Merge branch 'tls-cleanups'

			      struct tls_context *tls_ctx,

			      enum tls_offload_ctx_dir direction)

{

	struct chcr_ktls_ofld_ctx_tx *tx_ctx =

				chcr_get_ktls_tx_context(tls_ctx);

	struct chcr_ktls_info *tx_info = tx_ctx->chcr_info;

	struct chcr_ktls_info *tx_info = chcr_get_ktls_tx_info(tls_ctx);

	struct ch_ktls_port_stats_debug *port_stats;

	struct chcr_ktls_uld_ctx *u_ctx;

	port_stats = &tx_info->adap->ch_ktls_stats.ktls_port[tx_info->port_id];

	atomic64_inc(&port_stats->ktls_tx_connection_close);

	kvfree(tx_info);

	tx_ctx->chcr_info = NULL;

	chcr_set_ktls_tx_info(tls_ctx, NULL);

	/* release module refcount */

	module_put(THIS_MODULE);

}

{

	struct tls_context *tls_ctx = tls_get_ctx(sk);

	struct ch_ktls_port_stats_debug *port_stats;

	struct chcr_ktls_ofld_ctx_tx *tx_ctx;

	struct chcr_ktls_uld_ctx *u_ctx;

	struct chcr_ktls_info *tx_info;

	struct dst_entry *dst;

	u8 daaddr[16];

	int ret = -1;

	tx_ctx = chcr_get_ktls_tx_context(tls_ctx);

	pi = netdev_priv(netdev);

	adap = pi->adapter;

	port_stats = &adap->ch_ktls_stats.ktls_port[pi->port_id];

		goto out;

	}

	if (tx_ctx->chcr_info)

	if (chcr_get_ktls_tx_info(tls_ctx))

		goto out;

	if (u_ctx && u_ctx->detach)

		goto free_tid;

	atomic64_inc(&port_stats->ktls_tx_ctx);

	tx_ctx->chcr_info = tx_info;

	chcr_set_ktls_tx_info(tls_ctx, tx_info);

	return 0;

{

	const struct cpl_act_open_rpl *p = (void *)input;

	struct chcr_ktls_info *tx_info = NULL;

	struct chcr_ktls_ofld_ctx_tx *tx_ctx;

	struct tls_offload_context_tx *tx_ctx;

	struct chcr_ktls_uld_ctx *u_ctx;

	unsigned int atid, tid, status;

	struct tls_context *tls_ctx;

		cxgb4_insert_tid(t, tx_info, tx_info->tid, tx_info->ip_family);

		/* Adding tid */

		tls_ctx = tls_get_ctx(tx_info->sk);

		tx_ctx = chcr_get_ktls_tx_context(tls_ctx);

		tx_ctx = tls_offload_ctx_tx(tls_ctx);

		u_ctx = adap->uld[CXGB4_ULD_KTLS].handle;

		if (u_ctx) {

			ret = xa_insert_bh(&u_ctx->tid_list, tid, tx_ctx,

{

	u32 tls_end_offset, tcp_seq, skb_data_len, skb_offset;

	struct ch_ktls_port_stats_debug *port_stats;

	struct chcr_ktls_ofld_ctx_tx *tx_ctx;

	struct tls_offload_context_tx *tx_ctx;

	struct ch_ktls_stats_debug *stats;

	struct tcphdr *th = tcp_hdr(skb);

	int data_len, qidx, ret = 0, mss;

	mss = skb_is_gso(skb) ? skb_shinfo(skb)->gso_size : data_len;

	tls_ctx = tls_get_ctx(skb->sk);

	tx_ctx = tls_offload_ctx_tx(tls_ctx);

	tls_netdev = rcu_dereference_bh(tls_ctx->netdev);

	/* Don't quit on NULL: if tls_device_down is running in parallel,

	 * netdev might become NULL, even if tls_is_skb_tx_device_offloaded was

	if (unlikely(tls_netdev && tls_netdev != dev))

		goto out;

	tx_ctx = chcr_get_ktls_tx_context(tls_ctx);

	tx_info = tx_ctx->chcr_info;

	tx_info = chcr_get_ktls_tx_info(tls_ctx);

	if (unlikely(!tx_info))

		goto out;

	 * we will send the complete record again.

