1 files changed, 111 insertions, 3 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 6f5c1146da4a..0d379970960e 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -38,6 +38,7 @@
 #include <linux/highmem.h>
 #include <linux/netdevice.h>
 #include <linux/sched/signal.h>
+#include <linux/inetdevice.h>
 #include <net/tls.h>
@@ -56,11 +57,14 @@ enum {
        TLS_SW_TX,
        TLS_SW_RX,
        TLS_SW_RXTX,
+        TLS_HW_RECORD,
        TLS_NUM_CONFIG,
 };
 static struct proto *saved_tcpv6_prot;
 static DEFINE_MUTEX(tcpv6_prot_mutex);
+static LIST_HEAD(device_list);
+static DEFINE_MUTEX(device_mutex);
 static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG];
 static struct proto_ops tls_sw_proto_ops;
@@ -241,8 +245,12 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
        lock_sock(sk);
        sk_proto_close = ctx->sk_proto_close;
+        if (ctx->conf == TLS_HW_RECORD)
+                goto skip_tx_cleanup;
        if (ctx->conf == TLS_BASE) {
                kfree(ctx);
+                ctx = NULL;
                goto skip_tx_cleanup;
        }
@@ -276,6 +284,11 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
 skip_tx_cleanup:
        release_sock(sk);
        sk_proto_close(sk, timeout);
+        /* free ctx for TLS_HW_RECORD, used by tcp_set_state
+         * for sk->sk_prot->unhash [tls_hw_unhash]
+         */
+        if (ctx && ctx->conf == TLS_HW_RECORD)
+                kfree(ctx);
 }
 static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
@@ -493,6 +506,79 @@ static int tls_setsockopt(struct sock *sk, int level, int optname,
        return do_tls_setsockopt(sk, optname, optval, optlen);
 }
+static struct tls_context *create_ctx(struct sock *sk)
+{
+        struct inet_connection_sock *icsk = inet_csk(sk);
+        struct tls_context *ctx;
+        ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
+        if (!ctx)
+                return NULL;
+        icsk->icsk_ulp_data = ctx;
+        return ctx;
+}
+static int tls_hw_prot(struct sock *sk)
+{
+        struct tls_context *ctx;
+        struct tls_device *dev;
+        int rc = 0;
+        mutex_lock(&device_mutex);
+        list_for_each_entry(dev, &device_list, dev_list) {
+                if (dev->feature && dev->feature(dev)) {
+                        ctx = create_ctx(sk);
+                        if (!ctx)
+                                goto out;
+                        ctx->hash = sk->sk_prot->hash;
+                        ctx->unhash = sk->sk_prot->unhash;
+                        ctx->sk_proto_close = sk->sk_prot->close;
+                        ctx->conf = TLS_HW_RECORD;
+                        update_sk_prot(sk, ctx);
+                        rc = 1;
+                        break;
+                }
+        }
+out:
+        mutex_unlock(&device_mutex);
+        return rc;
+}
+static void tls_hw_unhash(struct sock *sk)
+{
+        struct tls_context *ctx = tls_get_ctx(sk);
+        struct tls_device *dev;
+        mutex_lock(&device_mutex);
+        list_for_each_entry(dev, &device_list, dev_list) {
+                if (dev->unhash)
+                        dev->unhash(dev, sk);
+        }
+        mutex_unlock(&device_mutex);
+        ctx->unhash(sk);
+}
+static int tls_hw_hash(struct sock *sk)
+{
+        struct tls_context *ctx = tls_get_ctx(sk);
+        struct tls_device *dev;
+        int err;
+        err = ctx->hash(sk);
+        mutex_lock(&device_mutex);
+        list_for_each_entry(dev, &device_list, dev_list) {
+                if (dev->hash)
+                        err |= dev->hash(dev, sk);
+        }
+        mutex_unlock(&device_mutex);
+        if (err)
+                tls_hw_unhash(sk);
+        return err;
+}
 static void build_protos(struct proto *prot, struct proto *base)
 {
        prot[TLS_BASE] = *base;
@@ -511,15 +597,22 @@ static void build_protos(struct proto *prot, struct proto *base)
        prot[TLS_SW_RXTX] = prot[TLS_SW_TX];
        prot[TLS_SW_RXTX].recvmsg       = tls_sw_recvmsg;
        prot[TLS_SW_RXTX].close         = tls_sk_proto_close;
+        prot[TLS_HW_RECORD] = *base;
+        prot[TLS_HW_RECORD].hash        = tls_hw_hash;
+        prot[TLS_HW_RECORD].unhash      = tls_hw_unhash;
+        prot[TLS_HW_RECORD].close       = tls_sk_proto_close;
 }
 static int tls_init(struct sock *sk)
 {
        int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
-        struct inet_connection_sock *icsk = inet_csk(sk);
        struct tls_context *ctx;
        int rc = 0;
+        if (tls_hw_prot(sk))
+                goto out;
        /* The TLS ulp is currently supported only for TCP sockets
         * in ESTABLISHED state.
