projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tls: rename MAX_IV_SIZE to TLS_MAX_IV_SIZE
[linux-block.git] / net / tls / tls_main.c
CommitLineData
3c4d7559
DW		 1/*
2 * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
3 * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
4 *
5 * This software is available to you under a choice of one of two
6 * licenses. You may choose to be licensed under the terms of the GNU
7 * General Public License (GPL) Version 2, available from the file
8 * COPYING in the main directory of this source tree, or the
9 * OpenIB.org BSD license below:
10 *
11 * Redistribution and use in source and binary forms, with or
12 * without modification, are permitted provided that the following
13 * conditions are met:
14 *
15 * - Redistributions of source code must retain the above
16 * copyright notice, this list of conditions and the following
17 * disclaimer.
18 *
19 * - Redistributions in binary form must reproduce the above
20 * copyright notice, this list of conditions and the following
21 * disclaimer in the documentation and/or other materials
22 * provided with the distribution.
23 *
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 * SOFTWARE.
32 */
33
34#include <linux/module.h>
35
36#include <net/tcp.h>
37#include <net/inet_common.h>
38#include <linux/highmem.h>
39#include <linux/netdevice.h>
40#include <linux/sched/signal.h>
dd0bed16 41#include <linux/inetdevice.h>
26811cc9 42#include <linux/inet_diag.h>
3c4d7559 43
d26b698d 44#include <net/snmp.h>
3c4d7559 45#include <net/tls.h>
25a3cd81 46#include <net/tls_toe.h>
3c4d7559 47
58790314
JK		 48#include "tls.h"
49
3c4d7559
DW		 50MODULE_AUTHOR("Mellanox Technologies");
51MODULE_DESCRIPTION("Transport Layer Security Support");
52MODULE_LICENSE("Dual BSD/GPL");
037b0b86 53MODULE_ALIAS_TCP_ULP("tls");
3c4d7559 54
c113187d
BP		 55enum {
56 TLSV4,
57 TLSV6,
58 TLS_NUM_PROTS,
59};
6d88207f 60
0d98cc02 61#define CHECK_CIPHER_DESC(cipher,ci) \
bee6b7b3 62 static_assert(cipher ## _IV_SIZE <= TLS_MAX_IV_SIZE); \
0d98cc02
SD		 63 static_assert(cipher ## _REC_SEQ_SIZE <= TLS_MAX_REC_SEQ_SIZE); \
64 static_assert(cipher ## _TAG_SIZE == TLS_TAG_SIZE); \
65 static_assert(sizeof_field(struct ci, iv) == cipher ## _IV_SIZE); \
66 static_assert(sizeof_field(struct ci, key) == cipher ## _KEY_SIZE); \
67 static_assert(sizeof_field(struct ci, salt) == cipher ## _SALT_SIZE); \
68 static_assert(sizeof_field(struct ci, rec_seq) == cipher ## _REC_SEQ_SIZE);
69
176a3f50
SD		 70#define __CIPHER_DESC(ci) \
71 .iv_offset = offsetof(struct ci, iv), \
72 .key_offset = offsetof(struct ci, key), \
73 .salt_offset = offsetof(struct ci, salt), \
74 .rec_seq_offset = offsetof(struct ci, rec_seq), \
75 .crypto_info = sizeof(struct ci)
76
77#define CIPHER_DESC(cipher,ci,algname,_offloadable) [cipher - TLS_CIPHER_MIN] = { \
78 .nonce = cipher ## _IV_SIZE, \
79 .iv = cipher ## _IV_SIZE, \
80 .key = cipher ## _KEY_SIZE, \
81 .salt = cipher ## _SALT_SIZE, \
82 .tag = cipher ## _TAG_SIZE, \
83 .rec_seq = cipher ## _REC_SEQ_SIZE, \
84 .cipher_name = algname, \
85 .offloadable = _offloadable, \
86 __CIPHER_DESC(ci), \
87}
88
89#define CIPHER_DESC_NONCE0(cipher,ci,algname,_offloadable) [cipher - TLS_CIPHER_MIN] = { \
90 .nonce = 0, \
2d2c5ea2
TT		 91 .iv = cipher ## _IV_SIZE, \
92 .key = cipher ## _KEY_SIZE, \
93 .salt = cipher ## _SALT_SIZE, \
94 .tag = cipher ## _TAG_SIZE, \
95 .rec_seq = cipher ## _REC_SEQ_SIZE, \
176a3f50
SD		 96 .cipher_name = algname, \
97 .offloadable = _offloadable, \
98 __CIPHER_DESC(ci), \
2d2c5ea2
TT		 99}
100
8db44ab2 101const struct tls_cipher_desc tls_cipher_desc[TLS_CIPHER_MAX + 1 - TLS_CIPHER_MIN] = {
176a3f50
SD		 102 CIPHER_DESC(TLS_CIPHER_AES_GCM_128, tls12_crypto_info_aes_gcm_128, "gcm(aes)", true),
103 CIPHER_DESC(TLS_CIPHER_AES_GCM_256, tls12_crypto_info_aes_gcm_256, "gcm(aes)", true),
104 CIPHER_DESC(TLS_CIPHER_AES_CCM_128, tls12_crypto_info_aes_ccm_128, "ccm(aes)", false),
105 CIPHER_DESC_NONCE0(TLS_CIPHER_CHACHA20_POLY1305, tls12_crypto_info_chacha20_poly1305, "rfc7539(chacha20,poly1305)", false),
106 CIPHER_DESC(TLS_CIPHER_SM4_GCM, tls12_crypto_info_sm4_gcm, "gcm(sm4)", false),
107 CIPHER_DESC(TLS_CIPHER_SM4_CCM, tls12_crypto_info_sm4_ccm, "ccm(sm4)", false),
108 CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto_info_aria_gcm_128, "gcm(aria)", false),
109 CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256, "gcm(aria)", false),
2d2c5ea2
TT		 110};
111
0d98cc02
SD		 112CHECK_CIPHER_DESC(TLS_CIPHER_AES_GCM_128, tls12_crypto_info_aes_gcm_128);
113CHECK_CIPHER_DESC(TLS_CIPHER_AES_GCM_256, tls12_crypto_info_aes_gcm_256);
114CHECK_CIPHER_DESC(TLS_CIPHER_AES_CCM_128, tls12_crypto_info_aes_ccm_128);
115CHECK_CIPHER_DESC(TLS_CIPHER_CHACHA20_POLY1305, tls12_crypto_info_chacha20_poly1305);
116CHECK_CIPHER_DESC(TLS_CIPHER_SM4_GCM, tls12_crypto_info_sm4_gcm);
117CHECK_CIPHER_DESC(TLS_CIPHER_SM4_CCM, tls12_crypto_info_sm4_ccm);
118CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto_info_aria_gcm_128);
119CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256);
120
f691a25c 121static const struct proto *saved_tcpv6_prot;
c113187d 122static DEFINE_MUTEX(tcpv6_prot_mutex);
f691a25c 123static const struct proto *saved_tcpv4_prot;
28cb6f1e 124static DEFINE_MUTEX(tcpv4_prot_mutex);
f66de3ee 125static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG];
f3911f73 126static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG];
63a6b3fe 127static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
f13fe3e6 128 const struct proto *base);
6d88207f 129
08700dab 130void update_sk_prot(struct sock *sk, struct tls_context *ctx)
6d88207f 131{
c113187d
BP		 132 int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
133
d5bee737
JS		 134 WRITE_ONCE(sk->sk_prot,
135 &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]);
f3911f73
JK		 136 WRITE_ONCE(sk->sk_socket->ops,
137 &tls_proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]);
6d88207f 138}
3c4d7559
DW		 139
140int wait_on_pending_writer(struct sock *sk, long *timeo)
141{
142 int rc = 0;
143 DEFINE_WAIT_FUNC(wait, woken_wake_function);
144
145 add_wait_queue(sk_sleep(sk), &wait);
146 while (1) {
147 if (!*timeo) {
148 rc = -EAGAIN;
149 break;
150 }
151
152 if (signal_pending(current)) {
153 rc = sock_intr_errno(*timeo);
154 break;
155 }
156
d0ac89f6
ED		 157 if (sk_wait_event(sk, timeo,
158 !READ_ONCE(sk->sk_write_pending), &wait))
3c4d7559
DW		 159 break;
160 }
161 remove_wait_queue(sk_sleep(sk), &wait);
162 return rc;
163}
164
165int tls_push_sg(struct sock *sk,
166 struct tls_context *ctx,
167 struct scatterlist *sg,
168 u16 first_offset,
169 int flags)
170{
e117dcfd
DH		 171 struct bio_vec bvec;
172 struct msghdr msg = {
b848b26c 173 .msg_flags = MSG_SPLICE_PAGES | flags,
e117dcfd 174 };
3c4d7559
DW		 175 int ret = 0;
176 struct page *p;
177 size_t size;
178 int offset = first_offset;
179
180 size = sg->length - offset;
181 offset += sg->offset;
182
e117dcfd 183 ctx->splicing_pages = true;
3c4d7559 184 while (1) {
3c4d7559
DW		 185 /* is sending application-limited? */
186 tcp_rate_check_app_limited(sk);
187 p = sg_page(sg);
188retry:
e117dcfd
DH		 189 bvec_set_page(&bvec, p, size, offset);
190 iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size);
191
192 ret = tcp_sendmsg_locked(sk, &msg, size);
3c4d7559
DW		 193
194 if (ret != size) {
195 if (ret > 0) {
196 offset += ret;
197 size -= ret;
198 goto retry;
199 }
200
201 offset -= sg->offset;
202 ctx->partially_sent_offset = offset;
203 ctx->partially_sent_record = (void *)sg;
e117dcfd 204 ctx->splicing_pages = false;
3c4d7559
DW		 205 return ret;
206 }
207
208 put_page(p);
209 sk_mem_uncharge(sk, sg->length);
210 sg = sg_next(sg);
211 if (!sg)
212 break;
213
214 offset = sg->offset;
215 size = sg->length;
216 }
217
e117dcfd 218 ctx->splicing_pages = false;
3c4d7559
DW		 219
220 return 0;
221}
222
223static int tls_handle_open_record(struct sock *sk, int flags)
224{
225 struct tls_context *ctx = tls_get_ctx(sk);
226
227 if (tls_is_pending_open_record(ctx))
228 return ctx->push_pending_record(sk, flags);
229
230 return 0;
231}
232
58790314
JK		 233int tls_process_cmsg(struct sock *sk, struct msghdr *msg,
234 unsigned char *record_type)
3c4d7559
DW		 235{
236 struct cmsghdr *cmsg;
237 int rc = -EINVAL;
238
239 for_each_cmsghdr(cmsg, msg) {
240 if (!CMSG_OK(msg, cmsg))
241 return -EINVAL;
242 if (cmsg->cmsg_level != SOL_TLS)
243 continue;
244
245 switch (cmsg->cmsg_type) {
246 case TLS_SET_RECORD_TYPE:
247 if (cmsg->cmsg_len < CMSG_LEN(sizeof(*record_type)))
248 return -EINVAL;
249
250 if (msg->msg_flags & MSG_MORE)
251 return -EINVAL;
252
253 rc = tls_handle_open_record(sk, msg->msg_flags);
254 if (rc)
255 return rc;
256
257 *record_type = *(unsigned char *)CMSG_DATA(cmsg);
258 rc = 0;
259 break;
260 default:
261 return -EINVAL;
262 }
263 }
264
265 return rc;
266}
267
a42055e8
VG		 268int tls_push_partial_record(struct sock *sk, struct tls_context *ctx,
269 int flags)
3c4d7559
DW		 270{
271 struct scatterlist *sg;
272 u16 offset;
273
3c4d7559
DW		 274 sg = ctx->partially_sent_record;
275 offset = ctx->partially_sent_offset;
276
277 ctx->partially_sent_record = NULL;
278 return tls_push_sg(sk, ctx, sg, offset, flags);
279}
280
c5daa6cc 281void tls_free_partial_record(struct sock *sk, struct tls_context *ctx)
35b71a34
JK		 282{
283 struct scatterlist *sg;
284
c5daa6cc 285 for (sg = ctx->partially_sent_record; sg; sg = sg_next(sg)) {
35b71a34
JK		 286 put_page(sg_page(sg));
287 sk_mem_uncharge(sk, sg->length);
35b71a34
JK		 288 }
289 ctx->partially_sent_record = NULL;
35b71a34
JK		 290}
291
3c4d7559
DW		 292static void tls_write_space(struct sock *sk)
293{
294 struct tls_context *ctx = tls_get_ctx(sk);
295
e117dcfd 296 /* If splicing_pages call lower protocol write space handler
67db7cd2 297 * to ensure we wake up any waiting operations there. For example
e117dcfd 298 * if splicing pages where to call sk_wait_event.
