From patchwork Mon Mar 25 10:32:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 1915510 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V38Rl2pwNz1yWy for ; Mon, 25 Mar 2024 21:33:55 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1roheD-0000k7-KY; Mon, 25 Mar 2024 10:33:45 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rohdZ-0000Jf-NP for kernel-team@lists.ubuntu.com; Mon, 25 Mar 2024 10:33:06 +0000 Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 105F13F879 for ; Mon, 25 Mar 2024 10:33:05 +0000 (UTC) Received: by mail-lj1-f199.google.com with SMTP id 38308e7fff4ca-2d6c82d12b5so14543751fa.1 for ; Mon, 25 Mar 2024 03:33:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711362784; x=1711967584; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HQ9OlKq28sEMCGy4a9TrLNtF3/nO96eg4LBhRTb897Y=; b=q933d3zqd4kf9mqZnIXHhVGgRXVrLyrTyeUgY0TWUTkdQebmD+kWm46pM+Sm6qybrV Gpinr8jEfnGERahB07bur2fEGRsbQgigT6or4zoadu8r5/Bd3BHo5yTSOzFsz4lZyZPi SJW0VMz6VVzW1l5CzZBIKRIjPceXTVSsiRHREttKtWJIyEmMJnVzZ2cM+gHW0jnByViG nezixJIv6RMTSbdi4WVOMfT1bm+j0Wr2qyh7/jBWWbzGpbMTdJtc96g1cH6HEWa7oqd6 9PrJeWz4qOe1mafrDHZs6Iz4i7+kU0BM7EkMbM+V4E/ubY2PjMhO8J61/+XPZ7PacHb6 IqVQ== X-Gm-Message-State: AOJu0Yx3gSTJZ8f1ibHFEmNjWnlp/QZ0UQKK13LHS+aRYsg6hR8sWAsw cyO6ZW85RNhmTwiH0U8CLd0vp2eafj+9+JSd9jFPC4UmoXKrZL3/qbs0cFKFgPg7/iB3OMZiMoh xSM+47tzZcPQ35sLnKoNMTcUTKu6MwIFxaiFrufVoC1gbbQPU9EWq86iuytecpsC336EBZXy4+U aU40mH0FtYbA== X-Received: by 2002:a2e:b794:0:b0:2d4:6814:7c98 with SMTP id n20-20020a2eb794000000b002d468147c98mr4048931ljo.43.1711362784391; Mon, 25 Mar 2024 03:33:04 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEDP3OXRuCsSNApg62VOfLW/U7rl3FBp2LFBXCRBtDormBLEPdvpSlpILyLz6S13IGeoTPScg== X-Received: by 2002:a2e:b794:0:b0:2d4:6814:7c98 with SMTP id n20-20020a2eb794000000b002d468147c98mr4048923ljo.43.1711362784106; Mon, 25 Mar 2024 03:33:04 -0700 (PDT) Received: from localhost ([81.221.247.52]) by smtp.gmail.com with ESMTPSA id n36-20020a05600c3ba400b00413eb5aa694sm8032834wms.38.2024.03.25.03.33.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 03:33:03 -0700 (PDT) From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][M][PATCH 2/8] tls: extract context alloc/initialization out of tls_set_sw_offload Date: Mon, 25 Mar 2024 11:32:54 +0100 Message-Id: <20240325103300.494141-3-juerg.haefliger@canonical.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240325103300.494141-1-juerg.haefliger@canonical.com> References: <20240325103300.494141-1-juerg.haefliger@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Sabrina Dubroca CVE-2024-26583 [ Upstream commit 615580cbc99af0da2d1c7226fab43a3d5003eb97 ] Simplify tls_set_sw_offload a bit. Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close") Signed-off-by: Sasha Levin (cherry picked from commit 5e01c54ebcaff527ccf58dfea4392090ed159721 linux-6.6.y) Signed-off-by: Juerg Haefliger --- net/tls/tls_sw.c | 86 ++++++++++++++++++++++++++++-------------------- 1 file changed, 51 insertions(+), 35 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 882738d83f17..cefa668bcd0b 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2498,6 +2498,48 @@ void tls_update_rx_zc_capable(struct tls_context *tls_ctx) tls_ctx->prot_info.version != TLS_1_3_VERSION; } +static struct tls_sw_context_tx *init_ctx_tx(struct tls_context *ctx, struct sock *sk) +{ + struct tls_sw_context_tx *sw_ctx_tx; + + if (!ctx->priv_ctx_tx) { + sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL); + if (!sw_ctx_tx) + return NULL; + } else { + sw_ctx_tx = ctx->priv_ctx_tx; + } + + crypto_init_wait(&sw_ctx_tx->async_wait); + spin_lock_init(&sw_ctx_tx->encrypt_compl_lock); + INIT_LIST_HEAD(&sw_ctx_tx->tx_list); + INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler); + sw_ctx_tx->tx_work.sk = sk; + + return sw_ctx_tx; +} + +static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx) +{ + struct tls_sw_context_rx *sw_ctx_rx; + + if (!ctx->priv_ctx_rx) { + sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL); + if (!sw_ctx_rx) + return NULL; + } else { + sw_ctx_rx = ctx->priv_ctx_rx; + } + + crypto_init_wait(&sw_ctx_rx->async_wait); + spin_lock_init(&sw_ctx_rx->decrypt_compl_lock); + init_waitqueue_head(&sw_ctx_rx->wq); + skb_queue_head_init(&sw_ctx_rx->rx_list); + skb_queue_head_init(&sw_ctx_rx->async_hold); + + return sw_ctx_rx; +} + int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) { struct tls_context *tls_ctx = tls_get_ctx(sk); @@ -2519,48 +2561,22 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) } if (tx) { - if (!ctx->priv_ctx_tx) { - sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL); - if (!sw_ctx_tx) { - rc = -ENOMEM; - goto out; - } - ctx->priv_ctx_tx = sw_ctx_tx; - } else { - sw_ctx_tx = - (struct tls_sw_context_tx *)ctx->priv_ctx_tx; - } - } else { - if (!ctx->priv_ctx_rx) { - sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL); - if (!sw_ctx_rx) { - rc = -ENOMEM; - goto out; - } - ctx->priv_ctx_rx = sw_ctx_rx; - } else { - sw_ctx_rx = - (struct tls_sw_context_rx *)ctx->priv_ctx_rx; - } - } + ctx->priv_ctx_tx = init_ctx_tx(ctx, sk); + if (!ctx->priv_ctx_tx) + return -ENOMEM; - if (tx) { - crypto_init_wait(&sw_ctx_tx->async_wait); - spin_lock_init(&sw_ctx_tx->encrypt_compl_lock); + sw_ctx_tx = ctx->priv_ctx_tx; crypto_info = &ctx->crypto_send.info; cctx = &ctx->tx; aead = &sw_ctx_tx->aead_send; - INIT_LIST_HEAD(&sw_ctx_tx->tx_list); - INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler); - sw_ctx_tx->tx_work.sk = sk; } else { - crypto_init_wait(&sw_ctx_rx->async_wait); - spin_lock_init(&sw_ctx_rx->decrypt_compl_lock); - init_waitqueue_head(&sw_ctx_rx->wq); + ctx->priv_ctx_rx = init_ctx_rx(ctx); + if (!ctx->priv_ctx_rx) + return -ENOMEM; + + sw_ctx_rx = ctx->priv_ctx_rx; crypto_info = &ctx->crypto_recv.info; cctx = &ctx->rx; - skb_queue_head_init(&sw_ctx_rx->rx_list); - skb_queue_head_init(&sw_ctx_rx->async_hold); aead = &sw_ctx_rx->aead_recv; }