net/tls: Except bond interface from some TLS checks
authorTariq Toukan <tariqt@nvidia.com>
Sun, 17 Jan 2021 14:59:49 +0000 (16:59 +0200)
committerJakub Kicinski <kuba@kernel.org>
Tue, 19 Jan 2021 04:48:40 +0000 (20:48 -0800)
In the tls_dev_event handler, ignore tlsdev_ops requirement for bond
interfaces, they do not exist as the interaction is done directly with
the lower device.

Also, make the validate function pass when it's called with the upper
bond interface.

Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Boris Pismenny <borisp@nvidia.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/tls/tls_device.c
net/tls/tls_device_fallback.c

index 75ceea0a41bf367e573e4ad66167203e2c68d8f8..d9cd229aa111bfca0537728e9911c7a8f3860af7 100644 (file)
@@ -1329,6 +1329,8 @@ static int tls_dev_event(struct notifier_block *this, unsigned long event,
        switch (event) {
        case NETDEV_REGISTER:
        case NETDEV_FEAT_CHANGE:
+               if (netif_is_bond_master(dev))
+                       return NOTIFY_DONE;
                if ((dev->features & NETIF_F_HW_TLS_RX) &&
                    !dev->tlsdev_ops->tls_dev_resync)
                        return NOTIFY_BAD;
index d946817ed0652b032c734f10ad012b035a4aeb0c..cacf040872c74c59002e8dcdfe98a5449bed9b94 100644 (file)
@@ -424,7 +424,7 @@ struct sk_buff *tls_validate_xmit_skb(struct sock *sk,
                                      struct net_device *dev,
                                      struct sk_buff *skb)
 {
-       if (dev == tls_get_ctx(sk)->netdev)
+       if (dev == tls_get_ctx(sk)->netdev || netif_is_bond_master(dev))
                return skb;
 
        return tls_sw_fallback(sk, skb);