Commit deb2e484 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'net-handshake-fixes' 



Chuck Lever says:

====================
Bug fixes for net/handshake

Please consider these for merge via net-next.

Paolo observed that there is a possible leak of sock->file. I
haven't looked into that yet, but it seems to be separate from
the fixes in this series, so no need to hold these up.

Changes since v2:
- Address Paolo comment regarding handshake_dup()

Changes since v1:
- Rework "Fix handshake_dup() ref counting"
- Unpin sock->file when a handshake is cancelled
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 0fae8847 eefca7ec

Documentation/netlink/specs/handshake.yaml

+4 −0
Original line number Diff line number Diff line
@@ -68,6 +68,9 @@ attribute-sets: 
        type: nest

        nested-attributes: x509

        multi-attr: true

      -

        name: peername

        type: string

  -

    name: done

    attributes:
@@ -105,6 +108,7 @@ operations: 
            - auth-mode

            - peer-identity

            - certificate

            - peername

    -

      name: done

      doc: Handler reports handshake completion

Documentation/networking/tls-handshake.rst

+5 −0
Original line number Diff line number Diff line
@@ -53,6 +53,7 @@ fills in a structure that contains the parameters of the request: 
        struct socket   *ta_sock;

        tls_done_func_t ta_done;

        void            *ta_data;

        const char      *ta_peername;

        unsigned int    ta_timeout_ms;

        key_serial_t    ta_keyring;

        key_serial_t    ta_my_cert;
@@ -71,6 +72,10 @@ instantiated a struct file in sock->file. 
has completed. Further explanation of this function is in the "Handshake

Completion" sesction below.



The consumer can provide a NUL-terminated hostname in the @ta_peername

field that is sent as part of ClientHello. If no peername is provided,

the DNS hostname associated with the server's IP address is used instead.



The consumer can fill in the @ta_timeout_ms field to force the servicing

handshake agent to exit after a number of milliseconds. This enables the

socket to be fully closed once both the kernel and the handshake agent

include/net/handshake.h

+1 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ struct tls_handshake_args { 
	struct socket		*ta_sock;

	tls_done_func_t		ta_done;

	void			*ta_data;

	const char		*ta_peername;

	unsigned int		ta_timeout_ms;

	key_serial_t		ta_keyring;

	key_serial_t		ta_my_cert;

include/uapi/linux/handshake.h

+1 −0
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ enum { 
	HANDSHAKE_A_ACCEPT_AUTH_MODE,

	HANDSHAKE_A_ACCEPT_PEER_IDENTITY,

	HANDSHAKE_A_ACCEPT_CERTIFICATE,

	HANDSHAKE_A_ACCEPT_PEERNAME,



	__HANDSHAKE_A_ACCEPT_MAX,

	HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)

net/handshake/handshake.h

+1 −0
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ struct handshake_req { 
	struct list_head		hr_list;

	struct rhash_head		hr_rhash;

	unsigned long			hr_flags;

	struct file			*hr_file;

	const struct handshake_proto	*hr_proto;

	struct sock			*hr_sk;

	void				(*hr_odestruct)(struct sock *sk);