projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 16e4edc)
tcp: Don't coalesce decrypted and encrypted SKBs
authorBoris Pismenny <borisp@mellanox.com>
Fri, 13 Jul 2018 11:33:38 +0000 (14:33 +0300)
committerDavid S. Miller <davem@davemloft.net>
Mon, 16 Jul 2018 07:12:09 +0000 (00:12 -0700)
Prevent coalescing of decrypted and encrypted SKBs in GRO
and TCP layer.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/tcp_input.c patch | blob | history
net/ipv4/tcp_offload.c patch | blob | history

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index fac5d03d45281a240ef759f26a178de9a366641a..91dbb9afb95021eb2ca928978de556b8557b38ec 100644 (file)
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4343,6 +4343,11 @@ static bool tcp_try_coalesce(struct sock *sk,
        if (TCP_SKB_CB(from)->seq != TCP_SKB_CB(to)->end_seq)
                return false;
 
+#ifdef CONFIG_TLS_DEVICE
+       if (from->decrypted != to->decrypted)
+               return false;
+#endif
+
        if (!skb_try_coalesce(to, from, fragstolen, &delta))
                return false;
 
@@ -4871,6 +4876,9 @@ restart:
                        break;
 
                memcpy(nskb->cb, skb->cb, sizeof(skb->cb));
+#ifdef CONFIG_TLS_DEVICE
+               nskb->decrypted = skb->decrypted;
+#endif
                TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(nskb)->end_seq = start;
                if (list)
                        __skb_queue_before(list, skb, nskb);
@@ -4898,6 +4906,10 @@ restart:
                                    skb == tail ||
                                    (TCP_SKB_CB(skb)->tcp_flags & (TCPHDR_SYN | TCPHDR_FIN)))
                                        goto end;
+#ifdef CONFIG_TLS_DEVICE
+                               if (skb->decrypted != nskb->decrypted)
+                                       goto end;
+#endif
                        }
                }
        }
diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c
index f5aee641f825be8af56fd8ee9b0998f56605c0a7..870b0a3350616a87580882cbc06382f5e415aef5 100644 (file)
--- a/net/ipv4/tcp_offload.c
+++ b/net/ipv4/tcp_offload.c
@@ -262,6 +262,9 @@ found:
 
        flush |= (len - 1) >= mss;
        flush |= (ntohl(th2->seq) + skb_gro_len(p)) ^ ntohl(th->seq);
+#ifdef CONFIG_TLS_DEVICE
+       flush |= p->decrypted ^ skb->decrypted;
+#endif
 
        if (flush || skb_gro_receive(p, skb)) {
                mss = 1;
John Crispins staging tree