From patchwork Sat May 6 00:45:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13233197 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53F79621; Sat, 6 May 2023 00:45:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B7456C433EF; Sat, 6 May 2023 00:45:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683333946; bh=UGhqSuV6JX3lX5Q1zPu27/jaTssPmiyfw7JooAHm4xA=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=MgWYZCUU7PQAvNZToLXNYbEwdqpEnQNENkBOQE5gqbTLWUTUUhWHjXsKotw20Z7QG AcQ0M8Jk97v0QdrsBa1GAchvV/WpNicow8N2jzB4CPALmA0447CyLiHxBV4+YVULem UYGx4CevZ/EUSFp28NT0U1+daSOSl+Tmh5BCwKrajOadFvaNRWCjpILSm4OLvBM5JH 4QMXIG9dR8pKgGU5mQu0k1cEZSV/0PAThgOjfOr3ihZrhfuQiLah/+Glexiz1oA/jp Cguz3ETUYzBowovEQTU62IcHYuBwaf8Iyr9qLU9wYxp0M11WlzA3YCcikaeJXN+ZoL ZZHI6Ax3pmkIg== Subject: [PATCH v2 1/6] net/handshake: Remove unneeded check from handshake_dup() From: Chuck Lever To: kernel-tls-handshake@lists.linux.dev Cc: netdev@vger.kernel.org, dan.carpenter@linaro.org Date: Fri, 05 May 2023 20:45:34 -0400 Message-ID: <168333392465.7813.6150331019194277990.stgit@oracle-102.nfsv4bat.org> In-Reply-To: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> References: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> User-Agent: StGit/1.5 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Chuck Lever handshake_req_submit() now verifies that the socket has a file. Fixes: 3b3009ea8abb ("net/handshake: Create a NETLINK service for handling handshake requests") Reviewed-by: Simon Horman Signed-off-by: Chuck Lever Reviewed-by: Leon Romanovsky --- net/handshake/netlink.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/handshake/netlink.c b/net/handshake/netlink.c index 35c9c445e0b8..7ec8a76c3c8a 100644 --- a/net/handshake/netlink.c +++ b/net/handshake/netlink.c @@ -99,9 +99,6 @@ static int handshake_dup(struct socket *sock) struct file *file; int newfd; - if (!sock->file) - return -EBADF; - file = get_file(sock->file); newfd = get_unused_fd_flags(O_CLOEXEC); if (newfd < 0) { From patchwork Sat May 6 00:46:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13233198 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2B60621; Sat, 6 May 2023 00:46:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C029C433D2; Sat, 6 May 2023 00:46:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683333972; bh=ZCsRoT7DHUOwvfQisN/eN6hX0iIyuVSFHVTheC00DTg=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=tQD4kOrTbm/O7IjFXyDmg60ok8lWzT1hSnaGwm5uziMlIu/iAnXTrrAMv40lPjiX8 7KzSoEBvayGQUabAtsyPeJWx8CE6sp3i79jJBtWj89tbP3Xyi98z/ukHh34Kx0oizE gu2YO/rxDYOEfdpIwEBdFwMhufJKAeNHPzq+cdDeHhEPksrcEcT3c0LXPBLCX0Dlyj HWnsquRlRZ0IJtYZlDvZGtyJVNMKqISgeWki/yDRCj5gpiR3pYomQQ6ek8NlyOe3N0 UxTWZChgXM8Jswqd4E+PNgxEQH/xWY9jAwqIfQuzA86jn4aatJPL/Pey8jPNhRIzpL AttIEAWKG3FqA== Subject: [PATCH v2 2/6] net/handshake: Fix handshake_dup() ref counting From: Chuck Lever To: kernel-tls-handshake@lists.linux.dev Cc: netdev@vger.kernel.org, dan.carpenter@linaro.org Date: Fri, 05 May 2023 20:46:01 -0400 Message-ID: <168333395123.7813.7077088598355438510.stgit@oracle-102.nfsv4bat.org> In-Reply-To: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> References: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> User-Agent: StGit/1.5 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Chuck Lever If get_unused_fd_flags() fails, we ended up calling fput(sock->file) twice. Reported-by: Dan Carpenter Fixes: 3b3009ea8abb ("net/handshake: Create a NETLINK service for handling handshake requests") Signed-off-by: Chuck Lever Reviewed-by: Simon Horman --- net/handshake/netlink.