67db7cd2 299 */
e117dcfd 300 if (ctx->splicing_pages) {
67db7cd2 301 ctx->sk_write_space(sk);
c212d2c7 302 return;
67db7cd2 303 }
c212d2c7 304
7463d3a2
BP		 305#ifdef CONFIG_TLS_DEVICE
306 if (ctx->tx_conf == TLS_HW)
307 tls_device_write_space(sk, ctx);
308 else
309#endif
310 tls_sw_write_space(sk, ctx);
4504ab0e
VG		 311
312 ctx->sk_write_space(sk);
3c4d7559
DW		 313}
314
15a7dea7
JK		 315/**
316 * tls_ctx_free() - free TLS ULP context
317 * @sk: socket to with @ctx is attached
318 * @ctx: TLS context structure
319 *
320 * Free TLS context. If @sk is %NULL caller guarantees that the socket
321 * to which @ctx was attached has no outstanding references.
322 */
323void tls_ctx_free(struct sock *sk, struct tls_context *ctx)
86029d10
SD		 324{
325 if (!ctx)
326 return;
327
328 memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send));
329 memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv));
79ffe608 330 mutex_destroy(&ctx->tx_lock);
15a7dea7
JK		 331
332 if (sk)
333 kfree_rcu(ctx, rcu);
334 else
335 kfree(ctx);
86029d10
SD		 336}
337
313ab004
JF		 338static void tls_sk_proto_cleanup(struct sock *sk,
339 struct tls_context *ctx, long timeo)
3c4d7559 340{
9354544c
DM		 341 if (unlikely(sk->sk_write_pending) &&
342 !wait_on_pending_writer(sk, &timeo))
3c4d7559
DW		 343 tls_handle_open_record(sk, 0);
344
f66de3ee
BP		 345 /* We need these for tls_sw_fallback handling of other packets */
346 if (ctx->tx_conf == TLS_SW) {
f66de3ee 347 kfree(ctx->tx.iv);
313ab004 348 tls_sw_release_resources_tx(sk);
b32fd3cc 349 TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW);
35b71a34
JK		 350 } else if (ctx->tx_conf == TLS_HW) {
351 tls_device_free_resources_tx(sk);
b32fd3cc 352 TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE);
f66de3ee 353 }
3c4d7559 354
b32fd3cc 355 if (ctx->rx_conf == TLS_SW) {
313ab004 356 tls_sw_release_resources_rx(sk);
b32fd3cc
JK		 357 TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW);
358 } else if (ctx->rx_conf == TLS_HW) {
4799ac81 359 tls_device_offload_cleanup_rx(sk);
b32fd3cc
JK		 360 TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE);
361 }
313ab004
JF		 362}
363
364static void tls_sk_proto_close(struct sock *sk, long timeout)
365{
95fa1454 366 struct inet_connection_sock *icsk = inet_csk(sk);
313ab004
JF		 367 struct tls_context *ctx = tls_get_ctx(sk);
368 long timeo = sock_sndtimeo(sk, 0);
369 bool free_ctx;
370
371 if (ctx->tx_conf == TLS_SW)
372 tls_sw_cancel_work_tx(ctx);
373
374 lock_sock(sk);
375 free_ctx = ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW;
313ab004
JF		 376
377 if (ctx->tx_conf != TLS_BASE || ctx->rx_conf != TLS_BASE)
378 tls_sk_proto_cleanup(sk, ctx, timeo);
e8f69799 379
95fa1454
JF		 380 write_lock_bh(&sk->sk_callback_lock);
381 if (free_ctx)
15a7dea7 382 rcu_assign_pointer(icsk->icsk_ulp_data, NULL);
d5bee737 383 WRITE_ONCE(sk->sk_prot, ctx->sk_proto);
d85f0177
JF		 384 if (sk->sk_write_space == tls_write_space)
385 sk->sk_write_space = ctx->sk_write_space;
95fa1454 386 write_unlock_bh(&sk->sk_callback_lock);
3c4d7559 387 release_sock(sk);
313ab004
JF		 388 if (ctx->tx_conf == TLS_SW)
389 tls_sw_free_ctx_tx(ctx);
390 if (ctx->rx_conf == TLS_SW || ctx->rx_conf == TLS_HW)
391 tls_sw_strparser_done(ctx);
392 if (ctx->rx_conf == TLS_SW)
393 tls_sw_free_ctx_rx(ctx);
be7bbea1 394 ctx->sk_proto->close(sk, timeout);
313ab004 395
98f0a395 396 if (free_ctx)
15a7dea7 397 tls_ctx_free(sk, ctx);
3c4d7559
DW		 398}
399
121dca78
JK		 400static __poll_t tls_sk_poll(struct file *file, struct socket *sock,
401 struct poll_table_struct *wait)
402{
403 struct tls_sw_context_rx *ctx;
404 struct tls_context *tls_ctx;
405 struct sock *sk = sock->sk;
406 struct sk_psock *psock;
407 __poll_t mask = 0;
408 u8 shutdown;
409 int state;
410
411 mask = tcp_poll(file, sock, wait);
412
413 state = inet_sk_state_load(sk);
414 shutdown = READ_ONCE(sk->sk_shutdown);
415 if (unlikely(state != TCP_ESTABLISHED || shutdown & RCV_SHUTDOWN))
416 return mask;
417
418 tls_ctx = tls_get_ctx(sk);
419 ctx = tls_sw_ctx_rx(tls_ctx);
420 psock = sk_psock_get(sk);
421
