From patchwork Fri Jul 19 17:29:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134219 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="WLVMRXhw"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyhm2M5bz9s3Z for ; Sat, 20 Jul 2019 03:31:04 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728578AbfGSRbD (ORCPT ); Fri, 19 Jul 2019 13:31:03 -0400 Received: from mail-qk1-f194.google.com ([209.85.222.194]:39826 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728674AbfGSRbD (ORCPT ); Fri, 19 Jul 2019 13:31:03 -0400 Received: by mail-qk1-f194.google.com with SMTP id w190so23786484qkc.6 for ; Fri, 19 Jul 2019 10:31:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PxpD30bpPCGGJ4F7YV8cDsC+X9IUdttLkhSct6iN3GE=; b=WLVMRXhw4bFFS5WOaJgEQ+OYwCP+1ouX5JjhRqiTGoW8i5cYkGT7j+QkTRfQT0HUBZ 9pQrIvZnThYc4EpcvS53JFuIaC1dtZV56O/BSKd9Lc6nakKbmWQRG/O3eAkkgyBI0jP9 FKxbILueNX9+nGDlAcgy+FmraRpLeoB8OOkpCUPTCxIIAUiGjm+jLllzWD/1tvLoRUAS dQgMIndbLlWcLoMQ3ZdKTy+gESLRMI/2CQDd/ZMEUn7/1KYnJqFcpbkSYLs0hb5mplAe kZi9Vh5aB5bgU6DPraWqtWtB65jiGLhz/JV8n9z1yCyNtDTi6UTpWeTncf0RosZVj5q5 B7FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PxpD30bpPCGGJ4F7YV8cDsC+X9IUdttLkhSct6iN3GE=; b=kOeaML/UH4NjlNQihyyv4ShHt7kO5Dx5wfSSodToBSwrqw/a4a4j0uKqpQkVsjrffm M9MGvSiQjujhIGrYcoi/1OsRcPkYGW3Hj2IOn0CKvFFVp80TQQs+lxZE1MpjpcLFqnbD tpHFzPFQWZcDLS634ogY0qJVDQwXSTP7bvlRt7K8yeOpFa1SicQax0ROvOXdut8Id7Z0 +9Dr9pEaGuaUG2zUiODxBwxp7aknwlOqlkSAvpm2WPltUK1cq928ujqZjwtlEfjvzNYz YDceyobDEMTgv4m1bM9ccxHKWQoqoj+kh1/y7w5LrkHXXArkrsdnNInOu1hSazOeqqiM hk0g== X-Gm-Message-State: APjAAAV3eW/zgXC5Fc+C2rBz4mEltI0/w68NzYPv0FZFm8iGZGKUbGTD 1HIiC/0MVutdOYoCP5X2MQn6fQ== X-Google-Smtp-Source: APXvYqxulbRocYK9owq5U4idheIXNAMD7hqm01jKk/Uda1bP35Njt1tpPDu0lKN0KNeTbvB7QufVpA== X-Received: by 2002:a37:f50f:: with SMTP id l15mr37721298qkk.326.1563557462184; Fri, 19 Jul 2019 10:31:02 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:01 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 01/14] net/tls: don't arm strparser immediately in tls_set_sw_offload() Date: Fri, 19 Jul 2019 10:29:14 -0700 Message-Id: <20190719172927.18181-2-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org In tls_set_device_offload_rx() we prepare the software context for RX fallback and proceed to add the connection to the device. Unfortunately, software context prep includes arming strparser so in case of a later error we have to release the socket lock to call strp_done(). In preparation for not releasing the socket lock half way through callbacks move arming strparser into a separate function. Following patches will make use of that. Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- include/net/tls.h | 1 + net/tls/tls_device.c | 1 + net/tls/tls_main.c | 8 +++++--- net/tls/tls_sw.c | 19 ++++++++++++------- 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 584609174fe0..43f551cd508b 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -355,6 +355,7 @@ int tls_sk_attach(struct sock *sk, int optname, char __user *optval, unsigned int optlen); int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx); +void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx); int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size); int tls_sw_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags); diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 7c0b2b778703..4d67d72f007c 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1045,6 +1045,7 @@ int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx) rc = tls_set_sw_offload(sk, ctx, 0); if (rc) goto release_ctx; + tls_sw_strparser_arm(sk, ctx); rc = netdev->tlsdev_ops->tls_dev_add(netdev, sk, TLS_OFFLOAD_CTX_DIR_RX, &ctx->crypto_recv.info, diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 4674e57e66b0..85a9d7d57b32 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -526,6 +526,8 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval, { #endif rc = tls_set_sw_offload(sk, ctx, 1); + if (rc) + goto err_crypto_info; conf = TLS_SW; } } else { @@ -537,13 +539,13 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval, { #endif rc = tls_set_sw_offload(sk, ctx, 0); + if (rc) + goto err_crypto_info; + tls_sw_strparser_arm(sk, ctx); conf = TLS_SW; } } - if (rc) - goto err_crypto_info; - if (tx) ctx->tx_conf = conf; else diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 53b4ad94e74a..f58a8ffc2a9c 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2160,6 +2160,18 @@ void tls_sw_write_space(struct sock *sk, struct tls_context *ctx) } } +void tls_sw_strparser_arm(struct sock *sk, struct tls_context *tls_ctx) +{ + struct tls_sw_context_rx *rx_ctx = tls_sw_ctx_rx(tls_ctx); + + write_lock_bh(&sk->sk_callback_lock); + rx_ctx->saved_data_ready = sk->sk_data_ready; + sk->sk_data_ready = tls_data_ready; + write_unlock_bh(&sk->sk_callback_lock); + + strp_check_rcv(&rx_ctx->strp); +} + int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) { struct tls_context *tls_ctx = tls_get_ctx(sk); @@ -2357,13 +2369,6 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) cb.parse_msg = tls_read_size; strp_init(&sw_ctx_rx->strp, sk, &cb); - - write_lock_bh(&sk->sk_callback_lock); - sw_ctx_rx->saved_data_ready = sk->sk_data_ready; - sk->sk_data_ready = tls_data_ready; - write_unlock_bh(&sk->sk_callback_lock); - - strp_check_rcv(&sw_ctx_rx->strp); } goto out; From patchwork Fri Jul 19 17:29:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134221 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="hUrbqEVh"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyhq02fZz9s3Z for ; Sat, 20 Jul 2019 03:31:07 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731166AbfGSRbG (ORCPT ); Fri, 19 Jul 2019 13:31:06 -0400 Received: from mail-qk1-f193.google.com ([209.85.222.193]:34235 "EHLO mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729964AbfGSRbE (ORCPT ); Fri, 19 Jul 2019 13:31:04 -0400 Received: by mail-qk1-f193.google.com with SMTP id t8so23819879qkt.1 for ; Fri, 19 Jul 2019 10:31:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2ybR7/gj4/DkvEmMT6/QJs1sBMwkRv51hpYWIGESVpo=; b=hUrbqEVh0YNQX97tZU8U6GR4ks6Bc0ZNekSwGPSfJa6jPK+k7LkfmEHc48k7kRjqJb x7LLZI9cWpaKEa601OsXqkoZ+yWTjqxhTBGJlF8hRscIwQsF5a5FoXZwRBLE+EQrgoK3 H5Xh6zCbx8CNd6+DCw5dbrXsRoHnyGDqxLARNxl6uYG1Q7YWG6QTeOuJ0/mh73cc5olq OX8rz8SonFQ9lV9mh/Ev7OxbPdQlm+7v+h0prAl2qpYBYUlQoSKz23bWPp5l+EoWAA8p zBveoikAFf6F90vjkcdqSr0yIxyKojBr9HBpYg3qlaLnSzC3Zua7aiCw2iMLxKB1rL6g UMgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2ybR7/gj4/DkvEmMT6/QJs1sBMwkRv51hpYWIGESVpo=; b=n8/bCi8IBerXHGvsCZkxy6cXMLg3edaSKKClmo3JqqoAvkfLrNXbnDoXZqsAsbaLpT UOfW4FUXDwJQtmiss8w5tX46MHoZG24iAilHEm+Ge1UjoWmlPSjwKGIYw8J/HbzqfcHp TOehc1/80kqrGJ9fUypY1jKrU08QbViBocxSR87KBciuK071J8ca95MzfXXSYNeRNWAc QvT60HUJCSFoYCCFSQMAiV2ab4CblgHh8zXyOmfr0qbpvUkEwqFz4G6+gVLAHLfWmhSK nIbbMm3mLLD840OAAlBVUPwvVsG3Fz1eRxAOjlxaOEHcA9Gebivg5E1gdJrXIhBh0QVK /AUg== X-Gm-Message-State: APjAAAVnL9iSF8R4vlD/PHCx1X6Sv2/5vDnc0vz86512Y5t/Z1iFxca/ CyMB2myvVvuxNU8gE5zMRHF1QQ== X-Google-Smtp-Source: APXvYqw8c7q2FerMN7vf6wc7OcvsoMGqb/K36a04jUYPGHS8Q2Fvq1oPspR6sH6d4IZl5u9Kvi5Xhw== X-Received: by 2002:a05:620a:10bc:: with SMTP id h28mr36035378qkk.289.1563557463707; Fri, 19 Jul 2019 10:31:03 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:03 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 02/14] net/tls: don't call tls_sk_proto_close for hw record offload Date: Fri, 19 Jul 2019 10:29:15 -0700 Message-Id: <20190719172927.18181-3-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org The deprecated TOE offload doesn't actually do anything in tls_sk_proto_close() - all TLS code is skipped and context not freed. Remove the callback to make it easier to refactor tls_sk_proto_close(). Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- net/tls/tls_main.