	 */

	spin_lock_irqsave(&tx_ctx->base.lock, flags);

	spin_lock_irqsave(&tx_ctx->lock, flags);

	do {

		cxgb4_reclaim_completed_tx(adap, &q->q, true);

		/* fetch the tls record */

		record = tls_get_record(&tx_ctx->base, tcp_seq,

		record = tls_get_record(tx_ctx, tcp_seq,

					&tx_info->record_no);

		/* By the time packet reached to us, ACK is received, and record

		 * won't be found in that case, handle it gracefully.

		 */

		if (unlikely(!record)) {

			spin_unlock_irqrestore(&tx_ctx->base.lock, flags);

			spin_unlock_irqrestore(&tx_ctx->lock, flags);

			atomic64_inc(&port_stats->ktls_tx_drop_no_sync_data);

			goto out;

		}

						      tls_end_offset !=

						      record->len);

			if (ret) {

				spin_unlock_irqrestore(&tx_ctx->base.lock,

				spin_unlock_irqrestore(&tx_ctx->lock,

						       flags);

				goto out;

			}

				/* free the refcount taken earlier */

				if (tls_end_offset < data_len)

					dev_kfree_skb_any(skb);

				spin_unlock_irqrestore(&tx_ctx->base.lock, flags);

				spin_unlock_irqrestore(&tx_ctx->lock, flags);

				goto out;

			}

		/* if any failure, come out from the loop. */

		if (ret) {

			spin_unlock_irqrestore(&tx_ctx->base.lock, flags);

			spin_unlock_irqrestore(&tx_ctx->lock, flags);

			if (th->fin)

				dev_kfree_skb_any(skb);

	} while (data_len > 0);

	spin_unlock_irqrestore(&tx_ctx->base.lock, flags);

	spin_unlock_irqrestore(&tx_ctx->lock, flags);

	atomic64_inc(&port_stats->ktls_tx_encrypted_packets);

	atomic64_add(skb_data_len, &port_stats->ktls_tx_encrypted_bytes);

static void ch_ktls_reset_all_conn(struct chcr_ktls_uld_ctx *u_ctx)

{

	struct ch_ktls_port_stats_debug *port_stats;

	struct chcr_ktls_ofld_ctx_tx *tx_ctx;

	struct tls_offload_context_tx *tx_ctx;

	struct chcr_ktls_info *tx_info;

	unsigned long index;

	xa_for_each(&u_ctx->tid_list, index, tx_ctx) {

		tx_info = tx_ctx->chcr_info;

		tx_info = __chcr_get_ktls_tx_info(tx_ctx);

		clear_conn_resources(tx_info);

		port_stats = &tx_info->adap->ch_ktls_stats.ktls_port[tx_info->port_id];

		atomic64_inc(&port_stats->ktls_tx_connection_close);

		kvfree(tx_info);

		tx_ctx->chcr_info = NULL;

		memset(tx_ctx->driver_state, 0, TLS_DRIVER_STATE_SIZE_TX);

		/* release module refcount */

		module_put(THIS_MODULE);

	}

	bool pending_close;

};

struct chcr_ktls_ofld_ctx_tx {

	struct tls_offload_context_tx base;

struct chcr_ktls_ctx_tx {

	struct chcr_ktls_info *chcr_info;

};

	bool detach;

};

static inline struct chcr_ktls_ofld_ctx_tx *

chcr_get_ktls_tx_context(struct tls_context *tls_ctx)

static inline struct chcr_ktls_info *

__chcr_get_ktls_tx_info(struct tls_offload_context_tx *octx)

{

	BUILD_BUG_ON(sizeof(struct chcr_ktls_ofld_ctx_tx) >

		     TLS_OFFLOAD_CONTEXT_SIZE_TX);

	return container_of(tls_offload_ctx_tx(tls_ctx),

			    struct chcr_ktls_ofld_ctx_tx,

			    base);

	struct chcr_ktls_ctx_tx *priv_ctx;