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/net/handshake/netlink.c b/net/handshake/netlink.c index 7ec8a76c3c8a..032d96152e2f 100644 --- a/net/handshake/netlink.c +++ b/net/handshake/netlink.c @@ -101,10 +101,8 @@ static int handshake_dup(struct socket *sock) file = get_file(sock->file); newfd = get_unused_fd_flags(O_CLOEXEC); - if (newfd < 0) { - fput(file); + if (newfd < 0) return newfd; - } fd_install(newfd, file); return newfd; From patchwork Sat May 6 00:46:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13233199 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 45FE8621; Sat, 6 May 2023 00:46:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BBACFC433D2; Sat, 6 May 2023 00:46:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683333999; bh=ZAkmkq+aTuI735T8ACAAM8XAarYEEBTyx4dDrbx31Dw=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=Mzr38cLgXUf12dbjt0u17y+VFctVaOG7X2UywqBiWKYD91YT/9xo0f37E9NaoGOut 4H9Fz2SOTEHbCK+m2g7mlwWrMMuGsgnD5vFF30ROb9jXKXJnnDMvIneLrrcw+psyQa 0teR8mO/O5u0H6nFbDpNs/+1fnvtRSw+SIUXXmVqreVMq9x15XkpMRme5+MxdM1qTd DWL+QrpJjQvsj3T7bPDI6SLTPp9P4AAKc4uvMqnrsq8iz8sR8xekBu0t168rm9aGh6 ThgOzD9snIgIPIEMgLCsqNE2BlhfEvcZF/0ecRjRtPlUz8rK3hs8sIJVpKujcILPL6 M2TxtpCk3V8OQ== Subject: [PATCH v2 3/6] net/handshake: Fix uninitialized local variable From: Chuck Lever To: kernel-tls-handshake@lists.linux.dev Cc: netdev@vger.kernel.org, dan.carpenter@linaro.org Date: Fri, 05 May 2023 20:46:27 -0400 Message-ID: <168333397774.7813.3273700580854407784.stgit@oracle-102.nfsv4bat.org> In-Reply-To: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> References: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> User-Agent: StGit/1.5 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Chuck Lever trace_handshake_cmd_done_err() simply records the pointer in @req, so initializing it to NULL is sufficient and safe. Reported-by: Dan Carpenter Fixes: 3b3009ea8abb ("net/handshake: Create a NETLINK service for handling handshake requests") Reviewed-by: Simon Horman Signed-off-by: Chuck Lever Reviewed-by: Leon Romanovsky --- net/handshake/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/handshake/netlink.c b/net/handshake/netlink.c index 032d96152e2f..11cc275d726a 100644 --- a/net/handshake/netlink.c +++ b/net/handshake/netlink.c @@ -154,8 +154,8 @@ int handshake_nl_accept_doit(struct sk_buff *skb, struct genl_info *info) int handshake_nl_done_doit(struct sk_buff *skb, struct genl_info *info) { struct net *net = sock_net(skb->sk); + struct handshake_req *req = NULL; struct socket *sock = NULL; - struct handshake_req *req; int fd, status, err; if (GENL_REQ_ATTR_CHECK(info, HANDSHAKE_A_DONE_SOCKFD)) From patchwork Sat May 6 00:46:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13233200 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3BC4621; Sat, 6 May 2023 00:47:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F4BEC433D2; Sat, 6 May 2023 00:47:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683334025; bh=VudGxq1D7OyOAMqXLSH6yW5wjYf40RGPSvsQrHbIwpU=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=oePL+z45mek07X87FKg02R/B0JiVTG/mdIraE7XvTpy1Effm8nbr9FUNxqnKGdOHO