422 if (skb_queue_empty_lockless(&ctx->rx_list) &&
423 !tls_strp_msg_ready(ctx) &&
424 sk_psock_queue_empty(psock))
425 mask &= ~(EPOLLIN | EPOLLRDNORM);
426
427 if (psock)
428 sk_psock_put(sk, psock);
429
430 return mask;
431}
432
ffa81fa4
YH		 433static int do_tls_getsockopt_conf(struct sock *sk, char __user *optval,
434 int __user *optlen, int tx)
3c4d7559
DW		 435{
436 int rc = 0;
077e05d1 437 const struct tls_cipher_desc *cipher_desc;
3c4d7559
DW		 438 struct tls_context *ctx = tls_get_ctx(sk);
439 struct tls_crypto_info *crypto_info;
ffa81fa4 440 struct cipher_context *cctx;
3c4d7559
DW		 441 int len;
442
443 if (get_user(len, optlen))
444 return -EFAULT;
445
446 if (!optval || (len < sizeof(*crypto_info))) {
447 rc = -EINVAL;
448 goto out;
449 }
450
451 if (!ctx) {
452 rc = -EBUSY;
453 goto out;
454 }
455
456 /* get user crypto info */
ffa81fa4
YH		 457 if (tx) {
458 crypto_info = &ctx->crypto_send.info;
459 cctx = &ctx->tx;
460 } else {
461 crypto_info = &ctx->crypto_recv.info;
462 cctx = &ctx->rx;
463 }
3c4d7559
DW		 464
465 if (!TLS_CRYPTO_INFO_READY(crypto_info)) {
466 rc = -EBUSY;
467 goto out;
468 }
469
5a3b886c 470 if (len == sizeof(*crypto_info)) {
ac55cd61
DC		 471 if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
472 rc = -EFAULT;
3c4d7559
DW		 473 goto out;
474 }
475
077e05d1
SD		 476 cipher_desc = get_cipher_desc(crypto_info->cipher_type);
477 if (!cipher_desc || len != cipher_desc->crypto_info) {
3c4d7559 478 rc = -EINVAL;
077e05d1 479 goto out;
3c4d7559
DW		 480 }
481
077e05d1
SD		 482 memcpy(crypto_info_iv(crypto_info, cipher_desc),
483 cctx->iv + cipher_desc->salt, cipher_desc->iv);
484 memcpy(crypto_info_rec_seq(crypto_info, cipher_desc),
485 cctx->rec_seq, cipher_desc->rec_seq);
486
487 if (copy_to_user(optval, crypto_info, cipher_desc->crypto_info))
488 rc = -EFAULT;
489
3c4d7559
DW		 490out:
491 return rc;
492}
493
c1318b39
BP		 494static int do_tls_getsockopt_tx_zc(struct sock *sk, char __user *optval,
495 int __user *optlen)
496{
497 struct tls_context *ctx = tls_get_ctx(sk);
498 unsigned int value;
499 int len;
500
501 if (get_user(len, optlen))
502 return -EFAULT;
503
504 if (len != sizeof(value))
505 return -EINVAL;
506
507 value = ctx->zerocopy_sendfile;
508 if (copy_to_user(optval, &value, sizeof(value)))
509 return -EFAULT;
510
511 return 0;
512}
513
88527790
JK		 514static int do_tls_getsockopt_no_pad(struct sock *sk, char __user *optval,
515 int __user *optlen)
516{
517 struct tls_context *ctx = tls_get_ctx(sk);
57128e98 518 int value, len;
88527790
JK		 519
520 if (ctx->prot_info.version != TLS_1_3_VERSION)
521 return -EINVAL;
522
523 if (get_user(len, optlen))
524 return -EFAULT;
525 if (len < sizeof(value))
526 return -EINVAL;
527
57128e98 528 value = -EINVAL;
88527790
JK		 529 if (ctx->rx_conf == TLS_SW || ctx->rx_conf == TLS_HW)
530 value = ctx->rx_no_pad;
57128e98
JK		 531 if (value < 0)
532 return value;
88527790
JK		 533
534 if (put_user(sizeof(value), optlen))
535 return -EFAULT;
536 if (copy_to_user(optval, &value, sizeof(value)))
537 return -EFAULT;
538
539 return 0;
540}
541
3c4d7559
DW		 542static int do_tls_getsockopt(struct sock *sk, int optname,
543 char __user *optval, int __user *optlen)
544{
545 int rc = 0;
546
49c47cc2
HH		 547 lock_sock(sk);
548
3c4d7559
DW		 549 switch (optname) {
550 case TLS_TX:
ffa81fa4
YH		 551 case TLS_RX:
552 rc = do_tls_getsockopt_conf(sk, optval, optlen,
553 optname == TLS_TX);
3c4d7559 554 break;
b489a6e5 555 case TLS_TX_ZEROCOPY_RO:
c1318b39
BP		 556 rc = do_tls_getsockopt_tx_zc(sk, optval, optlen);
557 break;
88527790
JK		 558 case TLS_RX_EXPECT_NO_PAD:
559 rc = do_tls_getsockopt_no_pad(sk, optval, optlen);
560 break;
3c4d7559
DW		 561 default:
562 rc = -ENOPROTOOPT;
563 break;
564 }
49c47cc2
HH		 565
566 release_sock(sk);
567
3c4d7559
DW		 568 return rc;
569}
570
571static int tls_getsockopt(struct sock *sk, int level, int optname,
572 char __user *optval, int __user *optlen)
573{
574 struct tls_context *ctx = tls_get_ctx(sk);
575
576 if (level != SOL_TLS)
be7bbea1
JK		 577 return ctx->sk_proto->getsockopt(sk, level,
