Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8119895imu; Tue, 4 Dec 2018 03:20:35 -0800 (PST) X-Google-Smtp-Source: AFSGD/XYMW7g1aopLXaB+FIbhL+QmUHh6utPaTX7aZ23PNyIIiTH/lbSAhc4F65ZX36iFV7833S8 X-Received: by 2002:a63:6cc8:: with SMTP id h191mr15765814pgc.366.1543922435707; Tue, 04 Dec 2018 03:20:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543922435; cv=none; d=google.com; s=arc-20160816; b=gwrjx2cWLKGuxjYQP2Hd+FIccOM/9SgiRK0EHWN3R7Dctikpp2Vo5KdCUEMDY42Xt0 5uVHZoYP0CrKi9mqUbFjsR1uxLFKoSLRROY155Vst1EpmsY4bjjjHohS2L8mVI2LIRNR 0Q4CsPRVVdRrs5UXE7n0A3D5wNrdabnE/e9cza6OBA9lsD01JUZu2gwh+Ca8PIC0MWR/ 4B4QCFYq2pl7uv7varE7ByYnAO9bhAxsaDbdyXUUwVUauPxFcgJm9qhiiWkp3yOQB4xu sIZ6Fh3bVADagjtdtLeDPl/76v9vreOQFI6W7nnsmlsfsQidCqUBxXdsYUCl0icDE8vb tKgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=tSbwli44TAuO3c5sVTvipQfFioe52jR20NW4KmlCl3Q=; b=XrW4Rlte0q3hwsVRCC1T3xsDqlr5yMeaiSw4zsvTQEDAE5mvL065tM2Nefh8LvWFSG 5MdW3BJrFtMzMV3YMI/PNntPBdj8GpfqAMg7I5MuAlN1bQU15GshqNfQiXYc/BX1bXpK dHS3j5csCu796sYXGv0lQbUpE1ldv/SMaIlVPDCsfyv1ejUaJa5waqqjef4xmVck1uH0 j615kWjeTwOVHii5l5g3tZFBAgZ1mbXNGzpHy01hg5O/mx9cjt2MmVr2TJIoY3nUEv0d gu9IRBiAmLJWLLlNoe5RZLbCp5JkUOcqi45cKsL0fK1/7lBxnH7bDJu6PFXLdnT8baew tD4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2PNnfzWP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u184si15736720pgd.262.2018.12.04.03.20.19; Tue, 04 Dec 2018 03:20:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2PNnfzWP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727908AbeLDLD7 (ORCPT + 99 others); Tue, 4 Dec 2018 06:03:59 -0500 Received: from mail.kernel.org ([198.145.29.99]:50572 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726416AbeLDLDy (ORCPT ); Tue, 4 Dec 2018 06:03:54 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 93C722087F; Tue, 4 Dec 2018 11:03:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543921434; bh=bCWT0n2b2z9MEkH+UhkaQcghnMN4SLily3ASRL4ZXPs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2PNnfzWPUUqHaK+oamfyPtSwWsyLr1hjweS7VtXLHzeGqoa+MrVovp+kLyQ+JrJpy tAU3RaIWVeASk2SROiyd3P1OsWm1n6mJSYWDLfCW/GjC9yisY686LBf7+dyb8pdcm4 Zya6m4z09DN2iCCmFA5D6sWn29VSdzfmv3udgsQk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Boris Pismenny , Ilya Lesokhin , "David S. Miller" , Ben Hutchings , Sasha Levin Subject: [PATCH 4.14 024/146] tls: Use correct sk->sk_prot for IPV6 Date: Tue, 4 Dec 2018 11:48:30 +0100 Message-Id: <20181204103727.796464549@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181204103726.750894136@linuxfoundation.org> References: <20181204103726.750894136@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ commit c113187d38ff85dc302a1bb55864b203ebb2ba10 upstream. The tls ulp overrides sk->prot with a new tls specific proto structs. The tls specific structs were previously based on the ipv4 specific tcp_prot sturct. As a result, attaching the tls ulp to an ipv6 tcp socket replaced some ipv6 callback with the ipv4 equivalents. This patch adds ipv6 tls proto structs and uses them when attached to ipv6 sockets. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Boris Pismenny Signed-off-by: Ilya Lesokhin Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings Signed-off-by: Sasha Levin --- net/tls/tls_main.c | 52 +++++++++++++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 15 deletions(-) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 33187e34599b..e903bdd39b9f 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -46,17 +46,27 @@ MODULE_DESCRIPTION("Transport Layer Security Support"); MODULE_LICENSE("Dual BSD/GPL"); MODULE_ALIAS_TCP_ULP("tls"); +enum { + TLSV4, + TLSV6, + TLS_NUM_PROTS, +}; + enum { TLS_BASE_TX, TLS_SW_TX, TLS_NUM_CONFIG, }; -static struct proto tls_prots[TLS_NUM_CONFIG]; +static struct proto *saved_tcpv6_prot; +static DEFINE_MUTEX(tcpv6_prot_mutex); +static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG]; static inline void update_sk_prot(struct sock *sk, struct tls_context *ctx) { - sk->sk_prot = &tls_prots[ctx->tx_conf]; + int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4; + + sk->sk_prot = &tls_prots[ip_ver][ctx->tx_conf]; } int wait_on_pending_writer(struct sock *sk, long *timeo) @@ -476,8 +486,21 @@ static int tls_setsockopt(struct sock *sk, int level, int optname, return do_tls_setsockopt(sk, optname, optval, optlen); } +static void build_protos(struct proto *prot, struct proto *base) +{ + prot[TLS_BASE_TX] = *base; + prot[TLS_BASE_TX].setsockopt = tls_setsockopt; + prot[TLS_BASE_TX].getsockopt = tls_getsockopt; + prot[TLS_BASE_TX].close = tls_sk_proto_close; + + prot[TLS_SW_TX] = prot[TLS_BASE_TX]; + prot[TLS_SW_TX].sendmsg = tls_sw_sendmsg; + prot[TLS_SW_TX].sendpage = tls_sw_sendpage; +} + static int tls_init(struct sock *sk) { + int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4; struct inet_connection_sock *icsk = inet_csk(sk); struct tls_context *ctx; int rc = 0; @@ -502,6 +525,17 @@ static int tls_init(struct sock *sk) ctx->getsockopt = sk->sk_prot->getsockopt; ctx->sk_proto_close = sk->sk_prot->close; + /* Build IPv6 TLS whenever the address of tcpv6_prot changes */ + if (ip_ver == TLSV6 && + unlikely(sk->sk_prot != smp_load_acquire(&saved_tcpv6_prot))) { + mutex_lock(&tcpv6_prot_mutex); + if (likely(sk->sk_prot != saved_tcpv6_prot)) { + build_protos(tls_prots[TLSV6], sk->sk_prot); + smp_store_release(&saved_tcpv6_prot, sk->sk_prot); + } + mutex_unlock(&tcpv6_prot_mutex); + } + ctx->tx_conf = TLS_BASE_TX; update_sk_prot(sk, ctx); out: @@ -514,21 +548,9 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = { .init = tls_init, }; -static void build_protos(struct proto *prot, struct proto *base) -{ - prot[TLS_BASE_TX] = *base; - prot[TLS_BASE_TX].setsockopt = tls_setsockopt; - prot[TLS_BASE_TX].getsockopt = tls_getsockopt; - prot[TLS_BASE_TX].close = tls_sk_proto_close; - - prot[TLS_SW_TX] = prot[TLS_BASE_TX]; - prot[TLS_SW_TX].sendmsg = tls_sw_sendmsg; - prot[TLS_SW_TX].sendpage = tls_sw_sendpage; -} - static int __init tls_register(void) { - build_protos(tls_prots, &tcp_prot); + build_protos(tls_prots[TLSV4], &tcp_prot); tcp_register_ulp(&tcp_tls_ulp_ops); -- 2.17.1