	BUILD_BUG_ON(sizeof(struct chcr_ktls_ctx_tx) > TLS_DRIVER_STATE_SIZE_TX);

	priv_ctx = (struct chcr_ktls_ctx_tx *)octx->driver_state;

	return priv_ctx->chcr_info;

}

static inline struct chcr_ktls_info *

chcr_get_ktls_tx_info(struct tls_context *tls_ctx)

{

	struct chcr_ktls_ctx_tx *priv_ctx;

	BUILD_BUG_ON(sizeof(struct chcr_ktls_ctx_tx) > TLS_DRIVER_STATE_SIZE_TX);

	priv_ctx = (struct chcr_ktls_ctx_tx *)__tls_driver_ctx(tls_ctx, TLS_OFFLOAD_CTX_DIR_TX);

	return priv_ctx->chcr_info;

}

static inline void

chcr_set_ktls_tx_info(struct tls_context *tls_ctx, struct chcr_ktls_info *chcr_info)

{

	struct chcr_ktls_ctx_tx *priv_ctx;

	priv_ctx = __tls_driver_ctx(tls_ctx, TLS_OFFLOAD_CTX_DIR_TX);

	priv_ctx->chcr_info = chcr_info;

}

static inline int chcr_get_first_rx_qid(struct adapter *adap)

#define TLS_AAD_SPACE_SIZE		13

#define MAX_IV_SIZE			16

#define TLS_MAX_IV_SIZE			16

#define TLS_MAX_SALT_SIZE		4

#define TLS_TAG_SIZE			16

#define TLS_MAX_REC_SEQ_SIZE		8

#define TLS_MAX_AAD_SIZE		TLS_AAD_SPACE_SIZE

	skb_frag_t frags[MAX_SKB_FRAGS];

};

#define TLS_DRIVER_STATE_SIZE_TX	16

struct tls_offload_context_tx {

	struct crypto_aead *aead_send;

	spinlock_t lock;	/* protects records list */

	void (*sk_destruct)(struct sock *sk);

	struct work_struct destruct_work;

	struct tls_context *ctx;

	u8 driver_state[] __aligned(8);

	/* The TLS layer reserves room for driver specific state

	 * Currently the belief is that there is not enough

	 * driver specific state to justify another layer of indirection

	 */

#define TLS_DRIVER_STATE_SIZE_TX	16

	u8 driver_state[TLS_DRIVER_STATE_SIZE_TX] __aligned(8);

};

#define TLS_OFFLOAD_CONTEXT_SIZE_TX                                            \

	(sizeof(struct tls_offload_context_tx) + TLS_DRIVER_STATE_SIZE_TX)

enum tls_context_flags {

	/* tls_device_down was called after the netdev went down, device state

	 * was released, and kTLS works in software, even though rx_conf is

};

struct cipher_context {

	char *iv;

	char *rec_seq;

	char iv[TLS_MAX_IV_SIZE + TLS_MAX_SALT_SIZE];

	char rec_seq[TLS_MAX_REC_SEQ_SIZE];

};

union tls_crypto_context {

	u32 log[TLS_DEVICE_RESYNC_ASYNC_LOGMAX];

};

#define TLS_DRIVER_STATE_SIZE_RX	8

struct tls_offload_context_rx {

	/* sw must be the first member of tls_offload_context_rx */

	struct tls_sw_context_rx sw;

			struct tls_offload_resync_async *resync_async;

		};

	};

	u8 driver_state[] __aligned(8);

	/* The TLS layer reserves room for driver specific state

	 * Currently the belief is that there is not enough

	 * driver specific state to justify another layer of indirection

	 */

#define TLS_DRIVER_STATE_SIZE_RX	8

	u8 driver_state[TLS_DRIVER_STATE_SIZE_RX] __aligned(8);

};

#define TLS_OFFLOAD_CONTEXT_SIZE_RX					\

	(sizeof(struct tls_offload_context_rx) + TLS_DRIVER_STATE_SIZE_RX)

struct tls_record_info *tls_get_record(struct tls_offload_context_tx *context,

				       u32 seq, u64 *p_record_sn);

	struct sock *sk;

	char aad_space[TLS_AAD_SPACE_SIZE];

	u8 iv_data[MAX_IV_SIZE];

	u8 iv_data[TLS_MAX_IV_SIZE];

	struct aead_request aead_req;

	u8 aead_req_ctx[];