578 optname, optval, optlen);
3c4d7559
DW		 579
580 return do_tls_getsockopt(sk, optname, optval, optlen);
581}
582
a7b75c5a 583static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
c46234eb 584 unsigned int optlen, int tx)
3c4d7559 585{
196c31b4 586 struct tls_crypto_info *crypto_info;
4509de14 587 struct tls_crypto_info *alt_crypto_info;
3c4d7559 588 struct tls_context *ctx = tls_get_ctx(sk);
5f309ade 589 const struct tls_cipher_desc *cipher_desc;
3c4d7559 590 int rc = 0;
58371585 591 int conf;
3c4d7559 592
1ddcbfbf
ZX		 593 if (sockptr_is_null(optval) || (optlen < sizeof(*crypto_info)))
594 return -EINVAL;
3c4d7559 595
4509de14 596 if (tx) {
86029d10 597 crypto_info = &ctx->crypto_send.info;
4509de14
VG		 598 alt_crypto_info = &ctx->crypto_recv.info;
599 } else {
86029d10 600 crypto_info = &ctx->crypto_recv.info;
4509de14
VG		 601 alt_crypto_info = &ctx->crypto_send.info;
602 }
c46234eb 603
196c31b4 604 /* Currently we don't support set crypto info more than one time */
1ddcbfbf
ZX		 605 if (TLS_CRYPTO_INFO_READY(crypto_info))
606 return -EBUSY;
196c31b4 607
a7b75c5a 608 rc = copy_from_sockptr(crypto_info, optval, sizeof(*crypto_info));
3c4d7559
DW		 609 if (rc) {
610 rc = -EFAULT;
257082e6 611 goto err_crypto_info;
3c4d7559
DW		 612 }
613
614 /* check version */
130b392c
DW		 615 if (crypto_info->version != TLS_1_2_VERSION &&
616 crypto_info->version != TLS_1_3_VERSION) {
4a5cdc60 617 rc = -EINVAL;
196c31b4 618 goto err_crypto_info;
3c4d7559
DW		 619 }
620
4509de14
VG		 621 /* Ensure that TLS version and ciphers are same in both directions */
622 if (TLS_CRYPTO_INFO_READY(alt_crypto_info)) {
623 if (alt_crypto_info->version != crypto_info->version ||
624 alt_crypto_info->cipher_type != crypto_info->cipher_type) {
625 rc = -EINVAL;
626 goto err_crypto_info;
627 }
628 }
629
5f309ade
SD		 630 cipher_desc = get_cipher_desc(crypto_info->cipher_type);
631 if (!cipher_desc) {
632 rc = -EINVAL;
633 goto err_crypto_info;
3c4d7559 634 }
5f309ade
SD		 635
636 switch (crypto_info->cipher_type) {
62e56ef5 637 case TLS_CIPHER_ARIA_GCM_128:
62e56ef5
TY		 638 case TLS_CIPHER_ARIA_GCM_256:
639 if (crypto_info->version != TLS_1_2_VERSION) {
640 rc = -EINVAL;
641 goto err_crypto_info;
642 }
62e56ef5 643 break;
3c4d7559
DW		 644 }
645
5f309ade 646 if (optlen != cipher_desc->crypto_info) {
f295b3ae
VG		 647 rc = -EINVAL;
648 goto err_crypto_info;
649 }
650
d3c48151
CH		 651 rc = copy_from_sockptr_offset(crypto_info + 1, optval,
652 sizeof(*crypto_info),
653 optlen - sizeof(*crypto_info));
f295b3ae
VG		 654 if (rc) {
655 rc = -EFAULT;
656 goto err_crypto_info;
657 }
658
c46234eb 659 if (tx) {
e8f69799
IL		 660 rc = tls_set_device_offload(sk, ctx);
661 conf = TLS_HW;
b32fd3cc
JK		 662 if (!rc) {
663 TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXDEVICE);
664 TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE);
665 } else {
e8f69799 666 rc = tls_set_sw_offload(sk, ctx, 1);
318892ac
JK		 667 if (rc)
668 goto err_crypto_info;
b32fd3cc
JK		 669 TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXSW);
670 TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW);
e8f69799
IL		 671 conf = TLS_SW;
672 }
c46234eb 673 } else {
4799ac81
BP		 674 rc = tls_set_device_offload_rx(sk, ctx);
675 conf = TLS_HW;
b32fd3cc
JK		 676 if (!rc) {
677 TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXDEVICE);
678 TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE);
679 } else {
4799ac81 680 rc = tls_set_sw_offload(sk, ctx, 0);
318892ac
JK		 681 if (rc)
682 goto err_crypto_info;
b32fd3cc
JK		 683 TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXSW);
684 TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW);
4799ac81
BP		 685 conf = TLS_SW;
686 }
313ab004 687 tls_sw_strparser_arm(sk, ctx);
c46234eb
DW		 688 }
689
f66de3ee
BP		 690 if (tx)
691 ctx->tx_conf = conf;
692 else
693 ctx->rx_conf = conf;
6d88207f 694 update_sk_prot(sk, ctx);
c46234eb
DW		 695 if (tx) {
696 ctx->sk_write_space = sk->sk_write_space;
697 sk->sk_write_space = tls_write_space;
84c61fe1
JK		 698 } else {
699 struct tls_sw_context_rx *rx_ctx = tls_sw_ctx_rx(ctx);
