^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * This software is available to you under a choice of one of two
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * licenses. You may choose to be licensed under the terms of the GNU
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * General Public License (GPL) Version 2, available from the file
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * COPYING in the main directory of this source tree, or the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * OpenIB.org BSD license below:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) * Redistribution and use in source and binary forms, with or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) * without modification, are permitted provided that the following
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * conditions are met:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) * - Redistributions of source code must retain the above
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) * copyright notice, this list of conditions and the following
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) * disclaimer.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) * - Redistributions in binary form must reproduce the above
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) * copyright notice, this list of conditions and the following
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) * disclaimer in the documentation and/or other materials
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) * provided with the distribution.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) * SOFTWARE.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #include <net/tcp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #include <net/inet_common.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) #include <linux/highmem.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) #include <linux/netdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #include <linux/sched/signal.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) #include <linux/inetdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) #include <linux/inet_diag.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) #include <net/snmp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) #include <net/tls.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) #include <net/tls_toe.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) MODULE_AUTHOR("Mellanox Technologies");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) MODULE_DESCRIPTION("Transport Layer Security Support");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) MODULE_LICENSE("Dual BSD/GPL");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) MODULE_ALIAS_TCP_ULP("tls");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) enum {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) TLSV4,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) TLSV6,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) TLS_NUM_PROTS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) static const struct proto *saved_tcpv6_prot;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) static DEFINE_MUTEX(tcpv6_prot_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) static const struct proto *saved_tcpv4_prot;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) static DEFINE_MUTEX(tcpv4_prot_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) const struct proto *base);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) void update_sk_prot(struct sock *sk, struct tls_context *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) WRITE_ONCE(sk->sk_prot,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) WRITE_ONCE(sk->sk_socket->ops,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) &tls_proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) int wait_on_pending_writer(struct sock *sk, long *timeo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) DEFINE_WAIT_FUNC(wait, woken_wake_function);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) add_wait_queue(sk_sleep(sk), &wait);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) while (1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) if (!*timeo) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) rc = -EAGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) if (signal_pending(current)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) rc = sock_intr_errno(*timeo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) if (sk_wait_event(sk, timeo, !sk->sk_write_pending, &wait))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) remove_wait_queue(sk_sleep(sk), &wait);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) int tls_push_sg(struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) struct tls_context *ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) struct scatterlist *sg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) u16 first_offset,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) int sendpage_flags = flags | MSG_SENDPAGE_NOTLAST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) struct page *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) size_t size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) int offset = first_offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) size = sg->length - offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) offset += sg->offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) ctx->in_tcp_sendpages = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) while (1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) if (sg_is_last(sg))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) sendpage_flags = flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) /* is sending application-limited? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) tcp_rate_check_app_limited(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) p = sg_page(sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) ret = do_tcp_sendpages(sk, p, offset, size, sendpage_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) if (ret != size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) if (ret > 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) offset += ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) size -= ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) offset -= sg->offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) ctx->partially_sent_offset = offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) ctx->partially_sent_record = (void *)sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) ctx->in_tcp_sendpages = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) put_page(p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) sk_mem_uncharge(sk, sg->length);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) sg = sg_next(sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) if (!sg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) offset = sg->offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) size = sg->length;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) ctx->in_tcp_sendpages = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) static int tls_handle_open_record(struct sock *sk, int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) struct tls_context *ctx = tls_get_ctx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) if (tls_is_pending_open_record(ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) return ctx->push_pending_record(sk, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) int tls_proccess_cmsg(struct sock *sk, struct msghdr *msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) unsigned char *record_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) struct cmsghdr *cmsg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) int rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) for_each_cmsghdr(cmsg, msg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) if (!CMSG_OK(msg, cmsg))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) if (cmsg->cmsg_level != SOL_TLS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) switch (cmsg->cmsg_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) case TLS_SET_RECORD_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) if (cmsg->cmsg_len < CMSG_LEN(sizeof(*record_type)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) if (msg->msg_flags & MSG_MORE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) rc = tls_handle_open_record(sk, msg->msg_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) *record_type = *(unsigned char *)CMSG_DATA(cmsg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) int tls_push_partial_record(struct sock *sk, struct tls_context *ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) struct scatterlist *sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) u16 offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) sg = ctx->partially_sent_record;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) offset = ctx->partially_sent_offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) ctx->partially_sent_record = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) return tls_push_sg(sk, ctx, sg, offset, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) void tls_free_partial_record(struct sock *sk, struct tls_context *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) struct scatterlist *sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) for (sg = ctx->partially_sent_record; sg; sg = sg_next(sg)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) put_page(sg_page(sg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) sk_mem_uncharge(sk, sg->length);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) ctx->partially_sent_record = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) static void tls_write_space(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) struct tls_context *ctx = tls_get_ctx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) /* If in_tcp_sendpages call lower protocol write space handler
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) * to ensure we wake up any waiting operations there. For example
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) * if do_tcp_sendpages where to call sk_wait_event.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) if (ctx->in_tcp_sendpages) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) ctx->sk_write_space(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) #ifdef CONFIG_TLS_DEVICE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) if (ctx->tx_conf == TLS_HW)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) tls_device_write_space(sk, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) tls_sw_write_space(sk, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) ctx->sk_write_space(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) * tls_ctx_free() - free TLS ULP context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) * @sk: socket to with @ctx is attached
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) * @ctx: TLS context structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) * Free TLS context. If @sk is %NULL caller guarantees that the socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) * to which @ctx was attached has no outstanding references.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) void tls_ctx_free(struct sock *sk, struct tls_context *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) if (!ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) mutex_destroy(&ctx->tx_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) if (sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) kfree_rcu(ctx, rcu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) kfree(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) static void tls_sk_proto_cleanup(struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) struct tls_context *ctx, long timeo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) if (unlikely(sk->sk_write_pending) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) !wait_on_pending_writer(sk, &timeo))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) tls_handle_open_record(sk, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) /* We need these for tls_sw_fallback handling of other packets */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) if (ctx->tx_conf == TLS_SW) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) kfree(ctx->tx.rec_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) kfree(ctx->tx.iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) tls_sw_release_resources_tx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) } else if (ctx->tx_conf == TLS_HW) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) tls_device_free_resources_tx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) if (ctx->rx_conf == TLS_SW) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) tls_sw_release_resources_rx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) } else if (ctx->rx_conf == TLS_HW) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) tls_device_offload_cleanup_rx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) static void tls_sk_proto_close(struct sock *sk, long timeout)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) struct inet_connection_sock *icsk = inet_csk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) struct tls_context *ctx = tls_get_ctx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) long timeo = sock_sndtimeo(sk, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) bool free_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) if (ctx->tx_conf == TLS_SW)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) tls_sw_cancel_work_tx(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) lock_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) free_ctx = ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) if (ctx->tx_conf != TLS_BASE || ctx->rx_conf != TLS_BASE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) tls_sk_proto_cleanup(sk, ctx, timeo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) write_lock_bh(&sk->sk_callback_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) if (free_ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) rcu_assign_pointer(icsk->icsk_ulp_data, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) WRITE_ONCE(sk->sk_prot, ctx->sk_proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) if (sk->sk_write_space == tls_write_space)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) sk->sk_write_space = ctx->sk_write_space;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) write_unlock_bh(&sk->sk_callback_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) release_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) if (ctx->tx_conf == TLS_SW)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) tls_sw_free_ctx_tx(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) if (ctx->rx_conf == TLS_SW || ctx->rx_conf == TLS_HW)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) tls_sw_strparser_done(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) if (ctx->rx_conf == TLS_SW)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) tls_sw_free_ctx_rx(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) ctx->sk_proto->close(sk, timeout);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) if (free_ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) tls_ctx_free(sk, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) static int do_tls_getsockopt_conf(struct sock *sk, char __user *optval,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) int __user *optlen, int tx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) struct tls_context *ctx = tls_get_ctx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) struct tls_crypto_info *crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) struct cipher_context *cctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) if (get_user(len, optlen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) if (!optval || (len < sizeof(*crypto_info))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) if (!ctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) rc = -EBUSY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) /* get user crypto info */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) if (tx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) crypto_info = &ctx->crypto_send.info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) cctx = &ctx->tx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) crypto_info = &ctx->crypto_recv.info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) cctx = &ctx->rx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) if (!TLS_CRYPTO_INFO_READY(crypto_info)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) rc = -EBUSY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) if (len == sizeof(*crypto_info)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) rc = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) switch (crypto_info->cipher_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) case TLS_CIPHER_AES_GCM_128: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) struct tls12_crypto_info_aes_gcm_128 *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) crypto_info_aes_gcm_128 =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) container_of(crypto_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) struct tls12_crypto_info_aes_gcm_128,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) if (len != sizeof(*crypto_info_aes_gcm_128)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) lock_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) memcpy(crypto_info_aes_gcm_128->iv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) cctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) TLS_CIPHER_AES_GCM_128_IV_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) memcpy(crypto_info_aes_gcm_128->rec_seq, cctx->rec_seq,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) release_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) if (copy_to_user(optval,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) crypto_info_aes_gcm_128,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) sizeof(*crypto_info_aes_gcm_128)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) rc = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) case TLS_CIPHER_AES_GCM_256: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) struct tls12_crypto_info_aes_gcm_256 *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) crypto_info_aes_gcm_256 =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) container_of(crypto_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) struct tls12_crypto_info_aes_gcm_256,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) if (len != sizeof(*crypto_info_aes_gcm_256)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) lock_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) memcpy(crypto_info_aes_gcm_256->iv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) cctx->iv + TLS_CIPHER_AES_GCM_256_SALT_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) TLS_CIPHER_AES_GCM_256_IV_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) memcpy(crypto_info_aes_gcm_256->rec_seq, cctx->rec_seq,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) release_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) if (copy_to_user(optval,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) crypto_info_aes_gcm_256,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) sizeof(*crypto_info_aes_gcm_256)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) rc = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) static int do_tls_getsockopt(struct sock *sk, int optname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) char __user *optval, int __user *optlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) switch (optname) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) case TLS_TX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) case TLS_RX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) rc = do_tls_getsockopt_conf(sk, optval, optlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) optname == TLS_TX);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) rc = -ENOPROTOOPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) static int tls_getsockopt(struct sock *sk, int level, int optname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) char __user *optval, int __user *optlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) struct tls_context *ctx = tls_get_ctx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) if (level != SOL_TLS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) return ctx->sk_proto->getsockopt(sk, level,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) optname, optval, optlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) return do_tls_getsockopt(sk, optname, optval, optlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) unsigned int optlen, int tx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) struct tls_crypto_info *crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) struct tls_crypto_info *alt_crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) struct tls_context *ctx = tls_get_ctx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) size_t optsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) int conf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) if (sockptr_is_null(optval) || (optlen < sizeof(*crypto_info))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) if (tx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) crypto_info = &ctx->crypto_send.info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) alt_crypto_info = &ctx->crypto_recv.info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) crypto_info = &ctx->crypto_recv.info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) alt_crypto_info = &ctx->crypto_send.info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) /* Currently we don't support set crypto info more than one time */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) if (TLS_CRYPTO_INFO_READY(crypto_info)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) rc = -EBUSY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) rc = copy_from_sockptr(crypto_info, optval, sizeof(*crypto_info));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) rc = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) goto err_crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) /* check version */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) if (crypto_info->version != TLS_1_2_VERSION &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) crypto_info->version != TLS_1_3_VERSION) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) goto err_crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) /* Ensure that TLS version and ciphers are same in both directions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) if (TLS_CRYPTO_INFO_READY(alt_crypto_info)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) if (alt_crypto_info->version != crypto_info->version ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) alt_crypto_info->cipher_type != crypto_info->cipher_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) goto err_crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) switch (crypto_info->cipher_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) case TLS_CIPHER_AES_GCM_128:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) optsize = sizeof(struct tls12_crypto_info_aes_gcm_128);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) case TLS_CIPHER_AES_GCM_256: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) optsize = sizeof(struct tls12_crypto_info_aes_gcm_256);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) case TLS_CIPHER_AES_CCM_128:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) optsize = sizeof(struct tls12_crypto_info_aes_ccm_128);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) goto err_crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) if (optlen != optsize) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) goto err_crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) rc = copy_from_sockptr_offset(crypto_info + 1, optval,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) sizeof(*crypto_info),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) optlen - sizeof(*crypto_info));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) rc = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) goto err_crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) if (tx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) rc = tls_set_device_offload(sk, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) conf = TLS_HW;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) if (!rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXDEVICE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) rc = tls_set_sw_offload(sk, ctx, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) goto err_crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXSW);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) conf = TLS_SW;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) rc = tls_set_device_offload_rx(sk, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) conf = TLS_HW;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) if (!rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXDEVICE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) rc = tls_set_sw_offload(sk, ctx, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) goto err_crypto_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXSW);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) conf = TLS_SW;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) tls_sw_strparser_arm(sk, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) if (tx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) ctx->tx_conf = conf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) ctx->rx_conf = conf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) update_sk_prot(sk, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) if (tx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) ctx->sk_write_space = sk->sk_write_space;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) sk->sk_write_space = tls_write_space;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) err_crypto_info:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) memzero_explicit(crypto_info, sizeof(union tls_crypto_context));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) static int do_tls_setsockopt(struct sock *sk, int optname, sockptr_t optval,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) unsigned int optlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) switch (optname) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) case TLS_TX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) case TLS_RX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) lock_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) rc = do_tls_setsockopt_conf(sk, optval, optlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) optname == TLS_TX);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) release_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) rc = -ENOPROTOOPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) static int tls_setsockopt(struct sock *sk, int level, int optname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) sockptr_t optval, unsigned int optlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) struct tls_context *ctx = tls_get_ctx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) if (level != SOL_TLS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) return ctx->sk_proto->setsockopt(sk, level, optname, optval,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) optlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) return do_tls_setsockopt(sk, optname, optval, optlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) struct tls_context *tls_ctx_create(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) struct inet_connection_sock *icsk = inet_csk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) struct tls_context *ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) if (!ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) mutex_init(&ctx->tx_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) rcu_assign_pointer(icsk->icsk_ulp_data, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) ctx->sk_proto = READ_ONCE(sk->sk_prot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) ctx->sk = sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) return ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) static void build_proto_ops(struct proto_ops ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) const struct proto_ops *base)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) ops[TLS_BASE][TLS_BASE] = *base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) ops[TLS_SW ][TLS_BASE] = ops[TLS_BASE][TLS_BASE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) ops[TLS_SW ][TLS_BASE].sendpage_locked = tls_sw_sendpage_locked;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) ops[TLS_BASE][TLS_SW ] = ops[TLS_BASE][TLS_BASE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) ops[TLS_BASE][TLS_SW ].splice_read = tls_sw_splice_read;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) ops[TLS_SW ][TLS_SW ] = ops[TLS_SW ][TLS_BASE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) ops[TLS_SW ][TLS_SW ].splice_read = tls_sw_splice_read;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) #ifdef CONFIG_TLS_DEVICE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) ops[TLS_HW ][TLS_BASE] = ops[TLS_BASE][TLS_BASE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) ops[TLS_HW ][TLS_BASE].sendpage_locked = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) ops[TLS_HW ][TLS_SW ] = ops[TLS_BASE][TLS_SW ];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) ops[TLS_HW ][TLS_SW ].sendpage_locked = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) ops[TLS_BASE][TLS_HW ] = ops[TLS_BASE][TLS_SW ];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) ops[TLS_SW ][TLS_HW ] = ops[TLS_SW ][TLS_SW ];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) ops[TLS_HW ][TLS_HW ] = ops[TLS_HW ][TLS_SW ];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) ops[TLS_HW ][TLS_HW ].sendpage_locked = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) #ifdef CONFIG_TLS_TOE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) ops[TLS_HW_RECORD][TLS_HW_RECORD] = *base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) static void tls_build_proto(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) struct proto *prot = READ_ONCE(sk->sk_prot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) if (ip_ver == TLSV6 &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) unlikely(prot != smp_load_acquire(&saved_tcpv6_prot))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) mutex_lock(&tcpv6_prot_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) if (likely(prot != saved_tcpv6_prot)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) build_protos(tls_prots[TLSV6], prot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) build_proto_ops(tls_proto_ops[TLSV6],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) sk->sk_socket->ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) smp_store_release(&saved_tcpv6_prot, prot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) mutex_unlock(&tcpv6_prot_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) if (ip_ver == TLSV4 &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) unlikely(prot != smp_load_acquire(&saved_tcpv4_prot))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) mutex_lock(&tcpv4_prot_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) if (likely(prot != saved_tcpv4_prot)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) build_protos(tls_prots[TLSV4], prot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) build_proto_ops(tls_proto_ops[TLSV4],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) sk->sk_socket->ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) smp_store_release(&saved_tcpv4_prot, prot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) mutex_unlock(&tcpv4_prot_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) const struct proto *base)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) prot[TLS_BASE][TLS_BASE] = *base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) prot[TLS_BASE][TLS_BASE].setsockopt = tls_setsockopt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) prot[TLS_BASE][TLS_BASE].getsockopt = tls_getsockopt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) prot[TLS_BASE][TLS_BASE].close = tls_sk_proto_close;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) prot[TLS_SW][TLS_BASE] = prot[TLS_BASE][TLS_BASE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) prot[TLS_SW][TLS_BASE].sendmsg = tls_sw_sendmsg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) prot[TLS_SW][TLS_BASE].sendpage = tls_sw_sendpage;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) prot[TLS_BASE][TLS_SW] = prot[TLS_BASE][TLS_BASE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) prot[TLS_BASE][TLS_SW].recvmsg = tls_sw_recvmsg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) prot[TLS_BASE][TLS_SW].stream_memory_read = tls_sw_stream_read;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) prot[TLS_BASE][TLS_SW].close = tls_sk_proto_close;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) prot[TLS_SW][TLS_SW] = prot[TLS_SW][TLS_BASE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) prot[TLS_SW][TLS_SW].recvmsg = tls_sw_recvmsg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) prot[TLS_SW][TLS_SW].stream_memory_read = tls_sw_stream_read;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) prot[TLS_SW][TLS_SW].close = tls_sk_proto_close;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) #ifdef CONFIG_TLS_DEVICE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) prot[TLS_HW][TLS_BASE] = prot[TLS_BASE][TLS_BASE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) prot[TLS_HW][TLS_BASE].sendmsg = tls_device_sendmsg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) prot[TLS_HW][TLS_BASE].sendpage = tls_device_sendpage;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) prot[TLS_HW][TLS_SW] = prot[TLS_BASE][TLS_SW];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) prot[TLS_HW][TLS_SW].sendmsg = tls_device_sendmsg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) prot[TLS_HW][TLS_SW].sendpage = tls_device_sendpage;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) prot[TLS_BASE][TLS_HW] = prot[TLS_BASE][TLS_SW];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) prot[TLS_SW][TLS_HW] = prot[TLS_SW][TLS_SW];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) prot[TLS_HW][TLS_HW] = prot[TLS_HW][TLS_SW];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) #ifdef CONFIG_TLS_TOE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_toe_hash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_toe_unhash;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) static int tls_init(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) struct tls_context *ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) tls_build_proto(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) #ifdef CONFIG_TLS_TOE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) if (tls_toe_bypass(sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) /* The TLS ulp is currently supported only for TCP sockets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) * in ESTABLISHED state.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) * Supporting sockets in LISTEN state will require us
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) * to modify the accept implementation to clone rather then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) * share the ulp context.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) if (sk->sk_state != TCP_ESTABLISHED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) return -ENOTCONN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) /* allocate tls context */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) write_lock_bh(&sk->sk_callback_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) ctx = tls_ctx_create(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) if (!ctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) ctx->tx_conf = TLS_BASE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) ctx->rx_conf = TLS_BASE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) update_sk_prot(sk, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) write_unlock_bh(&sk->sk_callback_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) static void tls_update(struct sock *sk, struct proto *p,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) void (*write_space)(struct sock *sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) struct tls_context *ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) ctx = tls_get_ctx(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) if (likely(ctx)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) ctx->sk_write_space = write_space;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) ctx->sk_proto = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) /* Pairs with lockless read in sk_clone_lock(). */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) WRITE_ONCE(sk->sk_prot, p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) sk->sk_write_space = write_space;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) static int tls_get_info(const struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) u16 version, cipher_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) struct tls_context *ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805) struct nlattr *start;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) start = nla_nest_start_noflag(skb, INET_ULP_INFO_TLS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) if (!start)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) return -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813) ctx = rcu_dereference(inet_csk(sk)->icsk_ulp_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) if (!ctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) goto nla_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818) version = ctx->prot_info.version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) if (version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820) err = nla_put_u16(skb, TLS_INFO_VERSION, version);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) goto nla_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824) cipher_type = ctx->prot_info.cipher_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) if (cipher_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) err = nla_put_u16(skb, TLS_INFO_CIPHER, cipher_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) goto nla_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830) err = nla_put_u16(skb, TLS_INFO_TXCONF, tls_user_config(ctx, true));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832) goto nla_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834) err = nla_put_u16(skb, TLS_INFO_RXCONF, tls_user_config(ctx, false));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836) goto nla_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) nla_nest_end(skb, start);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) nla_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) nla_nest_cancel(skb, start);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848) static size_t tls_get_info_size(const struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850) size_t size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) size += nla_total_size(0) + /* INET_ULP_INFO_TLS */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853) nla_total_size(sizeof(u16)) + /* TLS_INFO_VERSION */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854) nla_total_size(sizeof(u16)) + /* TLS_INFO_CIPHER */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855) nla_total_size(sizeof(u16)) + /* TLS_INFO_RXCONF */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) nla_total_size(sizeof(u16)) + /* TLS_INFO_TXCONF */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857) 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) return size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862) static int __net_init tls_init_net(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866) net->mib.tls_statistics = alloc_percpu(struct linux_tls_mib);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867) if (!net->mib.tls_statistics)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 869)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 870) err = tls_proc_init(net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 871) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 872) goto err_free_stats;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 873)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 874) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 875) err_free_stats:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 876) free_percpu(net->mib.tls_statistics);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 877) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 878) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 879)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 880) static void __net_exit tls_exit_net(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 881) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 882) tls_proc_fini(net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 883) free_percpu(net->mib.tls_statistics);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 884) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 885)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 886) static struct pernet_operations tls_proc_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 887) .init = tls_init_net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 888) .exit = tls_exit_net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 889) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 890)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 891) static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 892) .name = "tls",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 893) .owner = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 894) .init = tls_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 895) .update = tls_update,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 896) .get_info = tls_get_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 897) .get_info_size = tls_get_info_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 898) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 899)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 900) static int __init tls_register(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 901) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 902) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 903)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 904) err = register_pernet_subsys(&tls_proc_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 905) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 906) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 907)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 908) tls_device_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 909) tcp_register_ulp(&tcp_tls_ulp_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 910)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 911) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 912) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 913)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 914) static void __exit tls_unregister(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 915) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 916) tcp_unregister_ulp(&tcp_tls_ulp_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 917) tls_device_cleanup();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 918) unregister_pernet_subsys(&tls_proc_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 919) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 920)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 921) module_init(tls_register);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 922) module_exit(tls_unregister);
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags