Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.9.12 2024-04-25T15:32:37+00:00 2024-04-25T15:32:37+00:00 Sabrina Dubroca sd@queasysnail.net 2024-04-24T10:25:47+00:00 urn:sha1:0844370f8945086eb9335739d10205dcea8d707b tls_sk_poll is called without locking the socket, and needs to read strp->msg_ready (via tls_strp_msg_ready). Convert msg_ready to a bool and use READ_ONCE/WRITE_ONCE where needed. The remaining reads are only performed when the socket is locked. Fixes: 121dca784fc0 ("tls: suppress wakeups unless we have a full record") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/0b7ee062319037cf86af6b317b3d72f7bfcd2e97.1713797701.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2024-02-10T21:38:19+00:00 Jakub Kicinski kuba@kernel.org 2024-02-07T01:18:19+00:00 urn:sha1:aec7961916f3f9e88766e2688992da6980f11b8d The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires. Reported-by: valis <sec@valis.email> Fixes: 0cada33241d9 ("net/tls: fix race condition causing kernel panic") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Simon Horman <horms@kernel.org> Reviewed-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-10-13T10:26:10+00:00 Sabrina Dubroca sd@queasysnail.net 2023-10-09T20:50:54+00:00 urn:sha1:9f0c8245516bc30cff770c3a69a6baaf8eef8810 driver_state is a flex array, but is always allocated by the tls core to a fixed size (TLS_DRIVER_STATE_SIZE_{TX,RX}). Simplify the code by making that size explicit so that sizeof(struct tls_offload_context_{tx,rx}) works. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-10-13T10:26:10+00:00 Sabrina Dubroca sd@queasysnail.net 2023-10-09T20:50:45+00:00 urn:sha1:1c1cb3110d7ed2897e65d9a352a8fb709723e057 TLS_MAX_IV_SIZE + TLS_MAX_SALT_SIZE is 20B, we don't get much benefit in cipher_context's size and can simplify the init code a bit. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-10-13T10:26:09+00:00 Sabrina Dubroca sd@queasysnail.net 2023-10-09T20:50:44+00:00 urn:sha1:bee6b7b30706e7693d91cb28c8ff3cb69e094f65 It's defined in include/net/tls.h, avoid using an overly generic name. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-10-13T10:26:09+00:00 Sabrina Dubroca sd@queasysnail.net 2023-10-09T20:50:43+00:00 urn:sha1:6d5029e54700b2427581513c533232b02ce05043 TLS_MAX_REC_SEQ_SIZE is 8B, we don't get anything by using kmalloc. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-08-28T00:17:41+00:00 Sabrina Dubroca sd@queasysnail.net 2023-08-25T21:35:09+00:00 urn:sha1:fd0fc6fdd8896a195cb7b0210a5ee46774718fc8 It's only used in net/tls/*, no need to bloat include/net/tls.h. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/dd9fad80415e5b3575b41f56b331871038362eab.1692977948.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2023-07-28T21:07:59+00:00 Chuck Lever chuck.lever@oracle.com 2023-07-27T17:35:23+00:00 urn:sha1:6a7eccef47b205ae66371a26d36dfb2529835075 Kernel TLS consumers will need definitions of various parts of the TLS protocol, but often do not need the function declarations and other infrastructure provided in <net/tls.h>. Break out existing standardized protocol elements into a separate header, and make room for a few more elements in subsequent patches. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Link: https://lore.kernel.org/r/169047931374.5241.7713175865185969309.stgit@oracle-102.nfsv4bat.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2023-06-15T08:01:05+00:00 Jakub Kicinski kuba@kernel.org 2023-06-13T20:50:06+00:00 urn:sha1:ed3c9a2fcab3b60b0766eb5d7566fd3b10df9a8e All callers of tls_is_sk_tx_device_offloaded() currently do an equivalent of: if (skb->sk && tls_is_skb_tx_device_offloaded(skb->sk)) Have the helper accept skb and do the skb->sk check locally. Two drivers have local static inlines with similar wrappers already. While at it change the ifdef condition to TLS_DEVICE. Only TLS_DEVICE selects SOCK_VALIDATE_XMIT, so the two are equivalent. This makes removing the duplicated IS_ENABLED() check in funeth more obviously correct. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Maxim Mikityanskiy <maxtram95@gmail.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Acked-by: Tariq Toukan <tariqt@nvidia.com> Acked-by: Dimitris Michailidis <dmichail@fungible.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-05-26T02:57:39+00:00 Jakub Kicinski kuba@kernel.org 2023-05-26T02:56:10+00:00 urn:sha1:d4031ec844bc52fe7f2f844e9c476727fd6b8240 Cross-merge networking fixes after downstream PR. Conflicts: net/ipv4/raw.c 3632679d9e4f ("ipv{4,6}/raw: fix output xfrm lookup wrt protocol") c85be08fc4fa ("raw: Stop using RTO_ONLINK.") https://lore.kernel.org/all/20230525110037.2b532b83@canb.auug.org.au/ Adjacent changes: drivers/net/ethernet/freescale/fec_main.c 9025944fddfe ("net: fec: add dma_wmb to ensure correct descriptor values") 144470c88c5d ("net: fec: using the standard return codes when xdp xmit errors") Signed-off-by: Jakub Kicinski <kuba@kernel.org>