diff options
| author | David S. Miller <davem@davemloft.net> | 2019-05-22 12:21:44 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-05-22 12:21:44 -0700 |
| commit | 8f073036bf357867a612912eb4b7e58a9b768019 (patch) | |
| tree | 752d5cfd6c2b21e9b7e5e2f3b035940db70e4086 | |
| parent | 0d18c7bd931f86ccc6a1ab1d8b3b7b0a19b2598a (diff) | |
| parent | c3f4a6c39cf269a40d45f813c05fa830318ad875 (diff) | |
Merge branch 'net-tls-fix-device-surprise-removal-with-offload'
Jakub Kicinski says:
====================
net/tls: fix device surprise removal with offload
This series fixes two issues with device surprise removal.
First we need to take a read lock around resync, otherwise
netdev notifier handler may clear the structures from under
our feet.
Secondly we need to be careful about the interpretation
of device features. Offload has to be properly cleaned
up even if the TLS device features got cleared after
connection state was installed.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/tls/tls_device.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index ca54a7c7ec81..b95c408fd771 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -553,8 +553,8 @@ void tls_device_write_space(struct sock *sk, struct tls_context *ctx) void handle_device_resync(struct sock *sk, u32 seq, u64 rcd_sn) { struct tls_context *tls_ctx = tls_get_ctx(sk); - struct net_device *netdev = tls_ctx->netdev; struct tls_offload_context_rx *rx_ctx; + struct net_device *netdev; u32 is_req_pending; s64 resync_req; u32 req_seq; @@ -568,10 +568,15 @@ void handle_device_resync(struct sock *sk, u32 seq, u64 rcd_sn) is_req_pending = resync_req; if (unlikely(is_req_pending) && req_seq == seq && - atomic64_try_cmpxchg(&rx_ctx->resync_req, &resync_req, 0)) - netdev->tlsdev_ops->tls_dev_resync_rx(netdev, sk, - seq + TLS_HEADER_SIZE - 1, - rcd_sn); + atomic64_try_cmpxchg(&rx_ctx->resync_req, &resync_req, 0)) { + seq += TLS_HEADER_SIZE - 1; + down_read(&device_offload_lock); + netdev = tls_ctx->netdev; + if (netdev) + netdev->tlsdev_ops->tls_dev_resync_rx(netdev, sk, seq, + rcd_sn); + up_read(&device_offload_lock); + } } static int tls_device_reencrypt(struct sock *sk, struct sk_buff *skb) @@ -934,12 +939,6 @@ void tls_device_offload_cleanup_rx(struct sock *sk) if (!netdev) goto out; - if (!(netdev->features & NETIF_F_HW_TLS_RX)) { - pr_err_ratelimited("%s: device is missing NETIF_F_HW_TLS_RX cap\n", - __func__); - goto out; - } - netdev->tlsdev_ops->tls_dev_del(netdev, tls_ctx, TLS_OFFLOAD_CTX_DIR_RX); @@ -998,7 +997,8 @@ static int tls_dev_event(struct notifier_block *this, unsigned long event, { struct net_device *dev = netdev_notifier_info_to_dev(ptr); - if (!(dev->features & (NETIF_F_HW_TLS_RX | NETIF_F_HW_TLS_TX))) + if (!dev->tlsdev_ops && + !(dev->features & (NETIF_F_HW_TLS_RX | NETIF_F_HW_TLS_TX))) return NOTIFY_DONE; switch (event) { |