         * Supporting sockets in LISTEN state will require us
@@ -530,12 +623,11 @@ static int tls_init(struct sock *sk)
                return -ENOTSUPP;
        /* allocate tls context */
-        ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
+        ctx = create_ctx(sk);
        if (!ctx) {
                rc = -ENOMEM;
                goto out;
        }
-        icsk->icsk_ulp_data = ctx;
        ctx->setsockopt = sk->sk_prot->setsockopt;
        ctx->getsockopt = sk->sk_prot->getsockopt;
        ctx->sk_proto_close = sk->sk_prot->close;
@@ -557,6 +649,22 @@ out:
        return rc;
 }
+void tls_register_device(struct tls_device *device)
+{
+        mutex_lock(&device_mutex);
+        list_add_tail(&device->dev_list, &device_list);
+        mutex_unlock(&device_mutex);
+}
+EXPORT_SYMBOL(tls_register_device);
+void tls_unregister_device(struct tls_device *device)
+{
+        mutex_lock(&device_mutex);
+        list_del(&device->dev_list);
+        mutex_unlock(&device_mutex);
+}
+EXPORT_SYMBOL(tls_unregister_device);
 static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = {
        .name                   = "tls",
        .uid                    = TCP_ULP_TLS,

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 6f5c1146da4a..0d379970960e 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c
@@ -38,6 +38,7 @@
38	#include <linux/highmem.h>	38	#include <linux/highmem.h>
39	#include <linux/netdevice.h>	39	#include <linux/netdevice.h>
40	#include <linux/sched/signal.h>	40	#include <linux/sched/signal.h>
		41	#include <linux/inetdevice.h>
41		42
42	#include <net/tls.h>	43	#include <net/tls.h>
43		44
@@ -56,11 +57,14 @@ enum {
56	TLS_SW_TX,	57	TLS_SW_TX,
57	TLS_SW_RX,	58	TLS_SW_RX,
58	TLS_SW_RXTX,	59	TLS_SW_RXTX,
		60	TLS_HW_RECORD,
59	TLS_NUM_CONFIG,	61	TLS_NUM_CONFIG,
60	};	62	};
61		63
62	static struct proto *saved_tcpv6_prot;	64	static struct proto *saved_tcpv6_prot;
63	static DEFINE_MUTEX(tcpv6_prot_mutex);	65	static DEFINE_MUTEX(tcpv6_prot_mutex);
		66	static LIST_HEAD(device_list);
		67	static DEFINE_MUTEX(device_mutex);
64	static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG];	68	static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG];
65	static struct proto_ops tls_sw_proto_ops;	69	static struct proto_ops tls_sw_proto_ops;
66		70
@@ -241,8 +245,12 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
241	lock_sock(sk);	245	lock_sock(sk);
242	sk_proto_close = ctx->sk_proto_close;	246	sk_proto_close = ctx->sk_proto_close;
243		247
		248	if (ctx->conf == TLS_HW_RECORD)
		249	goto skip_tx_cleanup;
		250
244	if (ctx->conf == TLS_BASE) {	251	if (ctx->conf == TLS_BASE) {
245	kfree(ctx);	252	kfree(ctx);
		253	ctx = NULL;
246	goto skip_tx_cleanup;	254	goto skip_tx_cleanup;
247	}	255	}
248		256
@@ -276,6 +284,11 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
276	skip_tx_cleanup:	284	skip_tx_cleanup:
277	release_sock(sk);	285	release_sock(sk);
278	sk_proto_close(sk, timeout);	286	sk_proto_close(sk, timeout);
		287	/* free ctx for TLS_HW_RECORD, used by tcp_set_state
		288	* for sk->sk_prot->unhash [tls_hw_unhash]
		289	*/
		290	if (ctx && ctx->conf == TLS_HW_RECORD)
		291	kfree(ctx);
279	}	292	}
280		293
281	static int do_tls_getsockopt_tx(struct sock sk, char __user optval,	294	static int do_tls_getsockopt_tx(struct sock sk, char __user optval,
@@ -493,6 +506,79 @@ static int tls_setsockopt(struct sock *sk, int level, int optname,
493	return do_tls_setsockopt(sk, optname, optval, optlen);	506	return do_tls_setsockopt(sk, optname, optval, optlen);
494	}	507	}
495		508
		509	static struct tls_context create_ctx(struct sock sk)
		510	{
		511	struct inet_connection_sock *icsk = inet_csk(sk);
		512	struct tls_context *ctx;
		513
		514	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
		515	if (!ctx)
		516	return NULL;
		517
		518	icsk->icsk_ulp_data = ctx;
		519	return ctx;
		520	}
		521
		522	static int tls_hw_prot(struct sock *sk)
		523	{
		524	struct tls_context *ctx;
		525	struct tls_device *dev;
		526	int rc = 0;
		527
		528	mutex_lock(&device_mutex);
		529	list_for_each_entry(dev, &device_list, dev_list) {
		530	if (dev->feature && dev->feature(dev)) {
