mlx5en: destroy TIR before DEK during TLS RX teardown
Reorder the TLS RX teardown sequence so the TIR is destroyed before the DEK. DESTROY_TIR for a TLS-enabled TIR issues a TRA RX fence that drains all in-flight packets from the crypto pipeline. If the DEK is destroyed first, packets still in flight hit a TPT encryption error (vendor syndrome 0x55) because the key they reference is already gone. Reviewed by: kib Sponsored by: Nvidia networking MFC after: 1 week
This commit is contained in:
committed by
Konstantin Belousov
parent
c316ec2590
commit
bf636accdd
@@ -596,14 +596,21 @@ mlx5e_tls_rx_work(struct work_struct *work)
|
||||
if (ptag->flow_rule != NULL)
|
||||
mlx5e_accel_fs_del_inpcb(ptag->flow_rule);
|
||||
|
||||
/*
|
||||
* Destroy TIR before DEK. DESTROY_TIR for a TLS-
|
||||
* enabled TIR issues a TRA RX fence that drains all
|
||||
* in-flight packets from the crypto pipeline. If the
|
||||
* DEK were destroyed first, packets still in flight
|
||||
* would hit a TPT encryption error (vendor syndrome
|
||||
* 0x55) because the key they reference is already gone.
|
||||
*/
|
||||
if (ptag->tirn != 0)
|
||||
mlx5_tls_close_tir(priv->mdev, ptag->tirn);
|
||||
|
||||
/* try to destroy DEK context by ID */
|
||||
if (ptag->dek_index_ok)
|
||||
mlx5_encryption_key_destroy(priv->mdev, ptag->dek_index);
|
||||
|
||||
/* try to destroy TIR context by ID */
|
||||
if (ptag->tirn != 0)
|
||||
mlx5_tls_close_tir(priv->mdev, ptag->tirn);
|
||||
|
||||
/* free tag */
|
||||
mlx5e_tls_rx_tag_zfree(ptag);
|
||||
break;
|
||||
|
||||
Reference in New Issue
Block a user