diff options
author | Ilya Lesokhin <ilyal@mellanox.com> | 2017-11-13 11:22:46 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-12-05 21:41:10 +0300 |
commit | 797b8bb47fb27ee49a3b59ad110e5264585415aa (patch) | |
tree | 7e43376df244a7e4a3563262713d0cbc5a26216d /include | |
parent | 25f03991a5210f31491e1e2fccec7cf0d080772e (diff) | |
download | linux-797b8bb47fb27ee49a3b59ad110e5264585415aa.tar.xz |
tls: Fix TLS ulp context leak, when TLS_TX setsockopt is not used.
commit ff45d820a2df163957ad8ab459b6eb6976144c18 upstream.
Previously the TLS ulp context would leak if we attached a TLS ulp
to a socket but did not use the TLS_TX setsockopt,
or did use it but it failed.
This patch solves the issue by overriding prot[TLS_BASE_TX].close
and fixing tls_sk_proto_close to work properly
when its called with ctx->tx_conf == TLS_BASE_TX.
This patch also removes ctx->free_resources as we can use ctx->tx_conf
to obtain the relevant information.
Fixes: 3c4d7559159b ('tls: kernel TLS support')
Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 4.14: Keep using tls_ctx_free() as introduced by
the earlier backport of "tls: zero the crypto information from
tls_context before freeing"]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/tls.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/tls.h b/include/net/tls.h index 0c3ab2af74d3..604fd982da19 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -106,7 +106,6 @@ struct tls_context { u16 pending_open_record_frags; int (*push_pending_record)(struct sock *sk, int flags); - void (*free_resources)(struct sock *sk); void (*sk_write_space)(struct sock *sk); void (*sk_proto_close)(struct sock *sk, long timeout); @@ -131,6 +130,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size); int tls_sw_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags); void tls_sw_close(struct sock *sk, long timeout); +void tls_sw_free_tx_resources(struct sock *sk); void tls_sk_destruct(struct sock *sk, struct tls_context *ctx); void tls_icsk_clean_acked(struct sock *sk); |