tls_strp.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /* Copyright (c) 2016 Tom Herbert <tom@herbertland.com> */
  3. #include <linux/skbuff.h>
  4. #include <linux/skbuff_ref.h>
  5. #include <linux/workqueue.h>
  6. #include <net/strparser.h>
  7. #include <net/tcp.h>
  8. #include <net/sock.h>
  9. #include <net/tls.h>
  10. #include "tls.h"
  11. static struct workqueue_struct *tls_strp_wq;
  12. void tls_strp_abort_strp(struct tls_strparser *strp, int err)
  13. {
  14. if (strp->stopped)
  15. return;
  16. strp->stopped = 1;
  17. /* Report an error on the lower socket */
  18. WRITE_ONCE(strp->sk->sk_err, -err);
  19. /* Paired with smp_rmb() in tcp_poll() */
  20. smp_wmb();
  21. sk_error_report(strp->sk);
  22. }
  23. static void tls_strp_anchor_free(struct tls_strparser *strp)
  24. {
  25. struct skb_shared_info *shinfo = skb_shinfo(strp->anchor);
  26. DEBUG_NET_WARN_ON_ONCE(atomic_read(&shinfo->dataref) != 1);
  27. if (!strp->copy_mode)
  28. shinfo->frag_list = NULL;
  29. consume_skb(strp->anchor);
  30. strp->anchor = NULL;
  31. }
  32. static struct sk_buff *
  33. tls_strp_skb_copy(struct tls_strparser *strp, struct sk_buff *in_skb,
  34. int offset, int len)
  35. {
  36. struct sk_buff *skb;
  37. int i, err;
  38. skb = alloc_skb_with_frags(0, len, TLS_PAGE_ORDER,
  39. &err, strp->sk->sk_allocation);
  40. if (!skb)
  41. return NULL;
  42. for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
  43. skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
  44. WARN_ON_ONCE(skb_copy_bits(in_skb, offset,
  45. skb_frag_address(frag),
  46. skb_frag_size(frag)));
  47. offset += skb_frag_size(frag);
  48. }
  49. skb->len = len;
  50. skb->data_len = len;
  51. skb_copy_header(skb, in_skb);
  52. return skb;
  53. }
  54. /* Create a new skb with the contents of input copied to its page frags */
  55. static struct sk_buff *tls_strp_msg_make_copy(struct tls_strparser *strp)
  56. {
  57. struct strp_msg *rxm;
  58. struct sk_buff *skb;
  59. skb = tls_strp_skb_copy(strp, strp->anchor, strp->stm.offset,
  60. strp->stm.full_len);
  61. if (!skb)
  62. return NULL;
  63. rxm = strp_msg(skb);
  64. rxm->offset = 0;
  65. return skb;
  66. }
  67. /* Steal the input skb, input msg is invalid after calling this function */
  68. struct sk_buff *tls_strp_msg_detach(struct tls_sw_context_rx *ctx)
  69. {
  70. struct tls_strparser *strp = &ctx->strp;
  71. #ifdef CONFIG_TLS_DEVICE
  72. DEBUG_NET_WARN_ON_ONCE(!strp->anchor->decrypted);
  73. #else
  74. /* This function turns an input into an output,
  75. * that can only happen if we have offload.
  76. */
  77. WARN_ON(1);
  78. #endif
  79. if (strp->copy_mode) {
  80. struct sk_buff *skb;
  81. /* Replace anchor with an empty skb, this is a little
  82. * dangerous but __tls_cur_msg() warns on empty skbs
  83. * so hopefully we'll catch abuses.
  84. */
  85. skb = alloc_skb(0, strp->sk->sk_allocation);
  86. if (!skb)
  87. return NULL;
  88. swap(strp->anchor, skb);
  89. return skb;
  90. }
  91. return tls_strp_msg_make_copy(strp);
  92. }
  93. /* Force the input skb to be in copy mode. The data ownership remains
  94. * with the input skb itself (meaning unpause will wipe it) but it can
  95. * be modified.
  96. */
  97. int tls_strp_msg_cow(struct tls_sw_context_rx *ctx)
  98. {
  99. struct tls_strparser *strp = &ctx->strp;
  100. struct sk_buff *skb;
  101. if (strp->copy_mode)
  102. return 0;
  103. skb = tls_strp_msg_make_copy(strp);
  104. if (!skb)
  105. return -ENOMEM;
  106. tls_strp_anchor_free(strp);
  107. strp->anchor = skb;
  108. tcp_read_done(strp->sk, strp->stm.full_len);
  109. strp->copy_mode = 1;
  110. return 0;
  111. }
  112. /* Make a clone (in the skb sense) of the input msg to keep a reference
  113. * to the underlying data. The reference-holding skbs get placed on
  114. * @dst.