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 85a9d7d57b32..7ab682ed99fa 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -271,9 +271,6 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) lock_sock(sk); sk_proto_close = ctx->sk_proto_close; - if (ctx->tx_conf == TLS_HW_RECORD && ctx->rx_conf == TLS_HW_RECORD) - goto skip_tx_cleanup; - if (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE) { free_ctx = true; goto skip_tx_cleanup; @@ -766,7 +763,6 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base; prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_hw_hash; prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_hw_unhash; - prot[TLS_HW_RECORD][TLS_HW_RECORD].close = tls_sk_proto_close; } static int tls_init(struct sock *sk) From patchwork Fri Jul 19 17:29:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134222 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="GjxMHG/j"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyhr0yQnz9s7T for ; Sat, 20 Jul 2019 03:31:08 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731362AbfGSRbH (ORCPT ); Fri, 19 Jul 2019 13:31:07 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:40686 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731031AbfGSRbG (ORCPT ); Fri, 19 Jul 2019 13:31:06 -0400 Received: by mail-qt1-f193.google.com with SMTP id a15so31801124qtn.7 for ; Fri, 19 Jul 2019 10:31:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=IzoJpvtjs5tq8ndn8zIpnqxVulmc9FUeDTH354o1sao=; b=GjxMHG/jt9KFErTzw4lJ9vsqjbekWWQcl+Djh52PgpYckTkSou07V4YYl3x7Z7crvH xmuKU7TxejZ4pSoRJs5k/dHoTH31a3i9a+xbq6hN5kOKXz3BPrpgZwHXWERULbedNsnI MjBUmIIJdV54CQtcgRtznbBbnt57rVmhN7Ct5KJP3B15RivhXq5NUQWal1PZySsJs4cJ zMc9Hy97dyVuWB+l/NCWW7fywupsiWMZG1/jOBNnZ5gnG4c5Rnw2zMlDGreeNJnlR5Dy pZvYDMAzMs6lMc51U+78jdmvnhO9EJwM55DGNSerTkAyFqBKDwCnKQo2ogisO7cAXwfy ADog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IzoJpvtjs5tq8ndn8zIpnqxVulmc9FUeDTH354o1sao=; b=YiPv3PMhPp3C+9Zv9deFhRUP6Q7/OR0ImogLo9fJ9gsg/wBhLktBQN9l3Qq0m4o8ou KBpTyKXIkXVuxn2goJGyTUnky1ViTmYMsYChkFJEr6b5HT2D6X59MdY39a83G931N/4d ZJMelMxmCiqGWbLu7per4n6narHs7Aea494IMTTPfZ5coYZpCEeslQkdb5bc5PPD09+f Qy3PsziD/0K5GNX8TE0SoDFbB3d6vSJ8hCKfSTi/Ml4FMBgcJJp8HcjlcRPOvrovoTCb stFIOzNWXh2SwGBMjsvYPsTDEtthullw086gX8/fEoJUjrafZ7swu7i2KVN8MNvl7Ggr lnJg== X-Gm-Message-State: APjAAAUJ+6/xCY5zOnBxRVvP+rExVbHivA/FV9ouXU22ZmruG5l3HmSt nUPznLkek32Fv96yjxJR9tEyHw== X-Google-Smtp-Source: APXvYqwvvMvtaye37QgX+NTdBGm096qsTdImSyoiQeN7EJgdKupOD248huKcovyq6j5XORuXWZxjig== X-Received: by 2002:a0c:9807:: with SMTP id c7mr38523434qvd.26.1563557465134; Fri, 19 Jul 2019 10:31:05 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:04 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 03/14] net/tls: remove close callback sock unlock/lock around TX work flush Date: Fri, 19 Jul 2019 10:29:16 -0700 Message-Id: <20190719172927.18181-4-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: John Fastabend The tls close() callback currently drops the sock lock, makes a cancel_delayed_work_sync() call, and then relocks the sock. By restructuring the code we can avoid droping lock and then reclaiming it. To simplify this we do the following, tls_sk_proto_close set_bit(CLOSING) set_bit(SCHEDULE) cancel_delay_work_sync() <- cancel workqueue lock_sock(sk) ... release_sock(sk) strp_done() Setting the CLOSING bit prevents the SCHEDULE bit from being cleared by any workqueue items e.g. if one happens to be scheduled and run between when we set SCHEDULE bit and cancel work. Then because SCHEDULE bit is set now no new work will be scheduled. Tested with net selftests and bpf selftests. Signed-off-by: John Fastabend Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- include/net/tls.h | 2 ++ net/tls/tls_main.c | 3 +++ net/tls/tls_sw.c | 24 +++++++++++++++++------- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 43f551cd508b..d4276cb6de53 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -162,6 +162,7 @@ struct tls_sw_context_tx { int async_capable; #define BIT_TX_SCHEDULED 0 +#define BIT_TX_CLOSING 1 unsigned long tx_bitmask; }; @@ -360,6 +361,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size); int tls_sw_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags); void tls_sw_close(struct sock *sk, long timeout); +void tls_sw_cancel_work_tx(struct tls_context *tls_ctx); void tls_sw_free_resources_tx(struct sock *sk); void tls_sw_free_resources_rx(struct sock *sk); void tls_sw_release_resources_rx(struct sock *sk); diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 7ab682ed99fa..5c29b410cf7d 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -268,6 +268,9 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) void (*sk_proto_close)(struct sock *sk, long timeout); bool free_ctx = false; + if (ctx->tx_conf == TLS_SW) + tls_sw_cancel_work_tx(ctx); + lock_sock(sk); sk_proto_close = ctx->sk_proto_close; diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index f58a8ffc2a9c..38c0e53c727d 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2054,6 +2054,15 @@ static void tls_data_ready(struct sock *sk) } } +void tls_sw_cancel_work_tx(struct tls_context *tls_ctx) +{ + struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); + + set_bit(BIT_TX_CLOSING, &ctx->tx_bitmask); + set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask); + cancel_delayed_work_sync(&ctx->tx_work.work); +} + void tls_sw_free_resources_tx(struct sock *sk) { struct tls_context *tls_ctx = tls_get_ctx(sk); @@ -2065,11 +2074,6 @@ void tls_sw_free_resources_tx(struct sock *sk) if (atomic_read(&ctx->encrypt_pending)) crypto_wait_req(-EINPROGRESS, &ctx->async_wait); - release_sock(sk); - cancel_delayed_work_sync(&ctx->tx_work.work); - lock_sock(sk); - - /* Tx whatever records we can transmit and abandon the rest */ tls_tx_records(sk, -1); /* Free up un-sent records in tx_list. First, free @@ -2137,11 +2141,17 @@ static void tx_work_handler(struct work_struct *work) struct tx_work, work); struct sock *sk = tx_work->sk; struct tls_context *tls_ctx = tls_get_ctx(sk); - struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); + struct tls_sw_context_tx *ctx; - if (!test_and_clear_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) + if (unlikely(!tls_ctx)) return; + ctx = tls_sw_ctx_tx(tls_ctx); + if (test_bit(BIT_TX_CLOSING, &ctx->tx_bitmask)) + return; + + if (!test_and_clear_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) + return; lock_sock(sk); tls_tx_records(sk, -1); release_sock(sk); From patchwork Fri Jul 19 17:29:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134223 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="Z8YUnF/e"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyhs60QKz9s3Z for ; Sat, 20 Jul 2019 03:31:09 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731403AbfGSRbJ (ORCPT ); Fri, 19 Jul 2019 13:31:09 -0400 Received: from mail-qk1-f196.google.com ([209.85.222.196]:33067 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731375AbfGSRbH (ORCPT ); Fri, 19 Jul 2019 13:31:07 -0400 Received: by mail-qk1-f196.google.com with SMTP id r6so23829774qkc.0 for ; Fri, 19 Jul 2019 10:31:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HkLi9ptiD3MqkGw6P8g48rWja6Y63KF9uag9xMtFkaQ=; b=Z8YUnF/eb0jywFQ/twCEg+8bl0KzThHm4s9UcAfKJcWpehKSz1uO5LgAklcgUPG9Ll i6aLzT3//xzrp9/4CY1AhnQRBwzHsyR3962dpIHl2FlpVw3ELKiqC3gEa1YZMYzIrIlA U4+QDZ98f9Xgq0L27q5mtJAfxXIzgXEgrfC99nrWHWpfxVPfVRGtsmtYkEpQp3Tlw31W pJiGPJWqcxBXxYoTsbo24cDwRdo/Kosw+RSEz747P//+d/BkB5klSJV3RWtQcO+GCKcU oxQZ9P3IUdsDM1BnvMcXetDWQEnTV+VgdyVO7gh+d31/3yhteeEH+YGFlhx73sLM5Os1 qwYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HkLi9ptiD3MqkGw6P8g48rWja6Y63KF9uag9xMtFkaQ=; b=VQ9B3oKCcsyHGfw/9m4N5BWwXcz5ggHA4FxIMjQ62V+fBccBHl/7SyPNbQ7LSTTjuc XSJSai6rWmbNrb1I5j6EaAnXvcGYDwMJZx3vUIk3nMrhYckrw8Gvs5NqMIWuEOGI5xXE 0F5GxPUtZuK6iFwUMrD05y6NQzZn/TCs6x1/6UKtPUHmeCg/quw/TG15RnlYbTeIo+ZS K2HL/xMu5cATf4InwmBx8CDHk+aJBn15t9qv1ehQHzj/smCz7iCGutyY4bo39RApJxk2 fJoSao3/hGjUzlr33KBdaeJwWho0F92W5B33h7/9gF7UOj33FipK4m2Vmq2hn+ZxEKoO QPbA== X-Gm-Message-State: APjAAAXY7rIWyZa31V2C/9G5rJPSQnuAfA5Om28bO0lIEGdVYNGx5b2X vNPTgxEusuOFHjYQkqcWyqtxbA== X-Google-Smtp-Source: APXvYqyUOPWO0mbH8TtgeIPNC+qfH8OQIq1yg6LLmRhXvdjKOMVBHYAWkg9+E5lI4J3AYYUU0UGMHw== X-Received: by 2002:a37:6248:: with SMTP id w69mr36096489qkb.225.1563557466695; Fri, 19 Jul 2019 10:31:06 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:06 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 04/14] net/tls: remove sock unlock/lock around strp_done() Date: Fri, 19 Jul 2019 10:29:17 -0700 Message-Id: <20190719172927.18181-5-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: John Fastabend The tls close() callback currently drops the sock lock to call strp_done(). Split up the RX cleanup into stopping the strparser and releasing most resources, syncing strparser and finally freeing the context. To avoid the need for a strp_done() call on the cleanup path of device offload make sure we don't arm the strparser until we are sure init will be successful. Signed-off-by: John Fastabend Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- include/net/tls.h | 7 ++--- net/tls/tls_device.c | 1 - net/tls/tls_main.c | 61 ++++++++++++++++++++++---------------------- net/tls/tls_sw.c | 40 +++++++++++++++++++++-------- 4 files changed, 64 insertions(+), 45 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index d4276cb6de53..235508e35fd4 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -107,9 +107,7 @@ struct tls_device { enum { TLS_BASE, TLS_SW, -#ifdef CONFIG_TLS_DEVICE