};

int wait_on_pending_writer(struct sock *sk, long *timeo);

void tls_err_abort(struct sock *sk, int err);

int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx);

int init_prot_info(struct tls_prot_info *prot,

		   const struct tls_crypto_info *crypto_info,

		   const struct tls_cipher_desc *cipher_desc,

		   int mode);

int tls_set_sw_offload(struct sock *sk, int tx);

void tls_update_rx_zc_capable(struct tls_context *tls_ctx);

void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx);

void tls_sw_strparser_done(struct tls_context *tls_ctx);

#ifdef CONFIG_TLS_DEVICE

int tls_device_init(void);

void tls_device_cleanup(void);

int tls_set_device_offload(struct sock *sk, struct tls_context *ctx);

int tls_set_device_offload(struct sock *sk);

void tls_device_free_resources_tx(struct sock *sk);

int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx);

void tls_device_offload_cleanup_rx(struct sock *sk);

static inline void tls_device_cleanup(void) {}

static inline int

tls_set_device_offload(struct sock *sk, struct tls_context *ctx)

tls_set_device_offload(struct sock *sk)

{

	return -EOPNOTSUPP;

}

static void tls_device_free_ctx(struct tls_context *ctx)

{

	if (ctx->tx_conf == TLS_HW) {

	if (ctx->tx_conf == TLS_HW)

		kfree(tls_offload_ctx_tx(ctx));

		kfree(ctx->tx.rec_seq);

		kfree(ctx->tx.iv);

	}

	if (ctx->rx_conf == TLS_HW)

		kfree(tls_offload_ctx_rx(ctx));

	struct strp_msg *rxm;

	char *orig_buf, *buf;

	switch (tls_ctx->crypto_recv.info.cipher_type) {

	case TLS_CIPHER_AES_GCM_128:

	case TLS_CIPHER_AES_GCM_256:

		break;

	default:

		return -EINVAL;

	}

	cipher_desc = get_cipher_desc(tls_ctx->crypto_recv.info.cipher_type);

	DEBUG_NET_WARN_ON_ONCE(!cipher_desc || !cipher_desc->offloadable);

	rxm = strp_msg(tls_strp_msg(sw_ctx));

	orig_buf = kmalloc(rxm->full_len + TLS_HEADER_SIZE + cipher_desc->iv,

	}

}

int tls_set_device_offload(struct sock *sk, struct tls_context *ctx)

static struct tls_offload_context_tx *alloc_offload_ctx_tx(struct tls_context *ctx)

{

	struct tls_offload_context_tx *offload_ctx;

	__be64 rcd_sn;

	offload_ctx = kzalloc(sizeof(*offload_ctx), GFP_KERNEL);

	if (!offload_ctx)

		return NULL;

	INIT_WORK(&offload_ctx->destruct_work, tls_device_tx_del_task);

	INIT_LIST_HEAD(&offload_ctx->records_list);

	spin_lock_init(&offload_ctx->lock);

	sg_init_table(offload_ctx->sg_tx_data,

		      ARRAY_SIZE(offload_ctx->sg_tx_data));

	/* start at rec_seq - 1 to account for the start marker record */

	memcpy(&rcd_sn, ctx->tx.rec_seq, sizeof(rcd_sn));

	offload_ctx->unacked_record_sn = be64_to_cpu(rcd_sn) - 1;

	offload_ctx->ctx = ctx;

	return offload_ctx;

}

int tls_set_device_offload(struct sock *sk)

{

	struct tls_context *tls_ctx = tls_get_ctx(sk);

	struct tls_prot_info *prot = &tls_ctx->prot_info;

	const struct tls_cipher_desc *cipher_desc;

	struct tls_record_info *start_marker_record;

	struct tls_offload_context_tx *offload_ctx;

	const struct tls_cipher_desc *cipher_desc;

	struct tls_crypto_info *crypto_info;

	struct tls_prot_info *prot;

	struct net_device *netdev;

	char *iv, *rec_seq;

	struct tls_context *ctx;

	struct sk_buff *skb;

