Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

In the RX direction, if segment has already been decrypted by the device

and it gets redirected or mirrored - clear text will be transmitted out.

shutdown() doesn't clear TLS state

----------------------------------

shutdown() system call allows for a TLS socket to be reused as a different

connection. Offload doesn't currently handle that.

#include <net/sch_generic.h>

#include <asm/byteorder.h>

#include <uapi/linux/filter.h>

#include <uapi/linux/bpf.h>

	return size <= size_default && (size & (size - 1)) == 0;

}

static inline u8

bpf_ctx_narrow_load_shift(u32 off, u32 size, u32 size_default)

{

	u8 load_off = off & (size_default - 1);

#ifdef __LITTLE_ENDIAN

	return load_off * 8;

#else

	return (size_default - (load_off + size)) * 8;

#endif

}

#define bpf_ctx_wide_access_ok(off, size, type, field)			\

	(size == sizeof(__u64) &&					\

	off >= offsetof(type, field) &&					\

	sk->sk_write_space = psock->saved_write_space;

	if (psock->sk_proto) {

		struct inet_connection_sock *icsk = inet_csk(sk);

		bool has_ulp = !!icsk->icsk_ulp_data;

		if (has_ulp)

			tcp_update_ulp(sk, psock->sk_proto);

		else

			sk->sk_prot = psock->sk_proto;

		psock->sk_proto = NULL;

	}

	/* initialize ulp */

	int (*init)(struct sock *sk);

	/* update ulp */

	void (*update)(struct sock *sk, struct proto *p);

	/* cleanup ulp */

	void (*release)(struct sock *sk);

int tcp_set_ulp(struct sock *sk, const char *name);

void tcp_get_available_ulp(char *buf, size_t len);

void tcp_cleanup_ulp(struct sock *sk);

void tcp_update_ulp(struct sock *sk, struct proto *p);

#define MODULE_ALIAS_TCP_ULP(name)				\

	__MODULE_INFO(alias, alias_userspace, name);		\

enum {

	TLS_BASE,

	TLS_SW,

#ifdef CONFIG_TLS_DEVICE

	TLS_HW,

#endif

	TLS_HW_RECORD,

	TLS_NUM_CONFIG,

};

	int async_capable;

#define BIT_TX_SCHEDULED	0

#define BIT_TX_CLOSING		1

	unsigned long tx_bitmask;

};

	unsigned long flags;

	/* cache cold stuff */

	struct proto *sk_proto;

	void (*sk_destruct)(struct sock *sk);

	void (*sk_proto_close)(struct sock *sk, long timeout);

	struct list_head list;

	refcount_t refcount;

	struct work_struct gc;

};

enum tls_offload_ctx_dir {

		  unsigned int optlen);

int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx);

void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx);

void tls_sw_strparser_done(struct tls_context *tls_ctx);

int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);

int tls_sw_sendpage(struct sock *sk, struct page *page,

		    int offset, size_t size, int flags);

void tls_sw_close(struct sock *sk, long timeout);

void tls_sw_free_resources_tx(struct sock *sk);

void tls_sw_cancel_work_tx(struct tls_context *tls_ctx);

void tls_sw_release_resources_tx(struct sock *sk);

void tls_sw_free_ctx_tx(struct tls_context *tls_ctx);

void tls_sw_free_resources_rx(struct sock *sk);

void tls_sw_release_resources_rx(struct sock *sk);

void tls_sw_free_ctx_rx(struct tls_context *tls_ctx);

int tls_sw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,

		   int nonblock, int flags, int *addr_len);

bool tls_sw_stream_read(const struct sock *sk);