TLS_HW, -#endif TLS_HW_RECORD, TLS_NUM_CONFIG, }; @@ -357,14 +355,17 @@ int tls_sk_attach(struct sock *sk, int optname, char __user *optval, int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx); void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx); +void tls_sw_strparser_done(struct tls_context *tls_ctx); int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size); int tls_sw_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags); void tls_sw_close(struct sock *sk, long timeout); void tls_sw_cancel_work_tx(struct tls_context *tls_ctx); -void tls_sw_free_resources_tx(struct sock *sk); +void tls_sw_release_resources_tx(struct sock *sk); +void tls_sw_free_ctx_tx(struct tls_context *tls_ctx); void tls_sw_free_resources_rx(struct sock *sk); void tls_sw_release_resources_rx(struct sock *sk); +void tls_sw_free_ctx_rx(struct tls_context *tls_ctx); int tls_sw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int nonblock, int flags, int *addr_len); bool tls_sw_stream_read(const struct sock *sk); diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 4d67d72f007c..7c0b2b778703 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1045,7 +1045,6 @@ int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx) rc = tls_set_sw_offload(sk, ctx, 0); if (rc) goto release_ctx; - tls_sw_strparser_arm(sk, ctx); rc = netdev->tlsdev_ops->tls_dev_add(netdev, sk, TLS_OFFLOAD_CTX_DIR_RX, &ctx->crypto_recv.info, diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 5c29b410cf7d..d152a00a7a27 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -261,24 +261,9 @@ void tls_ctx_free(struct tls_context *ctx) kfree(ctx); } -static void tls_sk_proto_close(struct sock *sk, long timeout) +static void tls_sk_proto_cleanup(struct sock *sk, + struct tls_context *ctx, long timeo) { - struct tls_context *ctx = tls_get_ctx(sk); - long timeo = sock_sndtimeo(sk, 0); - void (*sk_proto_close)(struct sock *sk, long timeout); - bool free_ctx = false; - - if (ctx->tx_conf == TLS_SW) - tls_sw_cancel_work_tx(ctx); - - lock_sock(sk); - sk_proto_close = ctx->sk_proto_close; - - if (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE) { - free_ctx = true; - goto skip_tx_cleanup; - } - if (unlikely(sk->sk_write_pending) && !wait_on_pending_writer(sk, &timeo)) tls_handle_open_record(sk, 0); @@ -287,7 +272,7 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) if (ctx->tx_conf == TLS_SW) { kfree(ctx->tx.rec_seq); kfree(ctx->tx.iv); - tls_sw_free_resources_tx(sk); + tls_sw_release_resources_tx(sk); #ifdef CONFIG_TLS_DEVICE } else if (ctx->tx_conf == TLS_HW) { tls_device_free_resources_tx(sk); @@ -295,26 +280,40 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) } if (ctx->rx_conf == TLS_SW) - tls_sw_free_resources_rx(sk); + tls_sw_release_resources_rx(sk); #ifdef CONFIG_TLS_DEVICE if (ctx->rx_conf == TLS_HW) tls_device_offload_cleanup_rx(sk); - - if (ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW) { -#else - { #endif - tls_ctx_free(ctx); - ctx = NULL; - } +} + +static void tls_sk_proto_close(struct sock *sk, long timeout) +{ + void (*sk_proto_close)(struct sock *sk, long timeout); + struct tls_context *ctx = tls_get_ctx(sk); + long timeo = sock_sndtimeo(sk, 0); + bool free_ctx; + + if (ctx->tx_conf == TLS_SW) + tls_sw_cancel_work_tx(ctx); + + lock_sock(sk); + free_ctx = ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW; + sk_proto_close = ctx->sk_proto_close; + + if (ctx->tx_conf != TLS_BASE || ctx->rx_conf != TLS_BASE) + tls_sk_proto_cleanup(sk, ctx, timeo); -skip_tx_cleanup: release_sock(sk); + if (ctx->tx_conf == TLS_SW) + tls_sw_free_ctx_tx(ctx); + if (ctx->rx_conf == TLS_SW || ctx->rx_conf == TLS_HW) + tls_sw_strparser_done(ctx); + if (ctx->rx_conf == TLS_SW) + tls_sw_free_ctx_rx(ctx); sk_proto_close(sk, timeout); - /* free ctx for TLS_HW_RECORD, used by tcp_set_state - * for sk->sk_prot->unhash [tls_hw_unhash] - */ + if (free_ctx) tls_ctx_free(ctx); } @@ -541,9 +540,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval, rc = tls_set_sw_offload(sk, ctx, 0); if (rc) goto err_crypto_info; - tls_sw_strparser_arm(sk, ctx); conf = TLS_SW; } + tls_sw_strparser_arm(sk, ctx); } if (tx) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 38c0e53c727d..91d21b048a9b 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2063,7 +2063,7 @@ void tls_sw_cancel_work_tx(struct tls_context *tls_ctx) cancel_delayed_work_sync(&ctx->tx_work.work); } -void tls_sw_free_resources_tx(struct sock *sk) +void tls_sw_release_resources_tx(struct sock *sk) { struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); @@ -2096,6 +2096,11 @@ void tls_sw_free_resources_tx(struct sock *sk) crypto_free_aead(ctx->aead_send); tls_free_open_rec(sk); +} + +void tls_sw_free_ctx_tx(struct tls_context *tls_ctx) +{ + struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); kfree(ctx); } @@ -2114,25 +2119,40 @@ void tls_sw_release_resources_rx(struct sock *sk) skb_queue_purge(&ctx->rx_list); crypto_free_aead(ctx->aead_recv); strp_stop(&ctx->strp); - write_lock_bh(&sk->sk_callback_lock); - sk->sk_data_ready = ctx->saved_data_ready; - write_unlock_bh(&sk->sk_callback_lock); - release_sock(sk); - strp_done(&ctx->strp); - lock_sock(sk); + /* If tls_sw_strparser_arm() was not called (cleanup paths) + * we still want to strp_stop(), but sk->sk_data_ready was + * never swapped. + */ + if (ctx->saved_data_ready) { + write_lock_bh(&sk->sk_callback_lock); + sk->sk_data_ready = ctx->saved_data_ready; + write_unlock_bh(&sk->sk_callback_lock); + } } } -void tls_sw_free_resources_rx(struct sock *sk) +void tls_sw_strparser_done(struct tls_context *tls_ctx) { - struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx); - tls_sw_release_resources_rx(sk); + strp_done(&ctx->strp); +} + +void tls_sw_free_ctx_rx(struct tls_context *tls_ctx) +{ + struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx); kfree(ctx); } +void tls_sw_free_resources_rx(struct sock *sk) +{ + struct tls_context *tls_ctx = tls_get_ctx(sk); + + tls_sw_release_resources_rx(sk); + tls_sw_free_ctx_rx(tls_ctx); +} + /* The work handler to transmitt the encrypted records in tx_list */ static void tx_work_handler(struct work_struct *work) { From patchwork Fri Jul 19 17:29:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134224 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="l2FlBjZG"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyht3mWMz9s7T for ; Sat, 20 Jul 2019 03:31:10 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731405AbfGSRbJ (ORCPT ); Fri, 19 Jul 2019 13:31:09 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:34871 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731379AbfGSRbJ (ORCPT ); Fri, 19 Jul 2019 13:31:09 -0400 Received: by mail-qt1-f195.google.com with SMTP id d23so31848618qto.2 for ; Fri, 19 Jul 2019 10:31:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XtaTC8x/bvaAxD+ukazd4a/fS+Iy7H2AHJmoedmwCMw=; b=l2FlBjZGRqPUHVIR9lV0+yQOn5T/HN6DyShHX9rmmZhEVRMEYaOM/H9pjR8sYpVg8X eVap05NlCx6ySeMitrmxqmcww4DwiciR9hrWMKsCmbRaNnXFbeNU5di3zM1buw4cS2SO wnxU3uKY4dXAIHE8ygbJquZlMJEpxGZOoxRyfKByw6W6hf8ajWKMsKbazDAUTXrCh3Yq gH+O/n8TWtzN8LrLzoki/McrXWQTMV7vUaxZ6DYuWMgZcl179JzUBehaUsvQONJERL7O lpQWKcKsv4m25Tki6YVq44PXXD91fu9wRsPItuCk+mxLv2oY4dTdqMwaLXTuMlhpItSa wVmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XtaTC8x/bvaAxD+ukazd4a/fS+Iy7H2AHJmoedmwCMw=; b=oYQurHmDsxrcGQgNHn4Yv8IjEouIMxPa90FhQhnJqLlWh73/kHBPN1bTMUb8u98TdZ ODpIf1hTuLvxCjaUUXdHJ2OGQ4jO21JG6jzY6JnvBhZUooRghXTH4ByLlD9DniCfGibl DhtdN2y9zGiBP+cpjoGxYMH+vmupnpGTwZZVLlU0IjIuxD5im13vwDTn2fjHiDJXHgYK sTneLiObVvk5DB/9lppkTabG9y0VtWArpoyo2fHjXXx1G1MDcI55botuvYZxM2Abeitr NL87/v2aUv/dIjS3PjBxhp1o9BKBmaGuq9BjlTUDj2Gyr4SymAEcw2B3KPN/3R2gLcbC 8uew== X-Gm-Message-State: APjAAAUCTN37FE06qh1YMTeFnpqkYnmu/JlfIvUToLsFuCvVyC5TVn5F SQgcM0a9r2IBPEfDb/rO22kzgg== X-Google-Smtp-Source: APXvYqyjV+3YoKg1hO2yE45IqBUirtSv2McHM/X1239U2kfpgiwvLtyoNx6b+7Ztu6f//GCUkctiNg== X-Received: by 2002:ac8:2774:: with SMTP id h49mr36469409qth.97.1563557468036; Fri, 19 Jul 2019 10:31:08 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:07 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski Subject: [PATCH bpf v4 05/14] net/tls: fix transition through disconnect with close Date: Fri, 19 Jul 2019 10:29:18 -0700 Message-Id: <20190719172927.18181-6-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: John Fastabend It is possible (via shutdown()) for TCP socks to go through TCP_CLOSE state via tcp_disconnect() without actually calling tcp_close which would then call the tls close callback. Because of this a user could disconnect a socket then put it in a LISTEN state which would break our assumptions about sockets always being