	__be64 rcd_sn;

	char *iv, *rec_seq;

	int rc;

	if (!ctx)

		return -EINVAL;

	ctx = tls_get_ctx(sk);

	prot = &ctx->prot_info;

	if (ctx->priv_ctx_tx)

		return -EEXIST;

		goto release_netdev;

	}

	rc = init_prot_info(prot, crypto_info, cipher_desc, TLS_HW);

	if (rc)

		goto release_netdev;

	iv = crypto_info_iv(crypto_info, cipher_desc);

	rec_seq = crypto_info_rec_seq(crypto_info, cipher_desc);

	prot->version = crypto_info->version;

	prot->cipher_type = crypto_info->cipher_type;

	prot->prepend_size = TLS_HEADER_SIZE + cipher_desc->iv;

	prot->tag_size = cipher_desc->tag;

	prot->overhead_size = prot->prepend_size + prot->tag_size;

	prot->iv_size = cipher_desc->iv;

	prot->salt_size = cipher_desc->salt;

	ctx->tx.iv = kmalloc(cipher_desc->iv + cipher_desc->salt, GFP_KERNEL);

	if (!ctx->tx.iv) {

		rc = -ENOMEM;

		goto release_netdev;

	}

	memcpy(ctx->tx.iv + cipher_desc->salt, iv, cipher_desc->iv);

	prot->rec_seq_size = cipher_desc->rec_seq;

	ctx->tx.rec_seq = kmemdup(rec_seq, cipher_desc->rec_seq, GFP_KERNEL);

	if (!ctx->tx.rec_seq) {

		rc = -ENOMEM;

		goto free_iv;

	}

	memcpy(ctx->tx.rec_seq, rec_seq, cipher_desc->rec_seq);

	start_marker_record = kmalloc(sizeof(*start_marker_record), GFP_KERNEL);

	if (!start_marker_record) {

		rc = -ENOMEM;

		goto free_rec_seq;

		goto release_netdev;

	}

	offload_ctx = kzalloc(TLS_OFFLOAD_CONTEXT_SIZE_TX, GFP_KERNEL);

	offload_ctx = alloc_offload_ctx_tx(ctx);

	if (!offload_ctx) {

		rc = -ENOMEM;

		goto free_marker_record;

	if (rc)

		goto free_offload_ctx;

	/* start at rec_seq - 1 to account for the start marker record */

	memcpy(&rcd_sn, ctx->tx.rec_seq, sizeof(rcd_sn));

	offload_ctx->unacked_record_sn = be64_to_cpu(rcd_sn) - 1;

	start_marker_record->end_seq = tcp_sk(sk)->write_seq;

	start_marker_record->len = 0;

	start_marker_record->num_frags = 0;

	INIT_WORK(&offload_ctx->destruct_work, tls_device_tx_del_task);

	offload_ctx->ctx = ctx;

	INIT_LIST_HEAD(&offload_ctx->records_list);

	list_add_tail(&start_marker_record->list, &offload_ctx->records_list);

	spin_lock_init(&offload_ctx->lock);

	sg_init_table(offload_ctx->sg_tx_data,

		      ARRAY_SIZE(offload_ctx->sg_tx_data));

	clean_acked_data_enable(inet_csk(sk), &tls_icsk_clean_acked);

	ctx->push_pending_record = tls_device_push_pending_record;

	ctx->priv_ctx_tx = NULL;

free_marker_record:

	kfree(start_marker_record);

free_rec_seq:

	kfree(ctx->tx.rec_seq);

free_iv:

	kfree(ctx->tx.iv);

release_netdev:

	dev_put(netdev);

	return rc;

		goto release_lock;

	}

	context = kzalloc(TLS_OFFLOAD_CONTEXT_SIZE_RX, GFP_KERNEL);

	context = kzalloc(sizeof(*context), GFP_KERNEL);

	if (!context) {

		rc = -ENOMEM;

		goto release_lock;

	context->resync_nh_reset = 1;

	ctx->priv_ctx_rx = context;

	rc = tls_set_sw_offload(sk, ctx, 0);

	rc = tls_set_sw_offload(sk, 0);

	if (rc)

		goto release_ctx;