Skip to content

Commit 80ece6a

Browse files
nxa22042davem330
nxa22042
authored and
davem330
committed
tls: Remove redundant vars from tls record structure
Structure 'tls_rec' contains sg_aead_in and sg_aead_out which point to a aad_space and then chain scatterlists sg_plaintext_data, sg_encrypted_data respectively. Rather than using chained scatterlists for plaintext and encrypted data in aead_req, it is efficient to store aad_space in sg_encrypted_data and sg_plaintext_data itself in the first index and get rid of sg_aead_in, sg_aead_in and further chaining. This requires increasing size of sg_encrypted_data & sg_plaintext_data arrarys by 1 to accommodate entry for aad_space. The code which uses sg_encrypted_data and sg_plaintext_data has been modified to skip first index as it points to aad_space. Signed-off-by: Vakul Garg <vakul.garg@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 6e9feb3 commit 80ece6a

File tree

2 files changed

+45
-53
lines changed

2 files changed

+45
-53
lines changed

include/net/tls.h

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -101,13 +101,11 @@ struct tls_rec {
101101
struct list_head list;
102102
int tx_ready;
103103
int tx_flags;
104-
struct scatterlist sg_plaintext_data[MAX_SKB_FRAGS];
105-
struct scatterlist sg_encrypted_data[MAX_SKB_FRAGS];
106104

107105
/* AAD | sg_plaintext_data | sg_tag */
108-
struct scatterlist sg_aead_in[2];
106+
struct scatterlist sg_plaintext_data[MAX_SKB_FRAGS + 1];
109107
/* AAD | sg_encrypted_data (data contain overhead for hdr&iv&tag) */
110-
struct scatterlist sg_aead_out[2];
108+
struct scatterlist sg_encrypted_data[MAX_SKB_FRAGS + 1];
111109

112110
unsigned int sg_plaintext_size;
113111
unsigned int sg_encrypted_size;

net/tls/tls_sw.c

Lines changed: 43 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -248,15 +248,15 @@ static void trim_both_sgl(struct sock *sk, int target_size)
248248
struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
249249
struct tls_rec *rec = ctx->open_rec;
250250

251-
trim_sg(sk, rec->sg_plaintext_data,
251+
trim_sg(sk, &rec->sg_plaintext_data[1],
252252
&rec->sg_plaintext_num_elem,
253253
&rec->sg_plaintext_size,
254254
target_size);
255255

256256
if (target_size > 0)
257257
target_size += tls_ctx->tx.overhead_size;
258258

259-
trim_sg(sk, rec->sg_encrypted_data,
259+
trim_sg(sk, &rec->sg_encrypted_data[1],
260260
&rec->sg_encrypted_num_elem,
261261
&rec->sg_encrypted_size,
262262
target_size);
@@ -270,12 +270,13 @@ static int alloc_encrypted_sg(struct sock *sk, int len)
270270
int rc = 0;
271271

272272
rc = sk_alloc_sg(sk, len,
273-
rec->sg_encrypted_data, 0,
273+
&rec->sg_encrypted_data[1], 0,
274274
&rec->sg_encrypted_num_elem,
275275
&rec->sg_encrypted_size, 0);
276276

277277
if (rc == -ENOSPC)
278-
rec->sg_encrypted_num_elem = ARRAY_SIZE(rec->sg_encrypted_data);
278+
rec->sg_encrypted_num_elem =
279+
ARRAY_SIZE(rec->sg_encrypted_data) - 1;
279280

280281
return rc;
281282
}
@@ -287,12 +288,15 @@ static int alloc_plaintext_sg(struct sock *sk, int len)
287288
struct tls_rec *rec = ctx->open_rec;
288289
int rc = 0;
289290

290-
rc = sk_alloc_sg(sk, len, rec->sg_plaintext_data, 0,
291-
&rec->sg_plaintext_num_elem, &rec->sg_plaintext_size,
291+
rc = sk_alloc_sg(sk, len,
292+
&rec->sg_plaintext_data[1], 0,
293+
&rec->sg_plaintext_num_elem,
294+
&rec->sg_plaintext_size,
292295
tls_ctx->pending_open_record_frags);
293296

