iv, rec_seq;	2005	char iv, rec_seq;
1885	int rc = 0;	2006	int rc = 0;
1886		2007
@@ -1927,6 +2048,7 @@ int tls_set_sw_offload(struct sock sk, struct tls_context ctx, int tx)
1927	crypto_init_wait(&sw_ctx_rx->async_wait);	2048	crypto_init_wait(&sw_ctx_rx->async_wait);
1928	crypto_info = &ctx->crypto_recv.info;	2049	crypto_info = &ctx->crypto_recv.info;
1929	cctx = &ctx->rx;	2050	cctx = &ctx->rx;
		2051	skb_queue_head_init(&sw_ctx_rx->rx_list);
1930	aead = &sw_ctx_rx->aead_recv;	2052	aead = &sw_ctx_rx->aead_recv;
1931	}	2053	}
1932		2054
@@ -1994,6 +2116,10 @@ int tls_set_sw_offload(struct sock sk, struct tls_context ctx, int tx)
1994	goto free_aead;	2116	goto free_aead;
1995		2117
1996	if (sw_ctx_rx) {	2118	if (sw_ctx_rx) {
		2119	tfm = crypto_aead_tfm(sw_ctx_rx->aead_recv);
		2120	sw_ctx_rx->async_capable =
		2121	tfm->__crt_alg->cra_flags & CRYPTO_ALG_ASYNC;
		2122
1997	/* Set up strparser */	2123	/* Set up strparser */
1998	memset(&cb, 0, sizeof(cb));	2124	memset(&cb, 0, sizeof(cb));
1999	cb.rcv_msg = tls_queue;	2125	cb.rcv_msg = tls_queue;