1 files changed, 70 insertions, 16 deletions

diff --git a/include/net/tls.h b/include/net/tls.h
index 70c273777fe9..d5c683e8bb22 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -83,6 +83,16 @@ struct tls_device {
         void (*unhash)(struct tls_device *device, struct sock *sk);
 };
 
+enum {
+        TLS_BASE,
+        TLS_SW,
+#ifdef CONFIG_TLS_DEVICE
+        TLS_HW,
+#endif
+        TLS_HW_RECORD,
+        TLS_NUM_CONFIG,
+};
+
 struct tls_sw_context_tx {
         struct crypto_aead *aead_send;
         struct crypto_wait async_wait;
@@ -114,10 +124,6 @@ struct tls_sw_context_rx {
         struct sk_buff *recv_pkt;
         u8 control;
         bool decrypted;
-
-        char rx_aad_ciphertext[TLS_AAD_SPACE_SIZE];
-        char rx_aad_plaintext[TLS_AAD_SPACE_SIZE];
-
 };
 
 struct tls_record_info {
@@ -128,7 +134,7 @@ struct tls_record_info {
         skb_frag_t frags[MAX_SKB_FRAGS];
 };
 
-struct tls_offload_context {
+struct tls_offload_context_tx {
         struct crypto_aead *aead_send;
         spinlock_t lock;        /* protects records list */
         struct list_head records_list;
@@ -147,8 +153,8 @@ struct tls_offload_context {
 #define TLS_DRIVER_STATE_SIZE (max_t(size_t, 8, sizeof(void *)))
 };
 
-#define TLS_OFFLOAD_CONTEXT_SIZE                                               \
-        (ALIGN(sizeof(struct tls_offload_context), sizeof(void *)) +           \
+#define TLS_OFFLOAD_CONTEXT_SIZE_TX                                            \
+        (ALIGN(sizeof(struct tls_offload_context_tx), sizeof(void *)) +        \
          TLS_DRIVER_STATE_SIZE)
 
 enum {
@@ -197,6 +203,7 @@ struct tls_context {
         int (*push_pending_record)(struct sock *sk, int flags);
 
         void (*sk_write_space)(struct sock *sk);
+        void (*sk_destruct)(struct sock *sk);
         void (*sk_proto_close)(struct sock *sk, long timeout);
 
         int  (*setsockopt)(struct sock *sk, int level,
@@ -209,13 +216,27 @@ struct tls_context {
         void (*unhash)(struct sock *sk);
 };
 
+struct tls_offload_context_rx {
+        /* sw must be the first member of tls_offload_context_rx */
+        struct tls_sw_context_rx sw;
+        atomic64_t resync_req;
+        u8 driver_state[];
+        /* The TLS layer reserves room for driver specific state
+         * Currently the belief is that there is not enough
+         * driver specific state to justify another layer of indirection
+         */
+};
+
+#define TLS_OFFLOAD_CONTEXT_SIZE_RX                                     \
+        (ALIGN(sizeof(struct tls_offload_context_rx), sizeof(void *)) + \
+         TLS_DRIVER_STATE_SIZE)
+
 int wait_on_pending_writer(struct sock *sk, long *timeo);
 int tls_sk_query(struct sock *sk, int optname, char __user *optval,
                 int __user *optlen);
 int tls_sk_attach(struct sock *sk, int optname, char __user *optval,
                   unsigned int optlen);
 
-
 int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx);
 int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);
 int tls_sw_sendpage(struct sock *sk, struct page *page,
@@ -223,6 +244,7 @@ int tls_sw_sendpage(struct sock *sk, struct page *page,
 void tls_sw_close(struct sock *sk, long timeout);
 void tls_sw_free_resources_tx(struct sock *sk);
 void tls_sw_free_resources_rx(struct sock *sk);
+void tls_sw_release_resources_rx(struct sock *sk);
 int tls_sw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
                    int nonblock, int flags, int *addr_len);
 unsigned int tls_sw_poll(struct file *file, struct socket *sock,
@@ -239,7 +261,7 @@ void tls_device_sk_destruct(struct sock *sk);
 void tls_device_init(void);
 void tls_device_cleanup(void);
 
