Skip to content

Commit 1de5900

Browse files
committed
Merge branch 'bug-fixes-for-net-handshake'
Chuck Lever says: ==================== Bug fixes for net/handshake Paolo observed that there is a possible leak of sock->file. I haven't looked into that yet, but it seems to be separate from the fixes in this series, so no need to hold these up. ==================== The submissions mentions net-next but it means netdev (perhaps merge window left over when trees are converged). In any case, it should have gone into net, but was instead applied to net-next as commit deb2e48 ("Merge branch 'net-handshake-fixes'"). These are fixes tho, and Chuck needs them to make progress with the client so double-merging them into net... it is what it is :( Link: https://lore.kernel.org/r/168381978252.84244.1933636428135211300.stgit@91.116.238.104.host.secureserver.net Signed-off-by: Jakub Kicinski <[email protected]>
2 parents 0c615f1 + 26fb548 commit 1de5900

File tree

8 files changed

+29
-7
lines changed

8 files changed

+29
-7
lines changed

Documentation/netlink/specs/handshake.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,9 @@ attribute-sets:
6868
type: nest
6969
nested-attributes: x509
7070
multi-attr: true
71+
-
72+
name: peername
73+
type: string
7174
-
7275
name: done
7376
attributes:
@@ -105,6 +108,7 @@ operations:
105108
- auth-mode
106109
- peer-identity
107110
- certificate
111+
- peername
108112
-
109113
name: done
110114
doc: Handler reports handshake completion

Documentation/networking/tls-handshake.rst

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ fills in a structure that contains the parameters of the request:
5353
struct socket *ta_sock;
5454
tls_done_func_t ta_done;
5555
void *ta_data;
56+
const char *ta_peername;
5657
unsigned int ta_timeout_ms;
5758
key_serial_t ta_keyring;
5859
key_serial_t ta_my_cert;
@@ -71,6 +72,10 @@ instantiated a struct file in sock->file.
7172
has completed. Further explanation of this function is in the "Handshake
7273
Completion" sesction below.
7374

75+
The consumer can provide a NUL-terminated hostname in the @ta_peername
76+
field that is sent as part of ClientHello. If no peername is provided,
77+
the DNS hostname associated with the server's IP address is used instead.
78+
7479
The consumer can fill in the @ta_timeout_ms field to force the servicing
7580
handshake agent to exit after a number of milliseconds. This enables the
7681
socket to be fully closed once both the kernel and the handshake agent

include/net/handshake.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ struct tls_handshake_args {
2424
struct socket *ta_sock;
2525
tls_done_func_t ta_done;
2626
void *ta_data;
27+
const char *ta_peername;
2728
unsigned int ta_timeout_ms;
2829
key_serial_t ta_keyring;
2930
key_serial_t ta_my_cert;

include/uapi/linux/handshake.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ enum {
4444
HANDSHAKE_A_ACCEPT_AUTH_MODE,
4545
HANDSHAKE_A_ACCEPT_PEER_IDENTITY,
4646
HANDSHAKE_A_ACCEPT_CERTIFICATE,
47+
HANDSHAKE_A_ACCEPT_PEERNAME,
4748

4849
__HANDSHAKE_A_ACCEPT_MAX,
4950
HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)

net/handshake/handshake.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ struct handshake_req {
3131
struct list_head hr_list;
3232
struct rhash_head hr_rhash;
3333
unsigned long hr_flags;
34+
struct file *hr_file;
3435
const struct handshake_proto *hr_proto;
3536
struct sock *hr_sk;
3637
void (*hr_odestruct)(struct sock *sk);

net/handshake/netlink.c

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ int handshake_genl_notify(struct net *net, const struct handshake_proto *proto,
4848
proto->hp_handler_class))
4949
return -ESRCH;
5050

51-
msg = genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_KERNEL);
51+
msg = genlmsg_new(GENLMSG_DEFAULT_SIZE, flags);
5252
if (!msg)
5353
return -ENOMEM;
5454

