• J
    net/tls: fix state removal with feature flags off · fb69403e
    Jakub Kicinski 提交于
    [ Upstream commit 3686637e507b48525fcea6fb91e1988bdbc14530 ]
    
    TLS offload drivers shouldn't (and currently don't) block
    the TLS offload feature changes based on whether there are
    active offloaded connections or not.
    
    This seems to be a good idea, because we want the admin to
    be able to disable the TLS offload at any time, and there
    is no clean way of disabling it for active connections
    (TX side is quite problematic).  So if features are cleared
    existing connections will stay offloaded until they close,
    and new connections will not attempt offload to a given
    device.
    
    However, the offload state removal handling is currently
    broken if feature flags get cleared while there are
    active TLS offloads.
    
    RX side will completely bail from cleanup, even on normal
    remove path, leaving device state dangling, potentially
    causing issues when the 5-tuple is reused.  It will also
    fail to release the netdev reference.
    
    Remove the RX-side warning message, in next release cycle
    it should be printed when features are disabled, rather
    than when connection dies, but for that we need a more
    efficient method of finding connection of a given netdev
    (a'la BPF offload code).
    
    Fixes: 4799ac81 ("tls: Add rx inline crypto offload")
    Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    fb69403e
tls_device.c 25.1 KB