aboutsummaryrefslogtreecommitdiffstats
path: root/net/tls/tls_main.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/tls/tls_main.c')
-rw-r--r--net/tls/tls_main.c31
1 files changed, 23 insertions, 8 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 93c0c225ab34..523622dc74f8 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -213,9 +213,14 @@ static void tls_write_space(struct sock *sk)
213{ 213{
214 struct tls_context *ctx = tls_get_ctx(sk); 214 struct tls_context *ctx = tls_get_ctx(sk);
215 215
216 /* We are already sending pages, ignore notification */ 216 /* If in_tcp_sendpages call lower protocol write space handler
217 if (ctx->in_tcp_sendpages) 217 * to ensure we wake up any waiting operations there. For example
218 * if do_tcp_sendpages where to call sk_wait_event.
219 */
220 if (ctx->in_tcp_sendpages) {
221 ctx->sk_write_space(sk);
218 return; 222 return;
223 }
219 224
220 if (!sk->sk_write_pending && tls_is_pending_closed_record(ctx)) { 225 if (!sk->sk_write_pending && tls_is_pending_closed_record(ctx)) {
221 gfp_t sk_allocation = sk->sk_allocation; 226 gfp_t sk_allocation = sk->sk_allocation;
@@ -236,6 +241,16 @@ static void tls_write_space(struct sock *sk)
236 ctx->sk_write_space(sk); 241 ctx->sk_write_space(sk);
237} 242}
238 243
244static void tls_ctx_free(struct tls_context *ctx)
245{
246 if (!ctx)
247 return;
248
249 memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send));
250 memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv));
251 kfree(ctx);
252}
253
239static void tls_sk_proto_close(struct sock *sk, long timeout) 254static void tls_sk_proto_close(struct sock *sk, long timeout)
240{ 255{
241 struct tls_context *ctx = tls_get_ctx(sk); 256 struct tls_context *ctx = tls_get_ctx(sk);
@@ -289,7 +304,7 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
289#else 304#else
290 { 305 {
291#endif 306#endif
292 kfree(ctx); 307 tls_ctx_free(ctx);
293 ctx = NULL; 308 ctx = NULL;
294 } 309 }
295 310
@@ -300,7 +315,7 @@ skip_tx_cleanup:
300 * for sk->sk_prot->unhash [tls_hw_unhash] 315 * for sk->sk_prot->unhash [tls_hw_unhash]
301 */ 316 */
302 if (free_ctx) 317 if (free_ctx)
303 kfree(ctx); 318 tls_ctx_free(ctx);
304} 319}
305 320
306static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval, 321static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
@@ -325,7 +340,7 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
325 } 340 }
326 341
327 /* get user crypto info */ 342 /* get user crypto info */
328 crypto_info = &ctx->crypto_send; 343 crypto_info = &ctx->crypto_send.info;
329 344
330 if (!TLS_CRYPTO_INFO_READY(crypto_info)) { 345 if (!TLS_CRYPTO_INFO_READY(crypto_info)) {
331 rc = -EBUSY; 346 rc = -EBUSY;
@@ -412,9 +427,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
412 } 427 }
413 428
414 if (tx) 429 if (tx)
415 crypto_info = &ctx->crypto_send; 430 crypto_info = &ctx->crypto_send.info;
416 else 431 else
417 crypto_info = &ctx->crypto_recv; 432 crypto_info = &ctx->crypto_recv.info;
418 433
419 /* Currently we don't support set crypto info more than one time */ 434 /* Currently we don't support set crypto info more than one time */
420 if (TLS_CRYPTO_INFO_READY(crypto_info)) { 435 if (TLS_CRYPTO_INFO_READY(crypto_info)) {
@@ -494,7 +509,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
494 goto out; 509 goto out;
495 510
496err_crypto_info: 511err_crypto_info:
497 memset(crypto_info, 0, sizeof(*crypto_info)); 512 memzero_explicit(crypto_info, sizeof(union tls_crypto_context));
498out: 513out:
499 return rc; 514 return rc;
500} 515}
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-03 03:42:49 -0400