-struct tls_record_info *tls_get_record(struct tls_offload_context *context,
+struct tls_record_info *tls_get_record(struct tls_offload_context_tx *context,
                                        u32 seq, u64 *p_record_sn);
 
 static inline bool tls_record_is_start_marker(struct tls_record_info *rec)
@@ -289,11 +311,19 @@ static inline bool tls_is_pending_open_record(struct tls_context *tls_ctx)
         return tls_ctx->pending_open_record_frags;
 }
 
+struct sk_buff *
+tls_validate_xmit_skb(struct sock *sk, struct net_device *dev,
+                      struct sk_buff *skb);
+
 static inline bool tls_is_sk_tx_device_offloaded(struct sock *sk)
 {
-        return sk_fullsock(sk) &&
-               /* matches smp_store_release in tls_set_device_offload */
-               smp_load_acquire(&sk->sk_destruct) == &tls_device_sk_destruct;
+#ifdef CONFIG_SOCK_VALIDATE_XMIT
+        return sk_fullsock(sk) &
+               (smp_load_acquire(&sk->sk_validate_xmit_skb) ==
+               &tls_validate_xmit_skb);
+#else
+        return false;
+#endif
 }
 
 static inline void tls_err_abort(struct sock *sk, int err)
@@ -380,23 +410,47 @@ static inline struct tls_sw_context_tx *tls_sw_ctx_tx(
         return (struct tls_sw_context_tx *)tls_ctx->priv_ctx_tx;
 }
 
-static inline struct tls_offload_context *tls_offload_ctx(
-                const struct tls_context *tls_ctx)
+static inline struct tls_offload_context_tx *
+tls_offload_ctx_tx(const struct tls_context *tls_ctx)
+{
+        return (struct tls_offload_context_tx *)tls_ctx->priv_ctx_tx;
+}
+
+static inline struct tls_offload_context_rx *
+tls_offload_ctx_rx(const struct tls_context *tls_ctx)
 {
-        return (struct tls_offload_context *)tls_ctx->priv_ctx_tx;
+        return (struct tls_offload_context_rx *)tls_ctx->priv_ctx_rx;
 }
 
+/* The TLS context is valid until sk_destruct is called */
+static inline void tls_offload_rx_resync_request(struct sock *sk, __be32 seq)
+{
+        struct tls_context *tls_ctx = tls_get_ctx(sk);
+        struct tls_offload_context_rx *rx_ctx = tls_offload_ctx_rx(tls_ctx);
+
+        atomic64_set(&rx_ctx->resync_req, ((((uint64_t)seq) << 32) | 1));
+}
+
+
 int tls_proccess_cmsg(struct sock *sk, struct msghdr *msg,
                       unsigned char *record_type);
 void tls_register_device(struct tls_device *device);
 void tls_unregister_device(struct tls_device *device);
+int tls_device_decrypted(struct sock *sk, struct sk_buff *skb);
+int decrypt_skb(struct sock *sk, struct sk_buff *skb,
+                struct scatterlist *sgout);
 
 struct sk_buff *tls_validate_xmit_skb(struct sock *sk,
                                       struct net_device *dev,
                                       struct sk_buff *skb);
 
 int tls_sw_fallback_init(struct sock *sk,
-                         struct tls_offload_context *offload_ctx,
+                         struct tls_offload_context_tx *offload_ctx,
                          struct tls_crypto_info *crypto_info);
 
+int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx);
+
+void tls_device_offload_cleanup_rx(struct sock *sk);
+void handle_device_resync(struct sock *sk, u32 seq, u64 rcd_sn);
+
 #endif /* _TLS_OFFLOAD_H */