From 6b313a3a60453e87f0a224361dad6284550395de Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Tue, 25 May 2021 16:59:19 -0700 Subject: [PATCH] Include the trailer in the original dst_iov. This avoids creating a duplicate copy on the stack just to append the trailer. Reviewed by: gallatin, markj Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D30139 --- sys/kern/uipc_ktls.c | 12 +++++++++--- sys/opencrypto/ktls_ocf.c | 27 ++++++--------------------- 2 files changed, 15 insertions(+), 24 deletions(-) diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index 5ca677a26e2c..b0d7ea8016dd 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -1981,14 +1981,16 @@ ktls_enqueue(struct mbuf *m, struct socket *so, int page_count) counter_u64_add(ktls_cnt_tx_queued, 1); } +#define MAX_TLS_PAGES (1 + btoc(TLS_MAX_MSG_SIZE_V10_2)) + static __noinline void ktls_encrypt(struct ktls_wq *wq, struct mbuf *top) { struct ktls_session *tls; struct socket *so; struct mbuf *m; - vm_paddr_t parray[1 + btoc(TLS_MAX_MSG_SIZE_V10_2)]; - struct iovec dst_iov[1 + btoc(TLS_MAX_MSG_SIZE_V10_2)]; + vm_paddr_t parray[MAX_TLS_PAGES + 1]; + struct iovec dst_iov[MAX_TLS_PAGES + 2]; vm_page_t pg; void *cbuf; int error, i, len, npages, off, total_pages; @@ -2072,8 +2074,12 @@ ktls_encrypt(struct ktls_wq *wq, struct mbuf *top) dst_iov[i].iov_len = len; } } + KASSERT(i + 1 <= nitems(dst_iov), + ("dst_iov is too small")); + dst_iov[i].iov_base = m->m_epg_trail; + dst_iov[i].iov_len = m->m_epg_trllen; - error = (*tls->sw_encrypt)(tls, m, dst_iov, i); + error = (*tls->sw_encrypt)(tls, m, dst_iov, i + 1); /* Free the old pages. */ m->m_ext.ext_free(m); diff --git a/sys/opencrypto/ktls_ocf.c b/sys/opencrypto/ktls_ocf.c index 1d83cd6f93dc..bbe26e3f5f18 100644 --- a/sys/opencrypto/ktls_ocf.c +++ b/sys/opencrypto/ktls_ocf.c @@ -286,13 +286,8 @@ ktls_ocf_tls_cbc_encrypt(struct ktls_session *tls, struct mbuf *m, memcpy(crp.crp_iv, hdr + 1, AES_BLOCK_LEN); if (outiov != NULL) { - /* Duplicate iovec and append vector for trailer. */ - memcpy(iov, outiov, outiovcnt * sizeof(struct iovec)); - iov[outiovcnt].iov_base = m->m_epg_trail; - iov[outiovcnt].iov_len = m->m_epg_trllen; - - uio.uio_iov = iov; - uio.uio_iovcnt = outiovcnt + 1; + uio.uio_iov = outiov; + uio.uio_iovcnt = outiovcnt; uio.uio_offset = 0; uio.uio_segflg = UIO_SYSSPACE; uio.uio_td = curthread; @@ -336,7 +331,6 @@ ktls_ocf_tls12_aead_encrypt(struct ktls_session *tls, struct mbuf *m, struct tls_aead_data ad; struct cryptop crp; struct ocf_session *os; - struct iovec iov[outiovcnt + 1]; int error; uint16_t tls_comp_len; @@ -376,14 +370,10 @@ ktls_ocf_tls12_aead_encrypt(struct ktls_session *tls, struct mbuf *m, crp.crp_payload_length = tls_comp_len; if (outiov != NULL) { - /* Duplicate iovec and append vector for tag. */ - memcpy(iov, outiov, outiovcnt * sizeof(struct iovec)); - iov[outiovcnt].iov_base = m->m_epg_trail; - iov[outiovcnt].iov_len = tls->params.tls_tlen; crp.crp_digest_start = crp.crp_payload_length; - uio.uio_iov = iov; - uio.uio_iovcnt = outiovcnt + 1; + uio.uio_iov = outiov; + uio.uio_iovcnt = outiovcnt; uio.uio_offset = 0; uio.uio_segflg = UIO_SYSSPACE; uio.uio_td = curthread; @@ -486,7 +476,6 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_session *tls, struct mbuf *m, char nonce[12]; struct cryptop crp; struct ocf_session *os; - struct iovec iov[outiovcnt + 1]; int error; os = tls->cipher; @@ -516,14 +505,10 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_session *tls, struct mbuf *m, crp.crp_payload_length++; if (outiov != NULL) { - /* Duplicate iovec and append vector for tag. */ - memcpy(iov, outiov, outiovcnt * sizeof(struct iovec)); - iov[outiovcnt].iov_base = m->m_epg_trail; - iov[outiovcnt].iov_len = tls->params.tls_tlen; crp.crp_digest_start = crp.crp_payload_length; - uio.uio_iov = iov; - uio.uio_iovcnt = outiovcnt + 1; + uio.uio_iov = outiov; + uio.uio_iovcnt = outiovcnt; uio.uio_offset = 0; uio.uio_segflg = UIO_SYSSPACE; uio.uio_td = curthread;