700
701 tls_strp_check_rcv(&rx_ctx->strp);
c46234eb 702 }
1ddcbfbf 703 return 0;
3c4d7559
DW		 704
705err_crypto_info:
c844eb46 706 memzero_explicit(crypto_info, sizeof(union tls_crypto_context));
3c4d7559
DW		 707 return rc;
708}
709
c1318b39
BP		 710static int do_tls_setsockopt_tx_zc(struct sock *sk, sockptr_t optval,
711 unsigned int optlen)
712{
713 struct tls_context *ctx = tls_get_ctx(sk);
714 unsigned int value;
715
716 if (sockptr_is_null(optval) || optlen != sizeof(value))
717 return -EINVAL;
718
719 if (copy_from_sockptr(&value, optval, sizeof(value)))
720 return -EFAULT;
721
722 if (value > 1)
723 return -EINVAL;
724
725 ctx->zerocopy_sendfile = value;
726
727 return 0;
728}
729
88527790
JK		 730static int do_tls_setsockopt_no_pad(struct sock *sk, sockptr_t optval,
731 unsigned int optlen)
732{
733 struct tls_context *ctx = tls_get_ctx(sk);
734 u32 val;
735 int rc;
736
737 if (ctx->prot_info.version != TLS_1_3_VERSION ||
738 sockptr_is_null(optval) || optlen < sizeof(val))
739 return -EINVAL;
740
741 rc = copy_from_sockptr(&val, optval, sizeof(val));
742 if (rc)
743 return -EFAULT;
744 if (val > 1)
745 return -EINVAL;
746 rc = check_zeroed_sockptr(optval, sizeof(val), optlen - sizeof(val));
747 if (rc < 1)
748 return rc == 0 ? -EINVAL : rc;
749
750 lock_sock(sk);
751 rc = -EINVAL;
752 if (ctx->rx_conf == TLS_SW || ctx->rx_conf == TLS_HW) {
753 ctx->rx_no_pad = val;
754 tls_update_rx_zc_capable(ctx);
755 rc = 0;
756 }
757 release_sock(sk);
758
759 return rc;
760}
761
a7b75c5a
CH		 762static int do_tls_setsockopt(struct sock *sk, int optname, sockptr_t optval,
763 unsigned int optlen)
3c4d7559
DW		 764{
765 int rc = 0;
766
767 switch (optname) {
768 case TLS_TX:
c46234eb 769 case TLS_RX:
3c4d7559 770 lock_sock(sk);
c46234eb
DW		 771 rc = do_tls_setsockopt_conf(sk, optval, optlen,
772 optname == TLS_TX);
3c4d7559
DW		 773 release_sock(sk);
774 break;
b489a6e5 775 case TLS_TX_ZEROCOPY_RO:
c1318b39
BP		 776 lock_sock(sk);
777 rc = do_tls_setsockopt_tx_zc(sk, optval, optlen);
778 release_sock(sk);
779 break;
88527790
JK		 780 case TLS_RX_EXPECT_NO_PAD:
781 rc = do_tls_setsockopt_no_pad(sk, optval, optlen);
782 break;
3c4d7559
DW		 783 default:
784 rc = -ENOPROTOOPT;
785 break;
786 }
787 return rc;
788}
789
790static int tls_setsockopt(struct sock *sk, int level, int optname,
a7b75c5a 791 sockptr_t optval, unsigned int optlen)
3c4d7559
DW		 792{
793 struct tls_context *ctx = tls_get_ctx(sk);
794
795 if (level != SOL_TLS)
be7bbea1
JK		 796 return ctx->sk_proto->setsockopt(sk, level, optname, optval,
797 optlen);
3c4d7559
DW		 798
799 return do_tls_setsockopt(sk, optname, optval, optlen);
800}
801
08700dab 802struct tls_context *tls_ctx_create(struct sock *sk)
dd0bed16
AG		 803{
804 struct inet_connection_sock *icsk = inet_csk(sk);
805 struct tls_context *ctx;
806
c6ec179a 807 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
dd0bed16
AG		 808 if (!ctx)
809 return NULL;
810
79ffe608 811 mutex_init(&ctx->tx_lock);
15a7dea7 812 rcu_assign_pointer(icsk->icsk_ulp_data, ctx);
d5bee737 813 ctx->sk_proto = READ_ONCE(sk->sk_prot);
c55dcdd4 814 ctx->sk = sk;
dd0bed16
AG		 815 return ctx;
816}
817
f3911f73
JK		 818static void build_proto_ops(struct proto_ops ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
819 const struct proto_ops *base)
820{
821 ops[TLS_BASE][TLS_BASE] = *base;
822
823 ops[TLS_SW ][TLS_BASE] = ops[TLS_BASE][TLS_BASE];
df720d28 824 ops[TLS_SW ][TLS_BASE].splice_eof = tls_sw_splice_eof;
f3911f73
JK		 825
826 ops[TLS_BASE][TLS_SW ] = ops[TLS_BASE][TLS_BASE];
827 ops[TLS_BASE][TLS_SW ].splice_read = tls_sw_splice_read;
121dca78 828 ops[TLS_BASE][TLS_SW ].poll = tls_sk_poll;
662fbcec 829 ops[TLS_BASE][TLS_SW ].read_sock = tls_sw_read_sock;
f3911f73
JK		 830
831 ops[TLS_SW ][TLS_SW ] = ops[TLS_SW ][TLS_BASE];
832 ops[TLS_SW ][TLS_SW ].splice_read = tls_sw_splice_read;
121dca78 833 ops[TLS_SW ][TLS_SW ].poll = tls_sk_poll;
662fbcec 834 ops[TLS_SW ][TLS_SW ].read_sock = tls_sw_read_sock;
f3911f73
JK		 835
836#ifdef CONFIG_TLS_DEVICE
837 ops[TLS_HW ][TLS_BASE] = ops[TLS_BASE][TLS_BASE];