294297
if (rc == -ENOSPC)
295-
rec->sg_plaintext_num_elem = ARRAY_SIZE(rec->sg_plaintext_data);
298+
rec->sg_plaintext_num_elem =
299+
ARRAY_SIZE(rec->sg_plaintext_data) - 1;
296300

297301
return rc;
298302
}
@@ -320,11 +324,11 @@ static void tls_free_open_rec(struct sock *sk)
320324
if (!rec)
321325
return;
322326

323-
free_sg(sk, rec->sg_encrypted_data,
327+
free_sg(sk, &rec->sg_encrypted_data[1],
324328
&rec->sg_encrypted_num_elem,
325329
&rec->sg_encrypted_size);
326330

327-
free_sg(sk, rec->sg_plaintext_data,
331+
free_sg(sk, &rec->sg_plaintext_data[1],
328332
&rec->sg_plaintext_num_elem,
329333
&rec->sg_plaintext_size);
330334

@@ -355,7 +359,7 @@ int tls_tx_records(struct sock *sk, int flags)
355359
* Remove the head of tx_list
356360
*/
357361
list_del(&rec->list);
358-
free_sg(sk, rec->sg_plaintext_data,
362+
free_sg(sk, &rec->sg_plaintext_data[1],
359363
&rec->sg_plaintext_num_elem, &rec->sg_plaintext_size);
360364

361365
kfree(rec);
@@ -370,13 +374,13 @@ int tls_tx_records(struct sock *sk, int flags)
370374
tx_flags = flags;
371375

372376
rc = tls_push_sg(sk, tls_ctx,
373-
&rec->sg_encrypted_data[0],
377+
&rec->sg_encrypted_data[1],
374378
0, tx_flags);
375379
if (rc)
376380
goto tx_err;
377381

378382
list_del(&rec->list);
379-
free_sg(sk, rec->sg_plaintext_data,
383+
free_sg(sk, &rec->sg_plaintext_data[1],
380384
&rec->sg_plaintext_num_elem,
381385
&rec->sg_plaintext_size);
382386

@@ -405,16 +409,12 @@ static void tls_encrypt_done(struct crypto_async_request *req, int err)
405409

406410
rec = container_of(aead_req, struct tls_rec, aead_req);
407411

408-
rec->sg_encrypted_data[0].offset -= tls_ctx->tx.prepend_size;
409-
rec->sg_encrypted_data[0].length += tls_ctx->tx.prepend_size;
412+
rec->sg_encrypted_data[1].offset -= tls_ctx->tx.prepend_size;
413+
rec->sg_encrypted_data[1].length += tls_ctx->tx.prepend_size;
410414

411415

412-
/* Free the record if error is previously set on socket */
416+
/* Check if error is previously set on socket */
413417
if (err || sk->sk_err) {
414-
free_sg(sk, rec->sg_encrypted_data,
415-
&rec->sg_encrypted_num_elem, &rec->sg_encrypted_size);
416-
417-
kfree(rec);
418418
rec = NULL;
419419

420420
/* If err is already set on socket, return the same code */
@@ -449,7 +449,7 @@ static void tls_encrypt_done(struct crypto_async_request *req, int err)
449449

450450
/* Schedule the transmission */
451451
if (!test_and_set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask))
452-
schedule_delayed_work(&ctx->tx_work.work, 1);
452+
schedule_delayed_work(&ctx->tx_work.work, 2);
453453
}
454454

455455
static int tls_do_encryption(struct sock *sk,
@@ -461,13 +461,14 @@ static int tls_do_encryption(struct sock *sk,
461461
struct tls_rec *rec = ctx->open_rec;
462462
int rc;
463463

