aboutsummaryrefslogtreecommitdiffstats
path: root/net/tls/tls_main.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/tls/tls_main.c')
-rw-r--r--net/tls/tls_main.c97
1 files changed, 60 insertions, 37 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 4674e57e66b0..9cbbae606ced 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -261,24 +261,9 @@ void tls_ctx_free(struct tls_context *ctx)
261 kfree(ctx); 261 kfree(ctx);
262} 262}
263 263
264static void tls_sk_proto_close(struct sock *sk, long timeout) 264static void tls_sk_proto_cleanup(struct sock *sk,
265 struct tls_context *ctx, long timeo)
265{ 266{
266 struct tls_context *ctx = tls_get_ctx(sk);
267 long timeo = sock_sndtimeo(sk, 0);
268 void (*sk_proto_close)(struct sock *sk, long timeout);
269 bool free_ctx = false;
270
271 lock_sock(sk);
272 sk_proto_close = ctx->sk_proto_close;
273
274 if (ctx->tx_conf == TLS_HW_RECORD && ctx->rx_conf == TLS_HW_RECORD)
275 goto skip_tx_cleanup;
276
277 if (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE) {
278 free_ctx = true;
279 goto skip_tx_cleanup;
280 }
281
282 if (unlikely(sk->sk_write_pending) && 267 if (unlikely(sk->sk_write_pending) &&
283 !wait_on_pending_writer(sk, &timeo)) 268 !wait_on_pending_writer(sk, &timeo))
284 tls_handle_open_record(sk, 0); 269 tls_handle_open_record(sk, 0);
@@ -287,7 +272,7 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
287 if (ctx->tx_conf == TLS_SW) { 272 if (ctx->tx_conf == TLS_SW) {
288 kfree(ctx->tx.rec_seq); 273 kfree(ctx->tx.rec_seq);
289 kfree(ctx->tx.iv); 274 kfree(ctx->tx.iv);
290 tls_sw_free_resources_tx(sk); 275 tls_sw_release_resources_tx(sk);
291#ifdef CONFIG_TLS_DEVICE 276#ifdef CONFIG_TLS_DEVICE
292 } else if (ctx->tx_conf == TLS_HW) { 277 } else if (ctx->tx_conf == TLS_HW) {
293 tls_device_free_resources_tx(sk); 278 tls_device_free_resources_tx(sk);
@@ -295,26 +280,44 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
295 } 280 }
296 281
297 if (ctx->rx_conf == TLS_SW) 282 if (ctx->rx_conf == TLS_SW)
298 tls_sw_free_resources_rx(sk); 283 tls_sw_release_resources_rx(sk);
299 284
300#ifdef CONFIG_TLS_DEVICE 285#ifdef CONFIG_TLS_DEVICE
301 if (ctx->rx_conf == TLS_HW) 286 if (ctx->rx_conf == TLS_HW)
302 tls_device_offload_cleanup_rx(sk); 287 tls_device_offload_cleanup_rx(sk);
303
304 if (ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW) {
305#else
306 {
307#endif 288#endif
308 tls_ctx_free(ctx); 289}
309 ctx = NULL;
310 }
311 290
312skip_tx_cleanup: 291static void tls_sk_proto_close(struct sock *sk, long timeout)
292{
293 struct inet_connection_sock *icsk = inet_csk(sk);
294 struct tls_context *ctx = tls_get_ctx(sk);
295 long timeo = sock_sndtimeo(sk, 0);
296 bool free_ctx;
297
298 if (ctx->tx_conf == TLS_SW)
299 tls_sw_cancel_work_tx(ctx);
300
301 lock_sock(sk);
302 free_ctx = ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW;
303
304 if (ctx->tx_conf != TLS_BASE || ctx->rx_conf != TLS_BASE)
305 tls_sk_proto_cleanup(sk, ctx, timeo);
306
307 write_lock_bh(&sk->sk_callback_lock);
308 if (free_ctx)
309 icsk->icsk_ulp_data = NULL;
310 sk->sk_prot = ctx->sk_proto;
311 write_unlock_bh(&sk->sk_callback_lock);
313 release_sock(sk); 312 release_sock(sk);
314 sk_proto_close(sk, timeout); 313 if (ctx->tx_conf == TLS_SW)
315 /* free ctx for TLS_HW_RECORD, used by tcp_set_state 314 tls_sw_free_ctx_tx(ctx);
316 * for sk->sk_prot->unhash [tls_hw_unhash] 315 if (ctx->rx_conf == TLS_SW || ctx->rx_conf == TLS_HW)
317 */ 316 tls_sw_strparser_done(ctx);
317 if (ctx->rx_conf == TLS_SW)
318 tls_sw_free_ctx_rx(ctx);
319 ctx->sk_proto_close(sk, timeout);
320
318 if (free_ctx) 321 if (free_ctx)
319 tls_ctx_free(ctx); 322 tls_ctx_free(ctx);
320} 323}
@@ -526,6 +529,8 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
526 { 529 {
527#endif 530#endif