@@ -99,9 +99,6 @@ static int handshake_dup(struct socket *sock)
9999
struct file *file;
100100
int newfd;
101101

102-
if (!sock->file)
103-
return -EBADF;
104-
105102
file = get_file(sock->file);
106103
newfd = get_unused_fd_flags(O_CLOEXEC);
107104
if (newfd < 0) {
@@ -142,15 +139,16 @@ int handshake_nl_accept_doit(struct sk_buff *skb, struct genl_info *info)
142139
goto out_complete;
143140
}
144141
err = req->hr_proto->hp_accept(req, info, fd);
145-
if (err)
142+
if (err) {
143+
fput(sock->file);
146144
goto out_complete;
145+
}
147146

148147
trace_handshake_cmd_accept(net, req, req->hr_sk, fd);
149148
return 0;
150149

151150
out_complete:
152151
handshake_complete(req, -EIO, NULL);
153-
fput(sock->file);
154152
out_status:
155153
trace_handshake_cmd_accept_err(net, req, NULL, err);
156154
return err;
@@ -159,8 +157,8 @@ int handshake_nl_accept_doit(struct sk_buff *skb, struct genl_info *info)
159157
int handshake_nl_done_doit(struct sk_buff *skb, struct genl_info *info)
160158
{
161159
struct net *net = sock_net(skb->sk);
160+
struct handshake_req *req = NULL;
162161
struct socket *sock = NULL;
163-
struct handshake_req *req;
164162
int fd, status, err;
165163

166164
if (GENL_REQ_ATTR_CHECK(info, HANDSHAKE_A_DONE_SOCKFD))

net/handshake/request.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -239,6 +239,7 @@ int handshake_req_submit(struct socket *sock, struct handshake_req *req,
239239
}
240240
req->hr_odestruct = req->hr_sk->sk_destruct;
241241
req->hr_sk->sk_destruct = handshake_sk_destruct;
242+
req->hr_file = sock->file;
242243

243244
ret = -EOPNOTSUPP;
244245
net = sock_net(req->hr_sk);
@@ -334,6 +335,9 @@ bool handshake_req_cancel(struct sock *sk)
334335
return false;
335336
}
336337

338+
/* Request accepted and waiting for DONE */
339+
fput(req->hr_file);
340+
337341
out_true:
338342
trace_handshake_cancel(net, req, sk);
339343

net/handshake/tlshd.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ struct tls_handshake_req {
3131
int th_type;
3232
unsigned int th_timeout_ms;
3333
int th_auth_mode;
34+
const char *th_peername;
3435
key_serial_t th_keyring;
3536
key_serial_t th_certificate;
3637
key_serial_t th_privkey;
@@ -48,6 +49,7 @@ tls_handshake_req_init(struct handshake_req *req,
4849
treq->th_timeout_ms = args->ta_timeout_ms;
4950
treq->th_consumer_done = args->ta_done;
5051
treq->th_consumer_data = args->ta_data;
52+
treq->th_peername = args->ta_peername;
5153
treq->th_keyring = args->ta_keyring;
5254
treq->th_num_peerids = 0;
5355
treq->th_certificate = TLS_NO_CERT;
@@ -214,6 +216,12 @@ static int tls_handshake_accept(struct handshake_req *req,
214216
ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_MESSAGE_TYPE, treq->th_type);
215217
if (ret < 0)
216218
goto out_cancel;
219+
if (treq->th_peername) {
220+
ret = nla_put_string(msg, HANDSHAKE_A_ACCEPT_PEERNAME,
221+
treq->th_peername);
222+
if (ret < 0)
223+
goto out_cancel;
224+
}
217225
if (treq->th_timeout_ms) {
218226
ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_TIMEOUT, treq->th_timeout_ms);
219227
if (ret < 0)

0 commit comments

Comments
 (0)