464-
rec->sg_encrypted_data[0].offset += tls_ctx->tx.prepend_size;
465-
rec->sg_encrypted_data[0].length -= tls_ctx->tx.prepend_size;
464+
/* Skip the first index as it contains AAD data */
465+
rec->sg_encrypted_data[1].offset += tls_ctx->tx.prepend_size;
466+
rec->sg_encrypted_data[1].length -= tls_ctx->tx.prepend_size;
466467

467468
aead_request_set_tfm(aead_req, ctx->aead_send);
468469
aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
469-
aead_request_set_crypt(aead_req, rec->sg_aead_in,
470-
rec->sg_aead_out,
470+
aead_request_set_crypt(aead_req, rec->sg_plaintext_data,
471+
rec->sg_encrypted_data,
471472
data_len, tls_ctx->tx.iv);
472473

473474
aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
@@ -480,8 +481,8 @@ static int tls_do_encryption(struct sock *sk,
480481
rc = crypto_aead_encrypt(aead_req);
481482
if (!rc || rc != -EINPROGRESS) {
482483
atomic_dec(&ctx->encrypt_pending);
483-
rec->sg_encrypted_data[0].offset -= tls_ctx->tx.prepend_size;
484-
rec->sg_encrypted_data[0].length += tls_ctx->tx.prepend_size;
484+
rec->sg_encrypted_data[1].offset -= tls_ctx->tx.prepend_size;
485+
rec->sg_encrypted_data[1].length += tls_ctx->tx.prepend_size;
485486
}
486487

487488
if (!rc) {
@@ -512,16 +513,16 @@ static int tls_push_record(struct sock *sk, int flags,
512513
rec->tx_flags = flags;
513514
req = &rec->aead_req;
514515

515-
sg_mark_end(rec->sg_plaintext_data + rec->sg_plaintext_num_elem - 1);
516-
sg_mark_end(rec->sg_encrypted_data + rec->sg_encrypted_num_elem - 1);
516+
sg_mark_end(rec->sg_plaintext_data + rec->sg_plaintext_num_elem);
517+
sg_mark_end(rec->sg_encrypted_data + rec->sg_encrypted_num_elem);
517518

518519
tls_make_aad(rec->aad_space, rec->sg_plaintext_size,
519520
tls_ctx->tx.rec_seq, tls_ctx->tx.rec_seq_size,
520521
record_type);
521522

522523
tls_fill_prepend(tls_ctx,
523-
page_address(sg_page(&rec->sg_encrypted_data[0])) +
524-
rec->sg_encrypted_data[0].offset,
524+
page_address(sg_page(&rec->sg_encrypted_data[1])) +
525+
rec->sg_encrypted_data[1].offset,
525526
rec->sg_plaintext_size, record_type);
526527

527528
tls_ctx->pending_open_record_frags = 0;
@@ -613,7 +614,7 @@ static int memcopy_from_iter(struct sock *sk, struct iov_iter *from,
613614
struct tls_context *tls_ctx = tls_get_ctx(sk);
614615
struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
615616
struct tls_rec *rec = ctx->open_rec;
616-
struct scatterlist *sg = rec->sg_plaintext_data;
617+
struct scatterlist *sg = &rec->sg_plaintext_data[1];
617618
int copy, i, rc = 0;
618619

619620
for (i = tls_ctx->pending_open_record_frags;
@@ -659,17 +660,10 @@ static struct tls_rec *get_rec(struct sock *sk)
659660
sg_init_table(&rec->sg_encrypted_data[0],
660661
ARRAY_SIZE(rec->sg_encrypted_data));
661662

662-
sg_init_table(rec->sg_aead_in, 2);
663-
sg_set_buf(&rec->sg_aead_in[0], rec->aad_space,
663+
sg_set_buf(&rec->sg_plaintext_data[0], rec->aad_space,
664664
sizeof(rec->aad_space));
665-
sg_unmark_end(&rec->sg_aead_in[1]);
666-
sg_chain(rec->sg_aead_in, 2, rec->sg_plaintext_data);
667-
668-
sg_init_table(rec->sg_aead_out, 2);
669-
sg_set_buf(&rec->sg_aead_out[0], rec->aad_space,
665+
sg_set_buf(&rec->sg_encrypted_data[0], rec->aad_space,
670666
sizeof(rec->aad_space));
671-
sg_unmark_end(&rec->sg_aead_out[1]);
672-
sg_chain(rec->sg_aead_out, 2, rec->sg_encrypted_data);
673667