f3911f73
JK		 838
839 ops[TLS_HW ][TLS_SW ] = ops[TLS_BASE][TLS_SW ];
f3911f73
JK		 840
841 ops[TLS_BASE][TLS_HW ] = ops[TLS_BASE][TLS_SW ];
842
843 ops[TLS_SW ][TLS_HW ] = ops[TLS_SW ][TLS_SW ];
844
845 ops[TLS_HW ][TLS_HW ] = ops[TLS_HW ][TLS_SW ];
f3911f73
JK		 846#endif
847#ifdef CONFIG_TLS_TOE
848 ops[TLS_HW_RECORD][TLS_HW_RECORD] = *base;
849#endif
850}
851
63a6b3fe
AG		 852static void tls_build_proto(struct sock *sk)
853{
854 int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
9a893949 855 struct proto *prot = READ_ONCE(sk->sk_prot);
63a6b3fe
AG		 856
857 /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */
858 if (ip_ver == TLSV6 &&
5bb4c45d 859 unlikely(prot != smp_load_acquire(&saved_tcpv6_prot))) {
63a6b3fe 860 mutex_lock(&tcpv6_prot_mutex);
5bb4c45d
JS		 861 if (likely(prot != saved_tcpv6_prot)) {
862 build_protos(tls_prots[TLSV6], prot);
f3911f73
JK		 863 build_proto_ops(tls_proto_ops[TLSV6],
864 sk->sk_socket->ops);
5bb4c45d 865 smp_store_release(&saved_tcpv6_prot, prot);
63a6b3fe
AG		 866 }
867 mutex_unlock(&tcpv6_prot_mutex);
868 }
869
870 if (ip_ver == TLSV4 &&
5bb4c45d 871 unlikely(prot != smp_load_acquire(&saved_tcpv4_prot))) {
63a6b3fe 872 mutex_lock(&tcpv4_prot_mutex);
5bb4c45d
JS		 873 if (likely(prot != saved_tcpv4_prot)) {
874 build_protos(tls_prots[TLSV4], prot);
f3911f73
JK		 875 build_proto_ops(tls_proto_ops[TLSV4],
876 sk->sk_socket->ops);
5bb4c45d 877 smp_store_release(&saved_tcpv4_prot, prot);
63a6b3fe
AG		 878 }
879 mutex_unlock(&tcpv4_prot_mutex);
880 }
881}
882
f66de3ee 883static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
f13fe3e6 884 const struct proto *base)
c113187d 885{
f66de3ee
BP		 886 prot[TLS_BASE][TLS_BASE] = *base;
887 prot[TLS_BASE][TLS_BASE].setsockopt = tls_setsockopt;
888 prot[TLS_BASE][TLS_BASE].getsockopt = tls_getsockopt;
889 prot[TLS_BASE][TLS_BASE].close = tls_sk_proto_close;
890
891 prot[TLS_SW][TLS_BASE] = prot[TLS_BASE][TLS_BASE];
892 prot[TLS_SW][TLS_BASE].sendmsg = tls_sw_sendmsg;
df720d28 893 prot[TLS_SW][TLS_BASE].splice_eof = tls_sw_splice_eof;
f66de3ee
BP		 894
895 prot[TLS_BASE][TLS_SW] = prot[TLS_BASE][TLS_BASE];
924ad65e 896 prot[TLS_BASE][TLS_SW].recvmsg = tls_sw_recvmsg;
7b50ecfc 897 prot[TLS_BASE][TLS_SW].sock_is_readable = tls_sw_sock_is_readable;
924ad65e 898 prot[TLS_BASE][TLS_SW].close = tls_sk_proto_close;
f66de3ee
BP		 899
900 prot[TLS_SW][TLS_SW] = prot[TLS_SW][TLS_BASE];
924ad65e 901 prot[TLS_SW][TLS_SW].recvmsg = tls_sw_recvmsg;
7b50ecfc 902 prot[TLS_SW][TLS_SW].sock_is_readable = tls_sw_sock_is_readable;
924ad65e 903 prot[TLS_SW][TLS_SW].close = tls_sk_proto_close;
f66de3ee 904
e8f69799
IL		 905#ifdef CONFIG_TLS_DEVICE
906 prot[TLS_HW][TLS_BASE] = prot[TLS_BASE][TLS_BASE];
907 prot[TLS_HW][TLS_BASE].sendmsg = tls_device_sendmsg;
d4c1e80b 908 prot[TLS_HW][TLS_BASE].splice_eof = tls_device_splice_eof;
e8f69799
IL		 909
910 prot[TLS_HW][TLS_SW] = prot[TLS_BASE][TLS_SW];
911 prot[TLS_HW][TLS_SW].sendmsg = tls_device_sendmsg;
d4c1e80b 912 prot[TLS_HW][TLS_SW].splice_eof = tls_device_splice_eof;
4799ac81
BP		 913
914 prot[TLS_BASE][TLS_HW] = prot[TLS_BASE][TLS_SW];
915
916 prot[TLS_SW][TLS_HW] = prot[TLS_SW][TLS_SW];
917
918 prot[TLS_HW][TLS_HW] = prot[TLS_HW][TLS_SW];
e8f69799 919#endif
53b4414a 920#ifdef CONFIG_TLS_TOE
f66de3ee 921 prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base;
0eb8745e
JK		 922 prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_toe_hash;
923 prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_toe_unhash;
53b4414a 924#endif
c113187d
BP		 925}
926
3c4d7559
DW		 927static int tls_init(struct sock *sk)
928{
3c4d7559
DW		 929 struct tls_context *ctx;
930 int rc = 0;
931
16bed0e6
JK		 932 tls_build_proto(sk);
933
53b4414a 934#ifdef CONFIG_TLS_TOE
0eb8745e 935 if (tls_toe_bypass(sk))
95fa1454 936 return 0;
53b4414a 937#endif
dd0bed16 938
d91c3e17
IL		 939 /* The TLS ulp is currently supported only for TCP sockets
940 * in ESTABLISHED state.
941 * Supporting sockets in LISTEN state will require us
942 * to modify the accept implementation to clone rather then
943 * share the ulp context.