F2rIlhgb/hQFXQ9nWwiLKXTOdspV5Hl3l/cJg+uCIXxpVE6DrtWsx3cdYYToVop4CB JjEPq0JF+1WDvb0Dl+nhty5NUl1XMiVbfIrDK0gd8ly/l3BYwIE5UHDWZ+LOmAZJbp YMn1Jq4cb/9tm0wV0wtJehCH9BvG0mhD04nEb2mPsROk44LDtIAwtYO6ZZhbB+zkSe QBcxBFbMcedVqngRzWwAIkwdp/MwH+ghwMMcx7i+Wiy1/lk8ZjGgVvG6qmWR6IOett CZWqSTuryfPIQ== Subject: [PATCH v2 4/6] net/handshake: handshake_genl_notify() shouldn't ignore @flags From: Chuck Lever To: kernel-tls-handshake@lists.linux.dev Cc: netdev@vger.kernel.org, dan.carpenter@linaro.org Date: Fri, 05 May 2023 20:46:54 -0400 Message-ID: <168333400429.7813.12377237975512449615.stgit@oracle-102.nfsv4bat.org> In-Reply-To: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> References: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> User-Agent: StGit/1.5 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Chuck Lever Reported-by: Dan Carpenter Fixes: 3b3009ea8abb ("net/handshake: Create a NETLINK service for handling handshake requests") Reviewed-by: Simon Horman Signed-off-by: Chuck Lever Reviewed-by: Leon Romanovsky --- net/handshake/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/handshake/netlink.c b/net/handshake/netlink.c index 11cc275d726a..e865fcf68433 100644 --- a/net/handshake/netlink.c +++ b/net/handshake/netlink.c @@ -48,7 +48,7 @@ int handshake_genl_notify(struct net *net, const struct handshake_proto *proto, proto->hp_handler_class)) return -ESRCH; - msg = genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_KERNEL); + msg = genlmsg_new(GENLMSG_DEFAULT_SIZE, flags); if (!msg) return -ENOMEM; From patchwork Sat May 6 00:47:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13233201 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03B4F621; Sat, 6 May 2023 00:47:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 953D6C433D2; Sat, 6 May 2023 00:47:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683334044; bh=aDpweWMjQuVTT5Ut+AsOxd7z3mNVCL1824CEVBYrfIk=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=iNgUaQt/LdgF0Y6X2ljGI7Pdm62MeJUdIytZRAg7pLkodTYqjA5kafePIB37cOuuw gNOoSiSV/aCmYWgnJ/rWtOSe+xMgUoiYOZ4gOe6LGgdT6msnyX1Y1LjZtop+VApGRv arxUlPFBnbyysPUUNuqQCmP43qrU5lIy6QQbzuyninhy4qibi9/5/IaRvVjNJnn3Mn ZXAoqXxa2HMAlMZM+Z9rXBmoIiWCqFgCK5WTqkEh6tBE2F/XPcNi8AZw7Lpkz5zIii ODog0dQVIIR3+xyPP7iPshLXBB2jkbD3JxYu4PptWs7SsZnGlaYhzyWmMxP5s8gfSq JP36JSDFXxEjA== Subject: [PATCH v2 5/6] net/handshake: Unpin sock->file if a handshake is cancelled From: Chuck Lever To: kernel-tls-handshake@lists.linux.dev Cc: netdev@vger.kernel.org, dan.carpenter@linaro.org Date: Fri, 05 May 2023 20:47:13 -0400 Message-ID: <168333403089.7813.511134747683134976.stgit@oracle-102.nfsv4bat.org> In-Reply-To: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> References: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> User-Agent: StGit/1.5 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Chuck Lever If user space never calls DONE, sock->file's reference count remains elevated. Enable sock->file to be freed eventually in this case. Reported-by: Jakub Kacinski Fixes: 3b3009ea8abb ("net/handshake: Create a NETLINK service for handling handshake requests") Signed-off-by: Chuck Lever Reviewed-by: Simon Horman Reviewed-by: Leon Romanovsky --- net/handshake/handshake.h | 1 + net/handshake/request.