674668
ctx->open_rec = rec;
675669

@@ -763,8 +757,8 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
763757
ret = zerocopy_from_iter(sk, &msg->msg_iter,
764758
try_to_copy, &rec->sg_plaintext_num_elem,
765759
&rec->sg_plaintext_size,
766-
rec->sg_plaintext_data,
767-
ARRAY_SIZE(rec->sg_plaintext_data),
760+
&rec->sg_plaintext_data[1],
761+
ARRAY_SIZE(rec->sg_plaintext_data) - 1,
768762
true);
769763
if (ret)
770764
goto fallback_to_reg_send;
@@ -781,7 +775,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
781775
continue;
782776

783777
fallback_to_reg_send:
784-
trim_sg(sk, rec->sg_plaintext_data,
778+
trim_sg(sk, &rec->sg_plaintext_data[1],
785779
&rec->sg_plaintext_num_elem,
786780
&rec->sg_plaintext_size,
787781
orig_size);
@@ -801,7 +795,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
801795
try_to_copy -= required_size - rec->sg_plaintext_size;
802796
full_record = true;
803797

804-
trim_sg(sk, rec->sg_encrypted_data,
798+
trim_sg(sk, &rec->sg_encrypted_data[1],
805799
&rec->sg_encrypted_num_elem,
806800
&rec->sg_encrypted_size,
807801
rec->sg_plaintext_size +
@@ -949,7 +943,7 @@ int tls_sw_sendpage(struct sock *sk, struct page *page,
949943
}
950944

951945
get_page(page);
952-
sg = rec->sg_plaintext_data + rec->sg_plaintext_num_elem;
946+
sg = &rec->sg_plaintext_data[1] + rec->sg_plaintext_num_elem;
953947
sg_set_page(sg, page, copy, offset);
954948
sg_unmark_end(sg);
955949

@@ -963,7 +957,7 @@ int tls_sw_sendpage(struct sock *sk, struct page *page,
963957

964958
if (full_record || eor ||
965959
rec->sg_plaintext_num_elem ==
966-
ARRAY_SIZE(rec->sg_plaintext_data)) {
960+
ARRAY_SIZE(rec->sg_plaintext_data) - 1) {
967961
ret = tls_push_record(sk, flags, record_type);
968962
if (ret) {
969963
if (ret == -EINPROGRESS)
@@ -1571,7 +1565,7 @@ void tls_sw_free_resources_tx(struct sock *sk)
15711565
rec = list_first_entry(&ctx->tx_list,
15721566
struct tls_rec, list);
15731567

1574-
free_sg(sk, rec->sg_plaintext_data,
1568+
free_sg(sk, &rec->sg_plaintext_data[1],
15751569
&rec->sg_plaintext_num_elem,
15761570
&rec->sg_plaintext_size);
15771571

@@ -1580,11 +1574,11 @@ void tls_sw_free_resources_tx(struct sock *sk)
15801574
}
15811575

15821576
list_for_each_entry_safe(rec, tmp, &ctx->tx_list, list) {
1583-
free_sg(sk, rec->sg_encrypted_data,
1577+
free_sg(sk, &rec->sg_encrypted_data[1],
15841578
&rec->sg_encrypted_num_elem,
15851579
&rec->sg_encrypted_size);
15861580

1587-
free_sg(sk, rec->sg_plaintext_data,
1581+
free_sg(sk, &rec->sg_plaintext_data[1],
15881582
&rec->sg_plaintext_num_elem,
15891583
&rec->sg_plaintext_size);
15901584

0 commit comments

Comments
 (0)