Author: jhb Date: Thu Dec 3 21:49:20 2020 New Revision: 368311 URL: https://svnweb.freebsd.org/changeset/base/368311
Log: Fix downgrading of TOE TLS sockets to plain TOE. If a TOE TLS socket ends up using an unsupported TLS version or ciphersuite, it must be downgraded to a "plain" TOE socket with TLS encryption/decryption performed on the host. The previous implementation of this fallback was incomplete and resulted in hung connections. Reviewed by: np MFC after: 2 weeks Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D27467 Modified: head/sys/dev/cxgbe/t4_main.c head/sys/dev/cxgbe/tom/t4_tls.c Modified: head/sys/dev/cxgbe/t4_main.c ============================================================================== --- head/sys/dev/cxgbe/t4_main.c Thu Dec 3 21:38:00 2020 (r368310) +++ head/sys/dev/cxgbe/t4_main.c Thu Dec 3 21:49:20 2020 (r368311) @@ -4917,9 +4917,22 @@ set_params__post_init(struct adapter *sc) #endif #ifdef KERN_TLS - if (t4_kern_tls != 0 && sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS && - sc->toecaps & FW_CAPS_CONFIG_TOE) - t4_enable_kern_tls(sc); + if (sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS && + sc->toecaps & FW_CAPS_CONFIG_TOE) { + if (t4_kern_tls != 0) + t4_enable_kern_tls(sc); + else { + /* + * Limit TOE connections to 2 reassembly + * "islands". This is required for TOE TLS + * connections to downgrade to plain TOE + * connections if an unsupported TLS version + * or ciphersuite is used. + */ + t4_tp_wr_bits_indirect(sc, A_TP_FRAG_CONFIG, + V_PASSMODE(M_PASSMODE), V_PASSMODE(2)); + } + } #endif return (0); } Modified: head/sys/dev/cxgbe/tom/t4_tls.c ============================================================================== --- head/sys/dev/cxgbe/tom/t4_tls.c Thu Dec 3 21:38:00 2020 (r368310) +++ head/sys/dev/cxgbe/tom/t4_tls.c Thu Dec 3 21:49:20 2020 (r368311) @@ -138,11 +138,19 @@ tls_clr_ofld_mode(struct toepcb *toep) tls_stop_handshake_timer(toep); - /* Operate in PDU extraction mode only. */ + KASSERT(toep->tls.rx_key_addr == -1, + ("%s: tid %d has RX key", __func__, toep->tid)); + + /* Switch to plain TOE mode. */ t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, - V_TCB_ULP_RAW(M_TCB_ULP_RAW), - V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1))); + V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1)), + V_TCB_ULP_RAW(V_TF_TLS_ENABLE(0))); + t4_set_tls_tcb_field(toep, W_TCB_ULP_TYPE, + V_TCB_ULP_TYPE(M_TCB_ULP_TYPE), V_TCB_ULP_TYPE(ULP_MODE_NONE)); t4_clear_rx_quiesce(toep); + + toep->flags &= ~TPF_FORCE_CREDITS; + toep->params.ulp_mode = ULP_MODE_NONE; } static void _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