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/net/handshake/handshake.h b/net/handshake/handshake.h index 4dac965c99df..8aeaadca844f 100644 --- a/net/handshake/handshake.h +++ b/net/handshake/handshake.h @@ -31,6 +31,7 @@ struct handshake_req { struct list_head hr_list; struct rhash_head hr_rhash; unsigned long hr_flags; + struct file *hr_file; const struct handshake_proto *hr_proto; struct sock *hr_sk; void (*hr_odestruct)(struct sock *sk); diff --git a/net/handshake/request.c b/net/handshake/request.c index 94d5cef3e048..d78d41abb3d9 100644 --- a/net/handshake/request.c +++ b/net/handshake/request.c @@ -239,6 +239,7 @@ int handshake_req_submit(struct socket *sock, struct handshake_req *req, } req->hr_odestruct = req->hr_sk->sk_destruct; req->hr_sk->sk_destruct = handshake_sk_destruct; + req->hr_file = sock->file; ret = -EOPNOTSUPP; net = sock_net(req->hr_sk); @@ -334,6 +335,9 @@ bool handshake_req_cancel(struct sock *sk) return false; } + /* Request accepted and waiting for DONE */ + fput(req->hr_file); + out_true: trace_handshake_cancel(net, req, sk); From patchwork Sat May 6 00:47:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13233202 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9FF12621; Sat, 6 May 2023 00:47:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C3B4C433D2; Sat, 6 May 2023 00:47:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683334071; bh=eTxFe8I0usIgXQc4fJI8zUjobHNfAGGIsd3NKKltHMQ=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=VoPlxoH+/9NOT+F5fs9KAOGn0+MjOe5UFJNBfH1tv2fqxLhsmKTfHtcdSV0tSrkdq g0clwzOkGin6jdAv+1bZEGK6NEDc/2GLqaB6fyJoh6eiO+cCzCuW47Mic9tT/gfMPq hQ7JQSOrnlaiPDDkjgBx4V1GggnrEW1A3tifw/fUbp8xdAYykkmmej6ug7XnN9gVrL HBtPx3socnUbW+wH04kAag0s55Bf/0kyggS2isoK8BZZ4zWlN8y8vQvWO3C/3yafDX LRra8BQ1Nrcy67oa7+L2hyz05cwVy/a6a9Jq0j3tGYZLNPNYVR+ouoR7Blrzh0WCur moPRmro1//Wew== Subject: [PATCH v2 6/6] net/handshake: Enable the SNI extension to work properly From: Chuck Lever To: kernel-tls-handshake@lists.linux.dev Cc: netdev@vger.kernel.org, dan.carpenter@linaro.org Date: Fri, 05 May 2023 20:47:40 -0400 Message-ID: <168333405010.7813.3126925595560504793.stgit@oracle-102.nfsv4bat.org> In-Reply-To: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> References: <168333373851.7813.11884763481187785511.stgit@oracle-102.nfsv4bat.org> User-Agent: StGit/1.5 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Chuck Lever Enable the upper layer protocol to specify the SNI peername. This avoids the need for tlshd to use a DNS lookup, which can return a hostname that doesn't match the incoming certificate's SubjectName. Fixes: 2fd5532044a8 ("net/handshake: Add a kernel API for requesting a TLSv1.3 handshake") Reviewed-by: Simon Horman Signed-off-by: Chuck Lever Reviewed-by: Leon Romanovsky --- Documentation/netlink/specs/handshake.yaml | 4 ++++ Documentation/networking/tls-handshake.rst | 5 +++++ include/net/handshake.h | 1 + include/uapi/linux/handshake.h | 1 + net/handshake/tlshd.c | 8 ++++++++ 5 files changed, 19 insertions(+) diff --git a/Documentation/netlink/specs/handshake.yaml b/Documentation/netlink/specs/handshake.yaml index 614f1a585511..6d89e30f5fd5 100644 --- a/Documentation/netlink/specs/handshake.yaml +++ b/Documentation/netlink/specs/handshake.yaml @@ -68,6 +68,9 @@ attribute-sets: type: nest nested-attributes: x509 multi-attr: true + - + name: peername + type: string - name: done attributes: @@ -105,6 +108,7 @@ operations: - auth-mode - peer-identity - certificate + - peername - name: done doc: Handler reports handshake completion diff --git a/Documentation/networking/tls-handshake.rst b/Documentation/networking/tls-handshake.rst index a2817a88e905..6f5ea1646a47 100644 --- a/Documentation/networking/tls-handshake.rst +++ b/Documentation/networking/tls-handshake.rst @@ -53,6 +53,7 @@ fills in a structure that contains the parameters of the request: struct socket *ta_sock; tls_done_func_t ta_done; void *ta_data; + const char *ta_peername; unsigned int ta_timeout_ms; key_serial_t ta_keyring; key_serial_t ta_my_cert; @@ -71,6 +72,10 @@ instantiated a struct file in sock->file. has completed. Further explanation of this function is in the "Handshake Completion" sesction below. +The consumer can provide a NUL-terminated hostname in the @ta_peername +field that is sent as part of ClientHello. If no peername is provided, +the DNS hostname associated with the server's IP address is used instead. + The consumer can fill in the @ta_timeout_ms field to force the servicing handshake agent to exit after a number of milliseconds. This enables the socket to be fully closed once both the kernel and the handshake agent diff --git a/include/net/handshake.h b/include/net/handshake.h index 3352b1ab43b3..2e26e436e85f 100644 --- a/include/net/handshake.h +++ b/include/net/handshake.h @@ -24,6 +24,7 @@ struct tls_handshake_args { struct socket *ta_sock; tls_done_func_t ta_done; void *ta_data; + const char *ta_peername; unsigned int ta_timeout_ms; key_serial_t ta_keyring; key_serial_t ta_my_cert; diff --git a/include/uapi/linux/handshake.h b/include/uapi/linux/handshake.h index 1de4d0b95325..3d7ea58778c9 100644 --- a/include/uapi/linux/handshake.h +++ b/include/uapi/linux/handshake.h @@ -44,6 +44,7 @@ enum { HANDSHAKE_A_ACCEPT_AUTH_MODE, HANDSHAKE_A_ACCEPT_PEER_IDENTITY, HANDSHAKE_A_ACCEPT_CERTIFICATE, + HANDSHAKE_A_ACCEPT_PEERNAME, __HANDSHAKE_A_ACCEPT_MAX, HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1) diff --git a/net/handshake/tlshd.c b/net/handshake/tlshd.c index fcbeb63b4eb1..b735f5cced2f 100644 --- a/net/handshake/tlshd.c +++ b/net/handshake/tlshd.c @@ -31,6 +31,7 @@ struct tls_handshake_req { int th_type; unsigned int th_timeout_ms; int th_auth_mode; + const char *th_peername; key_serial_t th_keyring; key_serial_t th_certificate; key_serial_t th_privkey; @@ -48,6 +49,7 @@ tls_handshake_req_init(struct handshake_req *req, treq->th_timeout_ms = args->ta_timeout_ms; treq->th_consumer_done = args->ta_done; treq->th_consumer_data = args->ta_data; + treq->th_peername = args->ta_peername; treq->th_keyring = args->ta_keyring; treq->th_num_peerids = 0; treq->th_certificate = TLS_NO_CERT; @@ -214,6 +216,12 @@ static int tls_handshake_accept(struct handshake_req *req, ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_MESSAGE_TYPE, treq->th_type); if (ret < 0) goto out_cancel; + if (treq->th_peername) { + ret = nla_put_string(msg, HANDSHAKE_A_ACCEPT_PEERNAME, + treq->th_peername); + if (ret < 0) + goto out_cancel; + } if (treq->th_timeout_ms) { ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_TIMEOUT, treq->th_timeout_ms); if (ret < 0)