ESTABLISHED state. More directly because close() can call unhash() and unhash is implemented by sockmap if a sockmap socket has TLS enabled we can incorrectly destroy the psock from unhash() and then call its close handler again. But because the psock (sockmap socket representation) is already destroyed we call close handler in sk->prot. However, in some cases (TLS BASE/BASE case) this will still point at the sockmap close handler resulting in a circular call and crash reported by syzbot. To fix both above issues implement the unhash() routine for TLS. v4: - add note about tls offload still needing the fix; - move sk_proto to the cold cache line; - split TX context free into "release" and "free", otherwise the GC work itself is in already freed memory; - more TX before RX for consistency; - reuse tls_ctx_free(); - schedule the GC work after we're done with context to avoid UAF; - don't set the unhash in all modes, all modes "inherit" TLS_BASE's callbacks anyway; - disable the unhash hook for TLS_HW. Fixes: 3c4d7559159bf ("tls: kernel TLS support") Reported-by: Eric Dumazet Signed-off-by: John Fastabend Signed-off-by: Jakub Kicinski --- Documentation/networking/tls-offload.rst | 6 +++ include/net/tls.h | 5 ++- net/tls/tls_main.c | 55 ++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) diff --git a/Documentation/networking/tls-offload.rst b/Documentation/networking/tls-offload.rst index 048e5ca44824..8a1eeb393316 100644 --- a/Documentation/networking/tls-offload.rst +++ b/Documentation/networking/tls-offload.rst @@ -513,3 +513,9 @@ Redirects leak clear text In the RX direction, if segment has already been decrypted by the device and it gets redirected or mirrored - clear text will be transmitted out. + +shutdown() doesn't clear TLS state +---------------------------------- + +shutdown() system call allows for a TLS socket to be reused as a different +connection. Offload doesn't currently handle that. diff --git a/include/net/tls.h b/include/net/tls.h index 235508e35fd4..9e425ac2de45 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -271,6 +271,8 @@ struct tls_context { unsigned long flags; /* cache cold stuff */ + struct proto *sk_proto; + void (*sk_destruct)(struct sock *sk); void (*sk_proto_close)(struct sock *sk, long timeout); @@ -288,6 +290,8 @@ struct tls_context { struct list_head list; refcount_t refcount; + + struct work_struct gc; }; enum tls_offload_ctx_dir { @@ -359,7 +363,6 @@ void tls_sw_strparser_done(struct tls_context *tls_ctx); int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size); int tls_sw_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags); -void tls_sw_close(struct sock *sk, long timeout); void tls_sw_cancel_work_tx(struct tls_context *tls_ctx); void tls_sw_release_resources_tx(struct sock *sk); void tls_sw_free_ctx_tx(struct tls_context *tls_ctx); diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index d152a00a7a27..48f1c26459d0 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -261,6 +261,33 @@ void tls_ctx_free(struct tls_context *ctx) kfree(ctx); } +static void tls_ctx_free_deferred(struct work_struct *gc) +{ + struct tls_context *ctx = container_of(gc, struct tls_context, gc); + + /* Ensure any remaining work items are completed. The sk will + * already have lost its tls_ctx reference by the time we get + * here so no xmit operation will actually be performed. + */ + if (ctx->tx_conf == TLS_SW) { + tls_sw_cancel_work_tx(ctx); + tls_sw_free_ctx_tx(ctx); + } + + if (ctx->rx_conf == TLS_SW) { + tls_sw_strparser_done(ctx); + tls_sw_free_ctx_rx(ctx); + } + + tls_ctx_free(ctx); +} + +static void tls_ctx_free_wq(struct tls_context *ctx) +{ + INIT_WORK(&ctx->gc, tls_ctx_free_deferred); + schedule_work(&ctx->gc); +} + static void tls_sk_proto_cleanup(struct sock *sk, struct tls_context *ctx, long timeo) { @@ -288,6 +315,26 @@ static void tls_sk_proto_cleanup(struct sock *sk, #endif } +static void tls_sk_proto_unhash(struct sock *sk) +{ + struct inet_connection_sock *icsk = inet_csk(sk); + long timeo = sock_sndtimeo(sk, 0); + struct tls_context *ctx; + + if (unlikely(!icsk->icsk_ulp_data)) { + if (sk->sk_prot->unhash) + sk->sk_prot->unhash(sk); + } + + ctx = tls_get_ctx(sk); + tls_sk_proto_cleanup(sk, ctx, timeo); + icsk->icsk_ulp_data = NULL; + + if (ctx->sk_proto->unhash) + ctx->sk_proto->unhash(sk); + tls_ctx_free_wq(ctx); +} + static void tls_sk_proto_close(struct sock *sk, long timeout) { void (*sk_proto_close)(struct sock *sk, long timeout); @@ -305,6 +352,7 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) if (ctx->tx_conf != TLS_BASE || ctx->rx_conf != TLS_BASE) tls_sk_proto_cleanup(sk, ctx, timeo); + sk->sk_prot = ctx->sk_proto; release_sock(sk); if (ctx->tx_conf == TLS_SW) tls_sw_free_ctx_tx(ctx); @@ -608,6 +656,7 @@ static struct tls_context *create_ctx(struct sock *sk) ctx->setsockopt = sk->sk_prot->setsockopt; ctx->getsockopt = sk->sk_prot->getsockopt; ctx->sk_proto_close = sk->sk_prot->close; + ctx->unhash = sk->sk_prot->unhash; return ctx; } @@ -731,6 +780,7 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], prot[TLS_BASE][TLS_BASE].setsockopt = tls_setsockopt; prot[TLS_BASE][TLS_BASE].getsockopt = tls_getsockopt; prot[TLS_BASE][TLS_BASE].close = tls_sk_proto_close; + prot[TLS_BASE][TLS_BASE].unhash = tls_sk_proto_unhash; prot[TLS_SW][TLS_BASE] = prot[TLS_BASE][TLS_BASE]; prot[TLS_SW][TLS_BASE].sendmsg = tls_sw_sendmsg; @@ -748,16 +798,20 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], #ifdef CONFIG_TLS_DEVICE prot[TLS_HW][TLS_BASE] = prot[TLS_BASE][TLS_BASE]; + prot[TLS_HW][TLS_BASE].unhash = base->unhash; prot[TLS_HW][TLS_BASE].sendmsg = tls_device_sendmsg; prot[TLS_HW][TLS_BASE].sendpage = tls_device_sendpage; prot[TLS_HW][TLS_SW] = prot[TLS_BASE][TLS_SW]; + prot[TLS_HW][TLS_SW].unhash = base->unhash; prot[TLS_HW][TLS_SW].sendmsg = tls_device_sendmsg; prot[TLS_HW][TLS_SW].sendpage = tls_device_sendpage; prot[TLS_BASE][TLS_HW] = prot[TLS_BASE][TLS_SW]; + prot[TLS_BASE][TLS_HW].unhash = base->unhash; prot[TLS_SW][TLS_HW] = prot[TLS_SW][TLS_SW]; + prot[TLS_SW][TLS_HW].unhash = base->unhash; prot[TLS_HW][TLS_HW] = prot[TLS_HW][TLS_SW]; #endif @@ -794,6 +848,7 @@ static int tls_init(struct sock *sk) tls_build_proto(sk); ctx->tx_conf = TLS_BASE; ctx->rx_conf = TLS_BASE; + ctx->sk_proto = sk->sk_prot; update_sk_prot(sk, ctx); out: return rc; From patchwork Fri Jul 19 17:29:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134231 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="iRqO/zmZ"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyhz3rL8z9sBF for ; Sat, 20 Jul 2019 03:31:15 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731424AbfGSRbL (ORCPT ); Fri, 19 Jul 2019 13:31:11 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:34873 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731411AbfGSRbK (ORCPT ); Fri, 19 Jul 2019 13:31:10 -0400 Received: by mail-qt1-f194.google.com with SMTP id d23so31848670qto.2 for ; Fri, 19 Jul 2019 10:31:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=NPZ25U0KNpg61Ku6URhVeBa08Dg0ip/p/6qGinSsNF4=; b=iRqO/zmZsiY742S7Al6C7CdTFTa6wwA8cDdH3FikXXc3+zn3klRynZTJWNHnuq4Rju vKAso6Bdp59OhmIFt7EvUIrRJ5lm+3ih+DBQ/MpwJg8cuaIG+bfEWYeMKjE5taBbk0w7 iOlVFVERL2k9VqdifNlB57lsri6N5FcR7/FB2Ud+PLvjjWU5jKqWjdWpZY2AOxEv788c NFeJuL/xZrF2YtU7PenuEng0g+4xRtrUM7l4MzTb6DpBZqxKDBjczk8mCivDaitx2EzD hiHCUY7+7r+nwATFBp/jfaARJ6iaDUI4oqshJfBrG7MHVvknTyEpODrxVPzfBsl5hHj5 J/WA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NPZ25U0KNpg61Ku6URhVeBa08Dg0ip/p/6qGinSsNF4=; b=Tsyu/lZxNhInIMHUWfIaYOvaeIk7kBcFdqL9RK5tpyNm1qFKWoYGfLkI7/hwgEW+l9 rijYaO9sRiZlO7G8VrgdcgNADKfyu1LVFi5r36XUz8APMIOJ0bx0BRvHBAeY1iI7Z/0C 0fiFkpk/yFo/yAK0ROHAgf/IYzV4iCBFcALLcIfY6gWXdNixZzI5Bp0rDCB/xd2IFRXt NaoqbyA4RSaSFU0qoES5OQBVASGbFi63t+CfUq7OCYXKbB/vrYwuhaOEDVCMBr2HWpwl jB4nQNokC9zdNEqKwwuUXDZmcOIu0GmgyOdg1ZtVMXDJdo8/aSiH4kvQpwcxsPOUMgfh 5u0Q== X-Gm-Message-State: APjAAAUxl+oxKY2zoMUgcG3JGlpLlB9MrrsQAkOgOfgdV62z50BH9mWB xs9O0QXYB/+XwLv8M1Q5dYps8A== X-Google-Smtp-Source: APXvYqxVGs3taP73E4A+4kWAiuZ1pib5I5zuO+JxNACtCa0arieTn2xxS/EIDRuqsmuuHbMYJpzeQA== X-Received: by 2002:ac8:1a3c:: with SMTP id v57mr37686895qtj.339.1563557469320; Fri, 19 Jul 2019 10:31:09 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:08 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH bpf v4 06/14] bpf: sockmap, sock_map_delete needs to use xchg Date: Fri, 19 Jul 2019 10:29:19 -0700 Message-Id: <20190719172927.18181-7-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: John Fastabend __sock_map_delete() may be called from a tcp event such as unhash or close from the following trace, tcp_bpf_close() tcp_bpf_remove() sk_psock_unlink() sock_map_delete_from_link() __sock_map_delete() In this case the sock lock is held but this only protects against duplicate removals on the TCP side. If the map is free'd then we have this trace, sock_map_free xchg() <- replaces map entry sock_map_unref() sk_psock_put() sock_map_del_link() The __sock_map_delete() call however uses a read, test, null over the map entry which can result in both paths trying to free the map entry. To fix use xchg in TCP paths as well so we avoid having two references to the same map entry. Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: John Fastabend --- net/core/sock_map.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 52d4faeee18b..28702f2e9a4a 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -276,16 +276,20 @@ static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test, struct sock **psk) { struct sock *sk; + int err = 0; raw_spin_lock_bh(&stab->lock); sk = *psk; if (!sk_test || sk_test == sk) - *psk = NULL; + sk = xchg(psk, NULL); + + if (likely(sk)) + sock_map_unref(sk, psk); + else + err = -EINVAL; + raw_spin_unlock_bh(&stab->lock); - if (unlikely(!sk)) - return -EINVAL; - sock_map_unref(sk, psk); - return 0; + return err; } static void sock_map_delete_from_link(struct bpf_map *map, struct sock *sk, From patchwork Fri Jul 19 17:29:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134228 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="cCEhw1Nf"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyhw6W99z9s7T for ; Sat, 20 Jul 2019 03:31:12 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731446AbfGSRbM (ORCPT ); Fri, 19 Jul 2019 13:31:12 -0400 Received: from mail-qk1-f196.google.com ([209.85.222.196]:35034 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731433AbfGSRbL (ORCPT ); Fri, 19 Jul 2019 13:31:11 -0400 Received: by mail-qk1-f196.google.com with SMTP id r21so23847514qke.2 for ; Fri, 19 Jul 2019 10:31:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/VfBYKXGqMN603JK/mOP746M3s/e0VEm3g6mJUQVwPg=; b=cCEhw1NfdSLPAkIExliXrXF1MaxRBVWKFBguxs2EyW8mkbFLGzfsPqiIOQSTRW9zUp p6ZqMNED7AnfuqGLyfaV6rM+bn4dVbZX/BqV6btqOEHFWp7eMfevRrGN+CLgFdjIn1ZU EcHyFTn3wZswOmsdlbycd8GxD5GlbgIhvftgi69p1TpOv+SBJngMuM1f/UKTS9+3iXj8 RHaLofgf3/bPPxdxK/YLL7ViQ5FFZ4lGVQy6hOalwQ/ex+iuhf1IIQSZqYw4hmybj4I9 VQvgJC+XNafRDeiaQpTqa5XlZe0dMw/JSSwpzqxSVI79Bna6sAWtH0MjuydAwFFs07Mh NpPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/VfBYKXGqMN603JK/mOP746M3s/e0VEm3g6mJUQVwPg=; b=VGI0QCiEHdTke7EB6d96huawm7f+2AJ7xEIDUmrNtBwdzIIekbl5sBMd5sf1plSMBq g4xkPufSPlLPFFPNuMEAXnq2bVhjUzkY1ggrjDUxYI6UpXYdPXqp1/eTrbU3bsNlIsPM INcv7zWdVxcmkgScSIL6taLEH/cPKs5gV/OSVBQQ5s8uuVuVvD3N4zeB7ZHl95l+7wd8 rmmyIMj5q/wK6V7Wj5j1DHJHFgoZ35JZTs3qi1sLbVs4FPcDEqvQgueA4pDRfgUqk82+ bu4X5GTkB46N9RdU4bDib5ie5okB5kCSGm8cqEWmIShCq1J6NZlcdTFJEucda9QUaY5N i6fA== X-Gm-Message-State: APjAAAWtdOGwBSLzKobPvEyEv1ZIZaT/PfpWBr+tb4IPNsY0eVbxL/lC exbEiIEfbEQ1TTffCqts49DNHg== X-Google-Smtp-Source: APXvYqwOpDCkEuRPMUtRhYP7hvcEZYVKI21TlNIcPKPrM2GMACY7oRN1w2xZtybC9l0m+JRYvlBamQ== X-Received: by 2002:ae9:e202:: with SMTP id c2mr33533918qkc.15.1563557470634; Fri, 19 Jul 2019 10:31:10 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:10 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH bpf v4 07/14] bpf: sockmap, synchronize_rcu before free'ing map Date: Fri, 19 Jul 2019 10:29:20 -0700 Message-Id: <20190719172927.18181-8-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: John Fastabend We need to have a synchronize_rcu before free'ing the sockmap because any outstanding psock references will have a pointer to the map and when they use this could trigger a use after free. Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: John Fastabend --- net/core/sock_map.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 28702f2e9a4a..56bcabe7c2f2 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -247,6 +247,8 @@ static void sock_map_free(struct bpf_map *map) raw_spin_unlock_bh(&stab->lock); rcu_read_unlock(); + synchronize_rcu(); + bpf_map_area_free(stab->sks); kfree(stab); } From patchwork Fri Jul 19 17:29:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134230 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="AjeF2M5J"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyhy6Xzvz9sBZ for ; Sat, 20 Jul 2019 03:31:14 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731461AbfGSRbN (ORCPT ); Fri, 19 Jul 2019 13:31:13 -0400 Received: from mail-qk1-f195.google.com ([209.85.222.195]:35035 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731455AbfGSRbN (ORCPT ); Fri, 19 Jul 2019 13:31:13 -0400 Received: by mail-qk1-f195.google.com with SMTP id r21so23847564qke.2 for ; Fri, 19 Jul 2019 10:31:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2MMCFCBJboEB1CIyV6dVGBXQRDYkVd8+DYCGoW0iWWE=; b=AjeF2M5J0BU1eQpiEOd0rKkfPUbNSRlth8FdcP8Rk+Hd8JlQ/sGAkCzuT20PJ+izCE Z6HtIg6NUXZ+VpIXRWMH0FqjsXZSkMUL0dGYc6FBBeK/tCoAYgNXKAJc4BNjU9jdmINL SsqezIaXnIAepoF0zqrLZ2BT0TshNhQ+nSXquZMovPNZg2rEWFVD21gLqcC4Sgzu6xaB aFKwzJUKsTnZy+Df1UGXgMhCXAfQl4obUz680uOWe2beItkT9VTLD2cYvlhBvA4o2S3z 0kHK9QRVXApKaNmYYvcGE13MeJi54C2WRjv55PEEDnKxleBBnEZ234DJgyvvWE7QbH7j 66KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2MMCFCBJboEB1CIyV6dVGBXQRDYkVd8+DYCGoW0iWWE=; b=G/i1uoeRU49DoFZGKPxJUIPTG+CNhIDgN2iSCm08X9NW/q2IwifASVoWrkCMn4chmc SinpLGpqJPxG0F/weCxteR1p1YPAmi6REYQnTB8b8RnHk4ts3JA7j4C+uGfvWfp9f/U4 g2DPehJrrwe2GhBeG/DnITE7bw1jZHWbggGKZmLnMYnoprJ54rklwMeAMEWmSIgkAlbk LoSsd2t+XnyzgPj3G4p18BfzMu71r4QXI0PhnZqoLtWjyTV6xKaOH2teRKR7mZHGBhC1 oTGfuMGRvaqHxFjYRGHhzpwbF1Jn9reIJ+bJfX8OeQCL3zy5EXqf1pITuDdM3KJ+Aq89 opEw== X-Gm-Message-State: APjAAAU3ASXQvSNcZJKfkirPY9ywZN87cI6uR6xbyZPhFiHJmHm+s8CE qkspZ0avuwGdp8ikeJ3oHezcWA== X-Google-Smtp-Source: APXvYqwSnFM499KiZ0X7Qn+TSKes60QYSIBBhJr7Ycrd5UAt1Ywy2z9C+oyJfDqCUgGTIKzFCsCOiA== X-Received: by 2002:a05:620a:533:: with SMTP id h19mr35861754qkh.325.1563557472146; Fri, 19 Jul 2019 10:31:12 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:11 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH bpf v4 08/14] bpf: sockmap, only create entry if ulp is not already enabled Date: Fri, 19 Jul 2019 10:29:21 -0700 Message-Id: <20190719172927.18181-9-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: John Fastabend Sockmap does not currently support adding sockets after TLS has been enabled. There never was a real use case for this so it was never added. But, we lost the test for ULP at some point so add it here and fail the socket insert if TLS is enabled. Future work could make sockmap support this use case but fixup the bug here. Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: John Fastabend --- net/core/sock_map.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 56bcabe7c2f2..1330a7442e5b 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -334,6 +334,7 @@ static int sock_map_update_common(struct bpf_map *map, u32 idx, struct sock *sk, u64 flags) { struct bpf_stab *stab = container_of(map, struct bpf_stab, map); + struct inet_connection_sock *icsk = inet_csk(sk); struct sk_psock_link *link; struct sk_psock *psock; struct sock *osk; @@ -344,6 +345,8 @@ static int sock_map_update_common(struct bpf_map *map, u32 idx, return -EINVAL; if (unlikely(idx >= map->max_entries)) return -E2BIG; + if (unlikely(icsk->icsk_ulp_data)) + return -EINVAL; link = sk_psock_init_link(); if (!link) From patchwork Fri Jul 19 17:29:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134233 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="RvZNFF1I"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyj10BJ6z9s7T for ; Sat, 20 Jul 2019 03:31:17 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731508AbfGSRbP (ORCPT ); Fri, 19 Jul 2019 13:31:15 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:38458 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731435AbfGSRbO (ORCPT ); Fri, 19 Jul 2019 13:31:14 -0400 Received: by mail-qt1-f193.google.com with SMTP id n11so31829541qtl.5 for ; Fri, 19 Jul 2019 10:31:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=FvdhCFEsoUoZw1zoRXv/xjAnG06uu2HXCns7yQeifDc=; b=RvZNFF1IP7r5uJaqFh1HFO2fBBvIPpRwAn7zJgWQe5Ayl/GjAt6t+nh+V3Ep4afu5p GWbLYzU/uWq2g+Yzbvxn78cCg5HFPurLJJ6F+VPKrYPLTriedcaONx4lEauBPK7DNtc1 MCA448WCYZ9gRc6IuktSRTrL8GWrMELd4VIhb2JFWgtHREqkPa/dQMPldFO7ynT04jgx NE/Ztb7lBBMmrXdsH23ndZdSvvjPF4R1sirR2qWybe/Oxm1PcvllvRdHVtOwO9vpiGp2 G87JrvtMP4tc0layp0zx00Wx/ekkAoKSTGz+6QHYvS9hg6SzytdEBj3zHTsMQQLOutK/ Z8iA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FvdhCFEsoUoZw1zoRXv/xjAnG06uu2HXCns7yQeifDc=; b=lAHV8Lw/JwV5D+FoMe/LKMnDDnHsgMCUjc151LH8qSHB5wqBad/DdQOHbUmFb46lTO cfD5mRB1nt5hvbQyF/fKi/5KSkVjPqvvhZ5mHznwKmy1GYw4N1UF6lHzepLHqAh5y09g