528 rc = tls_set_sw_offload(sk, ctx, 1); 531 rc = tls_set_sw_offload(sk, ctx, 1);
532 if (rc)
533 goto err_crypto_info;
529 conf = TLS_SW; 534 conf = TLS_SW;
530 } 535 }
531 } else { 536 } else {
@@ -537,13 +542,13 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
537 { 542 {
538#endif 543#endif
539 rc = tls_set_sw_offload(sk, ctx, 0); 544 rc = tls_set_sw_offload(sk, ctx, 0);
545 if (rc)
546 goto err_crypto_info;
540 conf = TLS_SW; 547 conf = TLS_SW;
541 } 548 }
549 tls_sw_strparser_arm(sk, ctx);
542 } 550 }
543 551
544 if (rc)
545 goto err_crypto_info;
546
547 if (tx) 552 if (tx)
548 ctx->tx_conf = conf; 553 ctx->tx_conf = conf;
549 else 554 else
@@ -607,6 +612,7 @@ static struct tls_context *create_ctx(struct sock *sk)
607 ctx->setsockopt = sk->sk_prot->setsockopt; 612 ctx->setsockopt = sk->sk_prot->setsockopt;
608 ctx->getsockopt = sk->sk_prot->getsockopt; 613 ctx->getsockopt = sk->sk_prot->getsockopt;
609 ctx->sk_proto_close = sk->sk_prot->close; 614 ctx->sk_proto_close = sk->sk_prot->close;
615 ctx->unhash = sk->sk_prot->unhash;
610 return ctx; 616 return ctx;
611} 617}
612 618
@@ -764,7 +770,6 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
764 prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base; 770 prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base;
765 prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_hw_hash; 771 prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_hw_hash;
766 prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_hw_unhash; 772 prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_hw_unhash;
767 prot[TLS_HW_RECORD][TLS_HW_RECORD].close = tls_sk_proto_close;
768} 773}
769 774
770static int tls_init(struct sock *sk) 775static int tls_init(struct sock *sk)
@@ -773,7 +778,7 @@ static int tls_init(struct sock *sk)
773 int rc = 0; 778 int rc = 0;
774 779
775 if (tls_hw_prot(sk)) 780 if (tls_hw_prot(sk))
776 goto out; 781 return 0;
777 782
778 /* The TLS ulp is currently supported only for TCP sockets 783 /* The TLS ulp is currently supported only for TCP sockets
779 * in ESTABLISHED state. 784 * in ESTABLISHED state.
@@ -784,21 +789,38 @@ static int tls_init(struct sock *sk)
784 if (sk->sk_state != TCP_ESTABLISHED) 789 if (sk->sk_state != TCP_ESTABLISHED)
785 return -ENOTSUPP; 790 return -ENOTSUPP;
786 791
792 tls_build_proto(sk);
793
787 /* allocate tls context */ 794 /* allocate tls context */
795 write_lock_bh(&sk->sk_callback_lock);
788 ctx = create_ctx(sk); 796 ctx = create_ctx(sk);
789 if (!ctx) { 797 if (!ctx) {
790 rc = -ENOMEM; 798 rc = -ENOMEM;
791 goto out; 799 goto out;
792 } 800 }
793 801
794 tls_build_proto(sk);
795 ctx->tx_conf = TLS_BASE; 802 ctx->tx_conf = TLS_BASE;
796 ctx->rx_conf = TLS_BASE; 803 ctx->rx_conf = TLS_BASE;
804 ctx->sk_proto = sk->sk_prot;
797 update_sk_prot(sk, ctx); 805 update_sk_prot(sk, ctx);
798out: 806out:
807 write_unlock_bh(&sk->sk_callback_lock);
799 return rc; 808 return rc;
800} 809}
801 810
811static void tls_update(struct sock *sk, struct proto *p)
812{
813 struct tls_context *ctx;
814
815 ctx = tls_get_ctx(sk);
816 if (likely(ctx)) {
817 ctx->sk_proto_close = p->close;
818 ctx->sk_proto = p;
819 } else {
820 sk->sk_prot = p;
821 }
822}
823
802void tls_register_device(struct tls_device *device) 824void tls_register_device(struct tls_device *device)
803{ 825{
804 spin_lock_bh(&device_spinlock); 826 spin_lock_bh(&device_spinlock);
@@ -819,6 +841,7 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = {
819 .name = "tls", 841 .name = "tls",
820 .owner = THIS_MODULE, 842 .owner = THIS_MODULE,
821 .init = tls_init, 843 .init = tls_init,
844 .update = tls_update,
822}; 845};
823 846
824static int __init tls_register(void) 847static int __init tls_register(void)
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-12 09:18:16 -0400