Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.15.6 2018-01-15T19:21:57+00:00 2018-01-15T19:21:57+00:00 r.hering@avm.de r.hering@avm.de 2018-01-12T14:42:06+00:00 urn:sha1:30be8f8dba1bd2aff73e8447d59228471233a3d4 sendfile() calls can hang endless with using Kernel TLS if a socket error occurs. Socket error codes must be inverted by Kernel TLS before returning because they are stored with positive sign. If returned non-inverted they are interpreted as number of bytes sent, causing endless looping of the splice mechanic behind sendfile(). Signed-off-by: Robert Hering <r.hering@avm.de> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-11-15T04:54:18+00:00 Dmitry V. Levin ldv@altlinux.org 2017-11-14T03:30:11+00:00 urn:sha1:b9f3eb499d84f8d4adcb2f9212ec655700b28228 Move inclusion of a private kernel header <net/tcp.h> from uapi/linux/tls.h to its only user - net/tls.h, to fix the following linux/tls.h userspace compilation error: /usr/include/linux/tls.h:41:21: fatal error: net/tcp.h: No such file or directory As to this point uapi/linux/tls.h was totaly unusuable for userspace, cleanup this header file further by moving other redundant includes to net/tls.h. Fixes: 3c4d7559159b ("tls: kernel TLS support") Cc: <stable@vger.kernel.org> # v4.13+ Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-11-14T07:26:34+00:00 Ilya Lesokhin ilyal@mellanox.com 2017-11-13T08:22:47+00:00 urn:sha1:213ef6e7c9c063c482d77f12cc438872628d48ec move tls_make_aad as it is going to be reused by the device offload code and rx path. Remove unused recv parameter. Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-11-14T07:26:34+00:00 Ilya Lesokhin ilyal@mellanox.com 2017-11-13T08:22:46+00:00 urn:sha1:ff45d820a2df163957ad8ab459b6eb6976144c18 Previously the TLS ulp context would leak if we attached a TLS ulp to a socket but did not use the TLS_TX setsockopt, or did use it but it failed. This patch solves the issue by overriding prot[TLS_BASE_TX].close and fixing tls_sk_proto_close to work properly when its called with ctx->tx_conf == TLS_BASE_TX. This patch also removes ctx->free_resources as we can use ctx->tx_conf to obtain the relevant information. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-11-14T07:26:34+00:00 Ilya Lesokhin ilyal@mellanox.com 2017-11-13T08:22:45+00:00 urn:sha1:6d88207fcfddc002afe3e2e4a455e5201089d5d9 The tx configuration is now stored in ctx->tx_conf. And sk->sk_prot is updated trough a function This will simplify things when we add rx and support for different possible tx and rx cross configurations. Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-06-15T16:12:40+00:00 Dave Watson davejwatson@fb.com 2017-06-14T18:37:39+00:00 urn:sha1:3c4d7559159bfe1e3b94df3a657b2cda3a34e218 Software implementation of transport layer security, implemented using ULP infrastructure. tcp proto_ops are replaced with tls equivalents of sendmsg and sendpage. Only symmetric crypto is done in the kernel, keys are passed by setsockopt after the handshake is complete. All control messages are supported via CMSG data - the actual symmetric encryption is the same, just the message type needs to be passed separately. For user API, please see Documentation patch. Pieces that can be shared between hw and sw implementation are in tls_main.c Signed-off-by: Boris Pismenny <borisp@mellanox.com> Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com> Signed-off-by: Dave Watson <davejwatson@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>