SatKbwuPy0hEx4NQ+SHVQkyJIgC01Ul74TYmcTg3BM/YMyo+kz34zrV9DQe1vRgl2C7J Y0ss1WyARRcfI5/olI7cYyqP56CL6bNHsFRIABSDlVFDsJGlZiLvugh1rcG0zrthqZa/ CijpsOVbOS90cv6OZnj3tTykPiuogfU8RTZRSrUTj/62E9mzDRV5uNa9+ysm68Z3CfmE C+KA== X-Gm-Message-State: APjAAAU0v5A0SCK7WHNQDKxOdGQtlhh7CJQYgjjIKqp6++tJXXSjYdFY 6q0qMH7XtnX2Js6hvErIVsAxQg== X-Google-Smtp-Source: APXvYqyYQgspooizxbAVU8cCtrjjtkSBvNvPalG+O55/PbDHvb7OQ5ktlym57IMDuMGLUBYpW3mxGQ== X-Received: by 2002:a0c:c688:: with SMTP id d8mr39104800qvj.86.1563557473696; Fri, 19 Jul 2019 10:31:13 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:13 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, syzbot+06537213db7ba2745c4a@syzkaller.appspotmail.com, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 09/14] bpf: sockmap/tls, close can race with map free Date: Fri, 19 Jul 2019 10:29:22 -0700 Message-Id: <20190719172927.18181-10-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: John Fastabend When a map free is called and in parallel a socket is closed we have two paths that can potentially reset the socket prot ops, the bpf close() path and the map free path. This creates a problem with which prot ops should be used from the socket closed side. If the map_free side completes first then we want to call the original lowest level ops. However, if the tls path runs first we want to call the sockmap ops. Additionally there was no locking around prot updates in TLS code paths so the prot ops could be changed multiple times once from TLS path and again from sockmap side potentially leaving ops pointed at either TLS or sockmap when psock and/or tls context have already been destroyed. To fix this race first only update ops inside callback lock so that TLS, sockmap and lowest level all agree on prot state. Second and a ULP callback update() so that lower layers can inform the upper layer when they are being removed allowing the upper layer to reset prot ops. This gets us close to allowing sockmap and tls to be stacked in arbitrary order but will save that patch for *next trees. v4: - make sure we don't free things for device; - remove the checks which swap the callbacks back only if TLS is at the top. Reported-by: syzbot+06537213db7ba2745c4a@syzkaller.appspotmail.com Fixes: 02c558b2d5d6 ("bpf: sockmap, support for msg_peek in sk_msg with redirect ingress") Signed-off-by: John Fastabend Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- Let's add the check that TLS's callbacks are on top when stacking in any order is actually supported. Or perhaps let's just not support it until we fix the remaining bugs and races? --- include/linux/skmsg.h | 8 +++++++- include/net/tcp.h | 3 +++ net/core/skmsg.c | 4 ++-- net/ipv4/tcp_ulp.c | 13 +++++++++++++ net/tls/tls_main.c | 33 ++++++++++++++++++++++++++++----- 5 files changed, 53 insertions(+), 8 deletions(-) diff --git a/include/linux/skmsg.h b/include/linux/skmsg.h index 50ced8aba9db..e4b3fb4bb77c 100644 --- a/include/linux/skmsg.h +++ b/include/linux/skmsg.h @@ -354,7 +354,13 @@ static inline void sk_psock_restore_proto(struct sock *sk, sk->sk_write_space = psock->saved_write_space; if (psock->sk_proto) { - sk->sk_prot = psock->sk_proto; + struct inet_connection_sock *icsk = inet_csk(sk); + bool has_ulp = !!icsk->icsk_ulp_data; + + if (has_ulp) + tcp_update_ulp(sk, psock->sk_proto); + else + sk->sk_prot = psock->sk_proto; psock->sk_proto = NULL; } } diff --git a/include/net/tcp.h b/include/net/tcp.h index f42d300f0cfa..c82a23470081 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -2103,6 +2103,8 @@ struct tcp_ulp_ops { /* initialize ulp */ int (*init)(struct sock *sk); + /* update ulp */ + void (*update)(struct sock *sk, struct proto *p); /* cleanup ulp */ void (*release)(struct sock *sk); @@ -2114,6 +2116,7 @@ void tcp_unregister_ulp(struct tcp_ulp_ops *type); int tcp_set_ulp(struct sock *sk, const char *name); void tcp_get_available_ulp(char *buf, size_t len); void tcp_cleanup_ulp(struct sock *sk); +void tcp_update_ulp(struct sock *sk, struct proto *p); #define MODULE_ALIAS_TCP_ULP(name) \ __MODULE_INFO(alias, alias_userspace, name); \ diff --git a/net/core/skmsg.c b/net/core/skmsg.c index 93bffaad2135..6832eeb4b785 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -585,12 +585,12 @@ EXPORT_SYMBOL_GPL(sk_psock_destroy); void sk_psock_drop(struct sock *sk, struct sk_psock *psock) { - rcu_assign_sk_user_data(sk, NULL); sk_psock_cork_free(psock); sk_psock_zap_ingress(psock); - sk_psock_restore_proto(sk, psock); write_lock_bh(&sk->sk_callback_lock); + sk_psock_restore_proto(sk, psock); + rcu_assign_sk_user_data(sk, NULL); if (psock->progs.skb_parser) sk_psock_stop_strp(sk, psock); write_unlock_bh(&sk->sk_callback_lock); diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c index 3d8a1d835471..4849edb62d52 100644 --- a/net/ipv4/tcp_ulp.c +++ b/net/ipv4/tcp_ulp.c @@ -96,6 +96,19 @@ void tcp_get_available_ulp(char *buf, size_t maxlen) rcu_read_unlock(); } +void tcp_update_ulp(struct sock *sk, struct proto *proto) +{ + struct inet_connection_sock *icsk = inet_csk(sk); + + if (!icsk->icsk_ulp_ops) { + sk->sk_prot = proto; + return; + } + + if (icsk->icsk_ulp_ops->update) + icsk->icsk_ulp_ops->update(sk, proto); +} + void tcp_cleanup_ulp(struct sock *sk) { struct inet_connection_sock *icsk = inet_csk(sk); diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 48f1c26459d0..f208f8455ef2 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -328,7 +328,10 @@ static void tls_sk_proto_unhash(struct sock *sk) ctx = tls_get_ctx(sk); tls_sk_proto_cleanup(sk, ctx, timeo); + write_lock_bh(&sk->sk_callback_lock); icsk->icsk_ulp_data = NULL; + sk->sk_prot = ctx->sk_proto; + write_unlock_bh(&sk->sk_callback_lock); if (ctx->sk_proto->unhash) ctx->sk_proto->unhash(sk); @@ -337,7 +340,7 @@ static void tls_sk_proto_unhash(struct sock *sk) static void tls_sk_proto_close(struct sock *sk, long timeout) { - void (*sk_proto_close)(struct sock *sk, long timeout); + struct inet_connection_sock *icsk = inet_csk(sk); struct tls_context *ctx = tls_get_ctx(sk); long timeo = sock_sndtimeo(sk, 0); bool free_ctx; @@ -347,12 +350,15 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) lock_sock(sk); free_ctx = ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW; - sk_proto_close = ctx->sk_proto_close; if (ctx->tx_conf != TLS_BASE || ctx->rx_conf != TLS_BASE) tls_sk_proto_cleanup(sk, ctx, timeo); + write_lock_bh(&sk->sk_callback_lock); + if (free_ctx) + icsk->icsk_ulp_data = NULL; sk->sk_prot = ctx->sk_proto; + write_unlock_bh(&sk->sk_callback_lock); release_sock(sk); if (ctx->tx_conf == TLS_SW) tls_sw_free_ctx_tx(ctx); @@ -360,7 +366,7 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) tls_sw_strparser_done(ctx); if (ctx->rx_conf == TLS_SW) tls_sw_free_ctx_rx(ctx); - sk_proto_close(sk, timeout); + ctx->sk_proto_close(sk, timeout); if (free_ctx) tls_ctx_free(ctx); @@ -827,7 +833,7 @@ static int tls_init(struct sock *sk) int rc = 0; if (tls_hw_prot(sk)) - goto out; + return 0; /* The TLS ulp is currently supported only for TCP sockets * in ESTABLISHED state. @@ -838,22 +844,38 @@ static int tls_init(struct sock *sk) if (sk->sk_state != TCP_ESTABLISHED) return -ENOTSUPP; + tls_build_proto(sk); + /* allocate tls context */ + write_lock_bh(&sk->sk_callback_lock); ctx = create_ctx(sk); if (!ctx) { rc = -ENOMEM; goto out; } - tls_build_proto(sk); ctx->tx_conf = TLS_BASE; ctx->rx_conf = TLS_BASE; ctx->sk_proto = sk->sk_prot; update_sk_prot(sk, ctx); out: + write_unlock_bh(&sk->sk_callback_lock); return rc; } +static void tls_update(struct sock *sk, struct proto *p) +{ + struct tls_context *ctx; + + ctx = tls_get_ctx(sk); + if (likely(ctx)) { + ctx->sk_proto_close = p->close; + ctx->sk_proto = p; + } else { + sk->sk_prot = p; + } +} + void tls_register_device(struct tls_device *device) { spin_lock_bh(&device_spinlock); @@ -874,6 +896,7 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = { .name = "tls", .owner = THIS_MODULE, .init = tls_init, + .update = tls_update, }; static int __init tls_register(void) From patchwork Fri Jul 19 17:29:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134234 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="Gz8vfa1B"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyj23Srlz9s3Z for ; Sat, 20 Jul 2019 03:31:18 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731529AbfGSRbR (ORCPT ); Fri, 19 Jul 2019 13:31:17 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:41723 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731492AbfGSRbQ (ORCPT ); Fri, 19 Jul 2019 13:31:16 -0400 Received: by mail-qt1-f194.google.com with SMTP id d17so31752414qtj.8 for ; Fri, 19 Jul 2019 