944 */
945 if (sk->sk_state != TCP_ESTABLISHED)
4a5cdc60 946 return -ENOTCONN;
d91c3e17 947
3c4d7559 948 /* allocate tls context */
95fa1454 949 write_lock_bh(&sk->sk_callback_lock);
08700dab 950 ctx = tls_ctx_create(sk);
3c4d7559
DW		 951 if (!ctx) {
952 rc = -ENOMEM;
953 goto out;
954 }
6d88207f 955
f66de3ee
BP		 956 ctx->tx_conf = TLS_BASE;
957 ctx->rx_conf = TLS_BASE;
6d88207f 958 update_sk_prot(sk, ctx);
3c4d7559 959out:
95fa1454 960 write_unlock_bh(&sk->sk_callback_lock);
3c4d7559
DW		 961 return rc;
962}
963
33bfe20d
JF		 964static void tls_update(struct sock *sk, struct proto *p,
965 void (*write_space)(struct sock *sk))
95fa1454
JF		 966{
967 struct tls_context *ctx;
968
e34a07c0
JK		 969 WARN_ON_ONCE(sk->sk_prot == p);
970
95fa1454 971 ctx = tls_get_ctx(sk);
33bfe20d
JF		 972 if (likely(ctx)) {
973 ctx->sk_write_space = write_space;
95fa1454 974 ctx->sk_proto = p;
33bfe20d 975 } else {
b8e202d1
JS		 976 /* Pairs with lockless read in sk_clone_lock(). */
977 WRITE_ONCE(sk->sk_prot, p);
33bfe20d
JF		 978 sk->sk_write_space = write_space;
979 }
95fa1454
JF		 980}
981
58790314
JK		 982static u16 tls_user_config(struct tls_context *ctx, bool tx)
983{
984 u16 config = tx ? ctx->tx_conf : ctx->rx_conf;
985
986 switch (config) {
987 case TLS_BASE:
988 return TLS_CONF_BASE;
989 case TLS_SW:
990 return TLS_CONF_SW;
991 case TLS_HW:
992 return TLS_CONF_HW;
993 case TLS_HW_RECORD:
994 return TLS_CONF_HW_RECORD;
995 }
996 return 0;
997}
998
26811cc9
DC		 999static int tls_get_info(const struct sock *sk, struct sk_buff *skb)
1000{
1001 u16 version, cipher_type;
1002 struct tls_context *ctx;
1003 struct nlattr *start;
1004 int err;
1005
1006 start = nla_nest_start_noflag(skb, INET_ULP_INFO_TLS);
1007 if (!start)
1008 return -EMSGSIZE;
1009
1010 rcu_read_lock();
1011 ctx = rcu_dereference(inet_csk(sk)->icsk_ulp_data);
1012 if (!ctx) {
1013 err = 0;
1014 goto nla_failure;
1015 }
1016 version = ctx->prot_info.version;
1017 if (version) {
1018 err = nla_put_u16(skb, TLS_INFO_VERSION, version);
1019 if (err)
1020 goto nla_failure;
1021 }
1022 cipher_type = ctx->prot_info.cipher_type;
1023 if (cipher_type) {
1024 err = nla_put_u16(skb, TLS_INFO_CIPHER, cipher_type);
1025 if (err)
1026 goto nla_failure;
1027 }
1028 err = nla_put_u16(skb, TLS_INFO_TXCONF, tls_user_config(ctx, true));
1029 if (err)
1030 goto nla_failure;
1031
1032 err = nla_put_u16(skb, TLS_INFO_RXCONF, tls_user_config(ctx, false));
1033 if (err)
1034 goto nla_failure;
1035
c1318b39 1036 if (ctx->tx_conf == TLS_HW && ctx->zerocopy_sendfile) {
b489a6e5 1037 err = nla_put_flag(skb, TLS_INFO_ZC_RO_TX);
c1318b39
BP		 1038 if (err)
1039 goto nla_failure;
1040 }
88527790
JK		 1041 if (ctx->rx_no_pad) {
1042 err = nla_put_flag(skb, TLS_INFO_RX_NO_PAD);
1043 if (err)
1044 goto nla_failure;
1045 }
c1318b39 1046
26811cc9
DC		 1047 rcu_read_unlock();
1048 nla_nest_end(skb, start);
1049 return 0;
1050
1051nla_failure:
1052 rcu_read_unlock();
1053 nla_nest_cancel(skb, start);
1054 return err;
1055}
1056
1057static size_t tls_get_info_size(const struct sock *sk)
1058{
1059 size_t size = 0;
1060
1061 size += nla_total_size(0) + /* INET_ULP_INFO_TLS */
1062 nla_total_size(sizeof(u16)) + /* TLS_INFO_VERSION */
1063 nla_total_size(sizeof(u16)) + /* TLS_INFO_CIPHER */
1064 nla_total_size(sizeof(u16)) + /* TLS_INFO_RXCONF */
1065 nla_total_size(sizeof(u16)) + /* TLS_INFO_TXCONF */
b489a6e5 1066 nla_total_size(0) + /* TLS_INFO_ZC_RO_TX */
88527790 1067 nla_total_size(0) + /* TLS_INFO_RX_NO_PAD */
26811cc9
DC		 1068 0;
1069
1070 return size;
1071}
1072
d26b698d
JK		 1073static int __net_init tls_init_net(struct net *net)
1074{
1075 int err;
1076
1077 net->mib.tls_statistics = alloc_percpu(struct linux_tls_mib);
1078 if (!net->mib.tls_statistics)
1079 return -ENOMEM;
1080
1081 err = tls_proc_init(net);
1082 if (err)
1083 goto err_free_stats;
1084
1085 return 0;
1086err_free_stats:
1087 free_percpu(net->mib.tls_statistics);
1088 return err;
1089}
1090
1091static void __net_exit tls_exit_net(struct net *net)
1092{
1093 tls_proc_fini(net);
1094 free_percpu(net->mib.tls_statistics);
1095}
1096
1097static struct pernet_operations tls_proc_ops = {
1098 .init = tls_init_net,
1099 .exit = tls_exit_net,
1100};
1101
3c4d7559
DW		 1102static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = {
1103 .name = "tls",
1104 .owner = THIS_MODULE,
1105 .init = tls_init,
95fa1454 1106 .update = tls_update,
26811cc9
DC		 1107 .get_info = tls_get_info,
1108 .get_info_size = tls_get_info_size,
3c4d7559
DW		 1109};
1110
1111static int __init tls_register(void)
1112{
d26b698d
JK		 1113 int err;
1114
1115 err = register_pernet_subsys(&tls_proc_ops);
1116 if (err)
1117 return err;
1118
84c61fe1
JK		 1119 err = tls_strp_dev_init();
1120 if (err)
1121 goto err_pernet;
1122
3d8c51b2 1123 err = tls_device_init();
84c61fe1
JK		 1124 if (err)
1125 goto err_strp;
3d8c51b2 1126
3c4d7559
DW		 1127 tcp_register_ulp(&tcp_tls_ulp_ops);
1128
1129 return 0;
84c61fe1
JK		 1130err_strp:
1131 tls_strp_dev_exit();
1132err_pernet:
1133 unregister_pernet_subsys(&tls_proc_ops);
1134 return err;
3c4d7559
DW		 1135}
1136
1137static void __exit tls_unregister(void)
1138{
1139 tcp_unregister_ulp(&tcp_tls_ulp_ops);
84c61fe1 1140 tls_strp_dev_exit();
e8f69799 1141 tls_device_cleanup();
d26b698d 1142 unregister_pernet_subsys(&tls_proc_ops);
3c4d7559
DW		 1143}
1144
1145module_init(tls_register);
1146module_exit(tls_unregister);
Linux 6.x block layer and io_uring tree(s)