		531	ctx = create_ctx(sk);
		532	if (!ctx)
		533	goto out;
		534
		535	ctx->hash = sk->sk_prot->hash;
		536	ctx->unhash = sk->sk_prot->unhash;
		537	ctx->sk_proto_close = sk->sk_prot->close;
		538	ctx->conf = TLS_HW_RECORD;
		539	update_sk_prot(sk, ctx);
		540	rc = 1;
		541	break;
		542	}
		543	}
		544	out:
		545	mutex_unlock(&device_mutex);
		546	return rc;
		547	}
		548
		549	static void tls_hw_unhash(struct sock *sk)
		550	{
		551	struct tls_context *ctx = tls_get_ctx(sk);
		552	struct tls_device *dev;
		553
		554	mutex_lock(&device_mutex);
		555	list_for_each_entry(dev, &device_list, dev_list) {
		556	if (dev->unhash)
		557	dev->unhash(dev, sk);
		558	}
		559	mutex_unlock(&device_mutex);
		560	ctx->unhash(sk);
		561	}
		562
		563	static int tls_hw_hash(struct sock *sk)
		564	{
		565	struct tls_context *ctx = tls_get_ctx(sk);
		566	struct tls_device *dev;
		567	int err;
		568
		569	err = ctx->hash(sk);
		570	mutex_lock(&device_mutex);
		571	list_for_each_entry(dev, &device_list, dev_list) {
		572	if (dev->hash)
		573	err \|= dev->hash(dev, sk);
		574	}
		575	mutex_unlock(&device_mutex);
		576
		577	if (err)
		578	tls_hw_unhash(sk);
		579	return err;
		580	}
		581
496	static void build_protos(struct proto prot, struct proto base)	582	static void build_protos(struct proto prot, struct proto base)
497	{	583	{
498	prot[TLS_BASE] = *base;	584	prot[TLS_BASE] = *base;
@@ -511,15 +597,22 @@ static void build_protos(struct proto prot, struct proto base)
511	prot[TLS_SW_RXTX] = prot[TLS_SW_TX];	597	prot[TLS_SW_RXTX] = prot[TLS_SW_TX];
512	prot[TLS_SW_RXTX].recvmsg = tls_sw_recvmsg;	598	prot[TLS_SW_RXTX].recvmsg = tls_sw_recvmsg;
513	prot[TLS_SW_RXTX].close = tls_sk_proto_close;	599	prot[TLS_SW_RXTX].close = tls_sk_proto_close;
		600
		601	prot[TLS_HW_RECORD] = *base;
		602	prot[TLS_HW_RECORD].hash = tls_hw_hash;
		603	prot[TLS_HW_RECORD].unhash = tls_hw_unhash;
		604	prot[TLS_HW_RECORD].close = tls_sk_proto_close;
514	}	605	}
515		606
516	static int tls_init(struct sock *sk)	607	static int tls_init(struct sock *sk)
517	{	608	{
518	int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;	609	int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
519	struct inet_connection_sock *icsk = inet_csk(sk);
520	struct tls_context *ctx;	610	struct tls_context *ctx;
521	int rc = 0;	611	int rc = 0;
522		612
		613	if (tls_hw_prot(sk))
		614	goto out;
		615
523	/* The TLS ulp is currently supported only for TCP sockets	616	/* The TLS ulp is currently supported only for TCP sockets
524	* in ESTABLISHED state.	617	* in ESTABLISHED state.
525	* Supporting sockets in LISTEN state will require us	618	* Supporting sockets in LISTEN state will require us
@@ -530,12 +623,11 @@ static int tls_init(struct sock *sk)
530	return -ENOTSUPP;	623	return -ENOTSUPP;
531		624
532	/* allocate tls context */	625	/* allocate tls context */
533	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);	626	ctx = create_ctx(sk);
534	if (!ctx) {	627	if (!ctx) {
535	rc = -ENOMEM;	628	rc = -ENOMEM;
536	goto out;	629	goto out;
537	}	630	}
538	icsk->icsk_ulp_data = ctx;
539	ctx->setsockopt = sk->sk_prot->setsockopt;	631	ctx->setsockopt = sk->sk_prot->setsockopt;
540	ctx->getsockopt = sk->sk_prot->getsockopt;	632	ctx->getsockopt = sk->sk_prot->getsockopt;
541	ctx->sk_proto_close = sk->sk_prot->close;	633	ctx->sk_proto_close = sk->sk_prot->close;
@@ -557,6 +649,22 @@ out:
557	return rc;	649	return rc;
558	}	650	}
559		651
		652	void tls_register_device(struct tls_device *device)
		653	{
		654	mutex_lock(&device_mutex);
		655	list_add_tail(&device->dev_list, &device_list);
		656	mutex_unlock(&device_mutex);
		657	}
		658	EXPORT_SYMBOL(tls_register_device);
		659
		660	void tls_unregister_device(struct tls_device *device)
		661	{
		662	mutex_lock(&device_mutex);
		663	list_del(&device->dev_list);
		664	mutex_unlock(&device_mutex);
		665	}
		666	EXPORT_SYMBOL(tls_unregister_device);
		667
560	static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = {	668	static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = {
561	.name = "tls",	669	.name = "tls",
562	.uid = TCP_ULP_TLS,	670	.uid = TCP_ULP_TLS,