10:31:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+VvFeyw1azZq//RJ4RswMMne/9sZEWOtXmC4Y/HkVhg=; b=Gz8vfa1BvZwIYVZF7NblfQU7jC31feP2eoeZkRbusEVGjLSJO+Kt+snMb1kssn7zpF METbVky0Gi+bsZC8nV6Hf84xC5XdQO0Eb9nKHWgQ1vHTcvvioA9hDNHciNC8WXjJFo5Z Fls0HvKEUFVCMQlCfqebMSyvJErdysS8N8z7ngg8oWW8X7ZFEP3/Q/VZXTE2pXYAtzK4 HbpRG0eoZButSvyjjZhfF0cUFchyfW2u9fTDfy+bZfQkI4KMnDPeOlMP77niNuP6yOVe xmH77aB53OFFfrdYWHzwtTF/F8CaO9BxAlsQtl66EMYUYg+mBjN229A1+vZUV4DzWfGS sDPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+VvFeyw1azZq//RJ4RswMMne/9sZEWOtXmC4Y/HkVhg=; b=sZQr3anOJe96/rZ43l30qtm/ahy8GEdDmESywCq0ri4FINnjUdsChfI65yzjf+gkrn EfX5evcHMkjQUZ8ZsFGVB0zB+eijecFlkQqdNK3CxZS31WQshqnzUWmTQ7jOh7+oxJGa ZSZ4zQiYnQxfdkOgY7aPILdelzbZmtyl3gQkIE+HPK3vOoPGyLwbtrZAdIxIPUtp8F7D 6SacwVKseneTZxoGghVuZppPefjZ8SMcFTtOmceUqkNs6p58Lck66MI4T5c8/pOqcSjq dJwrK/REvkjv5/El1Qu3eE5FsO2Y9JrtniqcYZFe4Nzxd7j/ZlmOYv5wCiz3Ym4OYdt0 TcOw== X-Gm-Message-State: APjAAAXHF3bbADBrYc5FMgNAFAn7IeMWrkvwdqnJz85ZsYFt75Be/o55 vXt8Jy8TCIxGhnravolD29R/FA== X-Google-Smtp-Source: APXvYqxc38bhYZIZAj9hVQsSEWG4zo8HA1tRTDKp/YtbJ7hdBylj73GihOxuQtTHus0S4gdE/Vcqlg== X-Received: by 2002:a0c:9895:: with SMTP id f21mr38011254qvd.123.1563557475147; Fri, 19 Jul 2019 10:31:15 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:14 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 10/14] selftests/tls: add a test for ULP but no keys Date: Fri, 19 Jul 2019 10:29:23 -0700 Message-Id: <20190719172927.18181-11-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Make sure we test the TLS_BASE/TLS_BASE case both with data and the tear down/clean up path. Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- tools/testing/selftests/net/tls.c | 74 +++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 090fff9dbc48..194826fee4f7 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -25,6 +25,80 @@ #define TLS_PAYLOAD_MAX_LEN 16384 #define SOL_TLS 282 +#ifndef ENOTSUPP +#define ENOTSUPP 524 +#endif + +FIXTURE(tls_basic) +{ + int fd, cfd; + bool notls; +}; + +FIXTURE_SETUP(tls_basic) +{ + struct sockaddr_in addr; + socklen_t len; + int sfd, ret; + + self->notls = false; + len = sizeof(addr); + + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = htonl(INADDR_ANY); + addr.sin_port = 0; + + self->fd = socket(AF_INET, SOCK_STREAM, 0); + sfd = socket(AF_INET, SOCK_STREAM, 0); + + ret = bind(sfd, &addr, sizeof(addr)); + ASSERT_EQ(ret, 0); + ret = listen(sfd, 10); + ASSERT_EQ(ret, 0); + + ret = getsockname(sfd, &addr, &len); + ASSERT_EQ(ret, 0); + + ret = connect(self->fd, &addr, sizeof(addr)); + ASSERT_EQ(ret, 0); + + self->cfd = accept(sfd, &addr, &len); + ASSERT_GE(self->cfd, 0); + + close(sfd); + + ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); + if (ret != 0) { + ASSERT_EQ(errno, ENOTSUPP); + self->notls = true; + printf("Failure setting TCP_ULP, testing without tls\n"); + return; + } + + ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); + ASSERT_EQ(ret, 0); +} + +FIXTURE_TEARDOWN(tls_basic) +{ + close(self->fd); + close(self->cfd); +} + +/* Send some data through with ULP but no keys */ +TEST_F(tls_basic, base_base) +{ + char const *test_str = "test_read"; + int send_len = 10; + char buf[10]; + + ASSERT_EQ(strlen(test_str) + 1, send_len); + + EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); + EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); + EXPECT_EQ(memcmp(buf, test_str, send_len), 0); +}; + FIXTURE(tls) { int fd, cfd; From patchwork Fri Jul 19 17:29:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134235 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="lueMyQB5"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyj32hR1z9s7T for ; Sat, 20 Jul 2019 03:31:19 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731558AbfGSRbS (ORCPT ); Fri, 19 Jul 2019 13:31:18 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:34889 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731515AbfGSRbR (ORCPT ); Fri, 19 Jul 2019 13:31:17 -0400 Received: by mail-qt1-f195.google.com with SMTP id d23so31849035qto.2 for ; Fri, 19 Jul 2019 10:31:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fV4ph13BVFW/+1nr5Bj/fvQhIU+OIFSNkY2BpnkSbfA=; b=lueMyQB5z0oY8OSQ7RFnZ9OnzjSD6kJS1yc62Y6ZUmlgZskJrtxfv3ldWrejhxDJcZ Sx3VXfozsEOLhwQMzO57uBHc0awqfPbJxUJdEVfTPCKOkbtmxCL+6Xss8TlByHc4j7gt rY6IGcfV39DthB+KB3juzMnNKZ04913opqrUCJMEZv1ehmq1lrcxVcDwgAH1TLzUY4Zr UxG6+8E/DGCgsOG6dBP+qyni6uPIdgux45+4+IaJwSD2PGBn/0SU32cqwsltVnsMPm3g Lb3BX3xwQM5y24NSqMc4I+x4AHQdGlMRf9Ti5+F+Ruv5fMECpxBfHKRbP1ttmEQSQecj j9Sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fV4ph13BVFW/+1nr5Bj/fvQhIU+OIFSNkY2BpnkSbfA=; b=RWp0wRyfOP7bJMi1tUpDWcyoLOGqkAfM2KUSNIEc3xifmf5lNTBoODHHww0kHGTEb3 PDyv0r6WZQuo5VsiS39LEmGSCNscmwG5KnYtsEGriB9FXU7RCIM0+gRa+fo3z7xLRzd8 cFKSNHcle4K6VwDgYsCpT6povqiTZIEhqEd8dVtj8qN3AKE6OVZ30s4HBFsZM8tnYNVV XLE6cKapPtFwyQjXwigV3uJ60XqqhBTVzBGWuQyK+KQ/GDWvq+Ju+B+9yoham0BIYE2o 6LNSbqMipLmrFFhF1D0D++OLEN4YDPdavB4I5S/KL16DRXIWnpWtiJ9+94+thrFOWBus gVww== X-Gm-Message-State: APjAAAWnHWr4mD7nmxL/ODdAtQ8DF+6vqGF0vAnN/Ux+WYDlV8xaA7eP PfSPyEzKBOkfzRGlaybYWDVOIQ== X-Google-Smtp-Source: APXvYqxaqJ/Lly6yEscJToMESM9ucwo+FS/i1kkn71ENSDhCL7vPQLgV1ApmLDHtp3ym3thqpLX3Ew== X-Received: by 2002:a0c:e001:: with SMTP id j1mr39415835qvk.110.1563557476569; Fri, 19 Jul 2019 10:31:16 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:16 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 11/14] selftests/tls: test error codes around TLS ULP installation Date: Fri, 19 Jul 2019 10:29:24 -0700 Message-Id: <20190719172927.18181-12-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Test the error codes returned when TCP connection is not in ESTABLISHED state. Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- tools/testing/selftests/net/tls.c | 52 +++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 194826fee4f7..10df77326d34 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -911,6 +911,58 @@ TEST_F(tls, control_msg) EXPECT_EQ(memcmp(buf, test_str, send_len), 0); } +TEST(non_established) { + struct tls12_crypto_info_aes_gcm_256 tls12; + struct sockaddr_in addr; + int sfd, ret, fd; + socklen_t len; + + len = sizeof(addr); + + memset(&tls12, 0, sizeof(tls12)); + tls12.info.version = TLS_1_2_VERSION; + tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; + + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = htonl(INADDR_ANY); + addr.sin_port = 0; + + fd = socket(AF_INET, SOCK_STREAM, 0); + sfd = socket(AF_INET, SOCK_STREAM, 0); + + ret = bind(sfd, &addr, sizeof(addr)); + ASSERT_EQ(ret, 0); + ret = listen(sfd, 10); + ASSERT_EQ(ret, 0); + + ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); + EXPECT_EQ(ret, -1); + /* TLS ULP not supported */ + if (errno == ENOENT) + return; + EXPECT_EQ(errno, ENOTSUPP); + + ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); + EXPECT_EQ(ret, -1); + EXPECT_EQ(errno, ENOTSUPP); + + ret = getsockname(sfd, &addr, &len); + ASSERT_EQ(ret, 0); + + ret = connect(fd, &addr, sizeof(addr)); + ASSERT_EQ(ret, 0); + + ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); + ASSERT_EQ(ret, 0); + + ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); + EXPECT_EQ(ret, -1); + EXPECT_EQ(errno, EEXIST); + + close(fd); + close(sfd); +} + TEST(keysizes) { struct tls12_crypto_info_aes_gcm_256 tls12; struct sockaddr_in addr; From patchwork Fri Jul 19 17:29:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134237 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="PYjGAaaW"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyj44ZkQz9s3Z for ; Sat, 20 Jul 2019 03:31:20 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731515AbfGSRbT (ORCPT ); Fri, 19 Jul 2019 13:31:19 -0400 Received: from mail-qk1-f195.google.com ([209.85.222.195]:36955 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731555AbfGSRbT (ORCPT ); Fri, 19 Jul 2019 13:31:19 -0400 Received: by mail-qk1-f195.google.com with SMTP id d15so23794867qkl.4 for ; Fri, 19 Jul 2019 10:31:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7VrBXI+Na9+8mcq/nWA7YVHUWoLagxU6hdpQa6o/wPA=; b=PYjGAaaW3+58knGCgQKQHmx0SnNmALUi7xHBvgDHnjxVX/+pwmmlDt9ymYdrDMLIs0 CCFD/KtwlxSm4h9aNjnL+knY+aUzz+a+ddxaU2PeKGiKEHvfGKOG/pVLUkDbEcbe7LAJ fWW2fJfpYGGbxvbGrWkJ0DkT6s7pq5eqrtQcu5mIWY9fb5yoyfkzJyYMJi1cx1fwvnLu cs1czdw0FaHpgUXIEkwrZMwXpviiQ6T4J/oszK3Jy2J7HI+4YNvYQK6kZhLH4oclu+WK kElwIYGLbnqGT0c/j8mK/GsqdbLNMbREWvyguvGkejFsycy7QXUvmXFnwnh0FQKX4m0W jsyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7VrBXI+Na9+8mcq/nWA7YVHUWoLagxU6hdpQa6o/wPA=; b=PDvOaz2UK8NTW6zJq5gis2OMSKwzsFXKmP/ep3SGzTO4bPZxqEUHrMmsF04tJwxE1S vxb9Ip5bwDmDF1q7gDdVzzoR9ai+4rQUeWwSMmKAE8Voq+yla/FXCkWmSvbHZtDSEcPQ ThttTmuzWKgVDP/47jvJWo3VK7l6swnAjlrRES06PkFSYxHl4DbrkWMZRYbUdS2aDPrv HjWXPRZLzFqVztIZ1lm8WV7meI5TsSANLy7XEJlPznnwELK0yAWWYUGx7NNy9V6eON3D nbD+lQwpFkemc7K8QhfBW4n+dkdcb5jZhNB8Ep5hKnUsQo5zmEQ/Za9vQt59t+T5uRvc x9Xg== X-Gm-Message-State: APjAAAUlmPTh9ezs0/35wy8pncTEuuOYu/OZP5vsSPz+318LfvzBQ9sA K7WA0Wt58cf/h1bmnvu6WFd3qKKYIe4= X-Google-Smtp-Source: APXvYqxCSj6v2Z9PjNSmGnFGfJ+CVoAgNgS4p3Lb5IIIaxTvwvnLJt2rdbBovTmwXemZKwPAUZA/UQ== X-Received: by 2002:ae9:df81:: with SMTP id t123mr35799519qkf.372.1563557478036; Fri, 19 Jul 2019 10:31:18 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:17 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 12/14] selftests/tls: add a bidirectional test Date: Fri, 19 Jul 2019 10:29:25 -0700 Message-Id: <20190719172927.18181-13-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Add a simple test which installs the TLS state for both directions, sends and receives data on both sockets. Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- tools/testing/selftests/net/tls.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 10df77326d34..6d78bd050813 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -684,6 +684,37 @@ TEST_F(tls, recv_lowat) EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0); } +TEST_F(tls, bidir) +{ + struct tls12_crypto_info_aes_gcm_128 tls12; + char const *test_str = "test_read"; + int send_len = 10; + char buf[10]; + int ret; + + memset(&tls12, 0, sizeof(tls12)); + tls12.info.version = TLS_1_3_VERSION; + tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128; + + ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12, sizeof(tls12)); + ASSERT_EQ(ret, 0); + + ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12, sizeof(tls12)); + ASSERT_EQ(ret, 0); + + ASSERT_EQ(strlen(test_str) + 1, send_len); + + EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); + EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); + EXPECT_EQ(memcmp(buf, test_str, send_len), 0); + + memset(buf, 0, sizeof(buf)); + + EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len); + EXPECT_NE(recv(self->fd, buf, send_len, 0), -1); + EXPECT_EQ(memcmp(buf, test_str, send_len), 0); +}; + TEST_F(tls, pollin) { char const *test_str = "test_poll"; From patchwork Fri Jul 19 17:29:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134239 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="BKsEJ3v3"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyj61Bzvz9s7T for ; Sat, 20 Jul 2019 03:31:22 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731608AbfGSRbV (ORCPT ); Fri, 19 Jul 2019 13:31:21 -0400 Received: from mail-qk1-f195.google.com ([209.85.222.195]:45967 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731555AbfGSRbU (ORCPT ); Fri, 19 Jul 2019 13:31:20 -0400 Received: by mail-qk1-f195.google.com with SMTP id s22so23814928qkj.12 for ; Fri, 19 Jul 2019 10:31:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=N+R2ea1tEKnOYXNzoo9m2ROYIh/qM2HPnBPxGnIkdkQ=; b=BKsEJ3v3ZS94sYuU/t2aaHruyRnKYAqrrc9cu3awBtV8DtZRkOTVLJWVvHl2vtWO0b GDOtE4E6kI1M5ZxHZH9bJbU0fgQR05DmnPySk29uSWiG3cqW8VnGAnufsSEvYA4ede7X giw0rrvom7HbgLMz5LCeMGjZeZqdZqy6zF8qHu8dyAf89HcL2E8oIEEEM6Mk36CiqqFY iBNtyub3FEU65zLQd69UFWC1pKfH35P60SzD/HOjdYYMn9KgtDzPoAyqyFFzOqV+r7TP /al3kmgyZp6a0yR0JqAMuNAwOi63z5sd9q0rxIrvAPHDpxm4qQl/7OTit8jOOLb2MqEq G5rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=N+R2ea1tEKnOYXNzoo9m2ROYIh/qM2HPnBPxGnIkdkQ=; b=DkissDsdpZ11JdRrwAV3zbK2BC5q+e1RjHYXVzU/Fs2PNphWD48fAAoEIWrAvojFIJ wpMQnd7xIjoZrKtaeC4/42EMrIpRVGRiRcOrYAxDk1a4j84NJknaDNoKsS0dLnGTN7Pa ThCUejERKcO20yhZY1DTONOci/zshJFT9IV8Fm0d8uBsuTyCiFajJtomBkpXQeU6AVsl sigSG0BZ54874GuCOP7TtQVfVLmlwtRsv/9AsatoTXWuJQCnbGLCTW7yl7K7xo0OdKdV t7z8rrpjor2NDlQYShBmJIJpGjC5UjzqxWrqR6GNyqyXURY7ogkX1eoGKpJCXNHT61+X F3Gw== X-Gm-Message-State: APjAAAUPVEUWN0K5Z/rSCuwQRNhDvSPw+UehjcquMM25kXbVYlsXBpnZ 2RS1FxEKVr9D69qKaEv30mEF1g== X-Google-Smtp-Source: APXvYqzrJf5pk7gDUSHmXQBjh95+wfb01Z1BxyQ6E2v++pRaw/BdH7EBtcQlNklcOD1j3SDC6i5wqA== X-Received: by 2002:ae9:eb16:: with SMTP id b22mr31713340qkg.160.1563557479697; Fri, 19 Jul 2019 10:31:19 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:19 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 13/14] selftests/tls: close the socket with open record Date: Fri, 19 Jul 2019 10:29:26 -0700 Message-Id: <20190719172927.18181-14-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Add test which sends some data with MSG_MORE and then closes the socket (never calling send without MSG_MORE). This should make sure we clean up open records correctly. Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- tools/testing/selftests/net/tls.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 6d78bd050813..94a86ca882de 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -239,6 +239,16 @@ TEST_F(tls, msg_more) EXPECT_EQ(memcmp(buf, test_str, send_len), 0); } +TEST_F(tls, msg_more_unsent) +{ + char const *test_str = "test_read"; + int send_len = 10; + char buf[10]; + + EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); + EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); +} + TEST_F(tls, sendmsg_single) { struct msghdr msg; From patchwork Fri Jul 19 17:29:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1134241 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="yZizlLNj"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45qyj85hKxz9s7T for ; Sat, 20 Jul 2019 03:31:24 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731619AbfGSRbW (ORCPT ); Fri, 19 Jul 2019 13:31:22 -0400 Received: from mail-qk1-f194.google.com ([209.85.222.194]:44490 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731577AbfGSRbW (ORCPT ); Fri, 19 Jul 2019 13:31:22 -0400 Received: by mail-qk1-f194.google.com with SMTP id d79so23771073qke.11 for ; Fri, 19 Jul 2019 10:31:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=v9pxN+7gjk03qL7CRFdYVls1HBWJfJg+h1DcC3IAeAU=; b=yZizlLNjHZQx7cxD3ZD23WidJVkLZeFgm0V07gDv4kc92hRjqL+bmFlD6oGpmbanoi X5RLb6sV2NxH0unvhOv+RuT6utcRH2ZpT5YUAOFOqxdGu6oOUR8H5+4v7WQG+hcg3+Tj z3+aWhiDQr4ginPjBb2Q78T8juj/VdaatufRKrdJhu3OCxgbyG7+WpG8yV7cQVkfWwYP zZiGDEoWRETBR7OCFhf3xba985jcR3RLbgo1EyDXC3/7wGkzo7/kEenPWQ8MF0lx8Tpn DPOPrQW7ArWHWkLwMnoOYlrvna/o84Mrkr2+hoKbkzkKUvJPtric/5GNVev0WcOi3WGO zeOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=v9pxN+7gjk03qL7CRFdYVls1HBWJfJg+h1DcC3IAeAU=; b=bkbJ+5QYsBNz51QQNT7F2md/eGZ+4UsC59+rpg5DBRiQnfkPAxu31SfrVVl9Fpze82 qOd858KEa6UZxjCV4sOP3BRiuLgjPNSX8/ICMZc7WQDwZu2z61RwfIdsy2bIdh/GO5gl KYGsjiH8w5prAXTs5sJpJ4thDKFF3a8kUVdZuIlDPFDEjNnMXVQtsPbXTF5y9aRYPJSx G7O1zsJRaHhOT3cOWlqKsSERMSKJTNBR22LQKQomhmhYhC6XXPF2tN3nl0mds/fD2yGu IekUZiRkJuQ4EekOwlfTEEn9J5BEvuhiyTT6aXNWAHXVZ4izjkXsoXycluymnu12sZXZ W6iQ== X-Gm-Message-State: APjAAAV8Uvkiq3v7BZ3w6uBZM/JccsIDAZYKn8NkYC5KZYdliz0r9Vtd ah5yxzNzF3+SYoBFdPd881++SQ== X-Google-Smtp-Source: APXvYqyBlhieHfpS6Q2xbEu766mRiGMUiwe57hv3Icv1K7dkvMBJVMZKN96DwD0SSyqb2inPBgBORg== X-Received: by 2002:a37:404b:: with SMTP id n72mr35536907qka.109.1563557481142; Fri, 19 Jul 2019 10:31:21 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id y3sm15568509qtj.46.2019.07.19.10.31.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 10:31:20 -0700 (PDT) From: Jakub Kicinski To: john.fastabend@gmail.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net Cc: edumazet@google.com, netdev@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe Subject: [PATCH bpf v4 14/14] selftests/tls: add shutdown tests Date: Fri, 19 Jul 2019 10:29:27 -0700 Message-Id: <20190719172927.18181-15-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190719172927.18181-1-jakub.kicinski@netronome.com> References: <20190719172927.18181-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Add test for killing the connection via shutdown. Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe --- tools/testing/selftests/net/tls.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 94a86ca882de..630c5b884d43 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -952,6 +952,33 @@ TEST_F(tls, control_msg) EXPECT_EQ(memcmp(buf, test_str, send_len), 0); } +TEST_F(tls, shutdown) +{ + char const *test_str = "test_read"; + int send_len = 10; + char buf[10]; + + ASSERT_EQ(strlen(test_str) + 1, send_len); + + EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); + EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); + EXPECT_EQ(memcmp(buf, test_str, send_len), 0); + + shutdown(self->fd, SHUT_RDWR); + shutdown(self->cfd, SHUT_RDWR); +} + +TEST_F(tls, shutdown_unsent) +{ + char const *test_str = "test_read"; + int send_len = 10; + + EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); + + shutdown(self->fd, SHUT_RDWR); + shutdown(self->cfd, SHUT_RDWR); +} + TEST(non_established) { struct tls12_crypto_info_aes_gcm_256 tls12; struct sockaddr_in addr;