  115. */
  116. int tls_strp_msg_hold(struct tls_strparser *strp, struct sk_buff_head *dst)
  117. {
  118. struct skb_shared_info *shinfo = skb_shinfo(strp->anchor);
  119. if (strp->copy_mode) {
  120. struct sk_buff *skb;
  121. WARN_ON_ONCE(!shinfo->nr_frags);
  122. /* We can't skb_clone() the anchor, it gets wiped by unpause */
  123. skb = alloc_skb(0, strp->sk->sk_allocation);
  124. if (!skb)
  125. return -ENOMEM;
  126. __skb_queue_tail(dst, strp->anchor);
  127. strp->anchor = skb;
  128. } else {
  129. struct sk_buff *iter, *clone;
  130. int chunk, len, offset;
  131. offset = strp->stm.offset;
  132. len = strp->stm.full_len;
  133. iter = shinfo->frag_list;
  134. while (len > 0) {
  135. if (iter->len <= offset) {
  136. offset -= iter->len;
  137. goto next;
  138. }
  139. chunk = iter->len - offset;
  140. offset = 0;
  141. clone = skb_clone(iter, strp->sk->sk_allocation);
  142. if (!clone)
  143. return -ENOMEM;
  144. __skb_queue_tail(dst, clone);
  145. len -= chunk;
  146. next:
  147. iter = iter->next;
  148. }
  149. }
  150. return 0;
  151. }
  152. static void tls_strp_flush_anchor_copy(struct tls_strparser *strp)
  153. {
  154. struct skb_shared_info *shinfo = skb_shinfo(strp->anchor);
  155. int i;
  156. DEBUG_NET_WARN_ON_ONCE(atomic_read(&shinfo->dataref) != 1);
  157. for (i = 0; i < shinfo->nr_frags; i++)
  158. __skb_frag_unref(&shinfo->frags[i], false);
  159. shinfo->nr_frags = 0;
  160. if (strp->copy_mode) {
  161. kfree_skb_list(shinfo->frag_list);
  162. shinfo->frag_list = NULL;
  163. }
  164. strp->copy_mode = 0;
  165. strp->mixed_decrypted = 0;
  166. }
  167. static int tls_strp_copyin_frag(struct tls_strparser *strp, struct sk_buff *skb,
  168. struct sk_buff *in_skb, unsigned int offset,
  169. size_t in_len)
  170. {
  171. unsigned int nfrag = skb->len / PAGE_SIZE;
  172. size_t len, chunk;
  173. skb_frag_t *frag;
  174. int sz;
  175. if (unlikely(nfrag >= skb_shinfo(skb)->nr_frags)) {
  176. DEBUG_NET_WARN_ON_ONCE(1);
  177. return -EMSGSIZE;
  178. }
  179. frag = &skb_shinfo(skb)->frags[nfrag];
  180. len = in_len;
  181. /* First make sure we got the header */
  182. if (!strp->stm.full_len) {
  183. /* Assume one page is more than enough for headers */
  184. chunk = min_t(size_t, len, PAGE_SIZE - skb_frag_size(frag));
  185. WARN_ON_ONCE(skb_copy_bits(in_skb, offset,
  186. skb_frag_address(frag) +
  187. skb_frag_size(frag),
  188. chunk));
  189. skb->len += chunk;
  190. skb->data_len += chunk;
  191. skb_frag_size_add(frag, chunk);
  192. sz = tls_rx_msg_size(strp, skb);
  193. if (sz < 0)
  194. return sz;
  195. /* We may have over-read, sz == 0 is guaranteed under-read */
  196. if (unlikely(sz && sz < skb->len)) {
  197. int over = skb->len - sz;
  198. WARN_ON_ONCE(over > chunk);
  199. skb->len -= over;
  200. skb->data_len -= over;
  201. skb_frag_size_add(frag, -over);
  202. chunk -= over;
  203. }
  204. frag++;
  205. len -= chunk;
  206. offset += chunk;
  207. strp->stm.full_len = sz;
  208. if (!strp->stm.full_len)
  209. goto read_done;
  210. }
  211. /* Load up more data */
  212. while (len && strp->stm.full_len > skb->len) {
  213. chunk = min_t(size_t, len, strp->stm.full_len - skb->len);
  214. chunk = min_t(size_t, chunk, PAGE_SIZE - skb_frag_size(frag));
  215. WARN_ON_ONCE(skb_copy_bits(in_skb, offset,
  216. skb_frag_address(frag) +
  217. skb_frag_size(frag),
  218. chunk));
  219. skb->len += chunk;
  220. skb->data_len += chunk;
  221. skb_frag_size_add(frag, chunk);
  222. frag++;
  223. len -= chunk;
  224. offset += chunk;
  225. }
  226. read_done:
  227. return in_len - len;
  228. }
  229. static int tls_strp_copyin_skb(struct tls_strparser *strp, struct sk_buff *skb,
  230. struct sk_buff *in_skb, unsigned int offset,
  231. size_t in_len)
  232. {
  233. struct sk_buff *nskb, *first, *last;
  234. struct skb_shared_info *shinfo;
  235. size_t chunk;
  236. int sz;
  237. if (strp->stm.full_len)
  238. chunk = strp->stm.full_len - skb->len;
  239. else
  240. chunk = TLS_MAX_PAYLOAD_SIZE + PAGE_SIZE;
  241. chunk = min(chunk, in_len);
  242. nskb = tls_strp_skb_copy(strp, in_skb, offset, chunk);
  243. if (!nskb)
  244. return -ENOMEM;
  245. shinfo = skb_shinfo(skb);
  246. if (!shinfo->frag_list) {
  247. shinfo->frag_list = nskb;
  248. nskb->prev = nskb;
  249. } else {
  250. first = shinfo->frag_list;
  251. last = first->prev;
  252. last->next = nskb;
  253. first->prev = nskb;
  254. }
  255. skb->len += chunk;
  256. skb->data_len += chunk;
  257. if (!strp->stm.full_len) {
  258. sz = tls_rx_msg_size(strp, skb);
  259. if (sz < 0)
  260. return sz;
  261. /* We may have over-read, sz == 0 is guaranteed under-read */
  262. if (unlikely(sz && sz < skb->len)) {
  263. int over = skb->len - sz;
  264. WARN_ON_ONCE(over > chunk);
  265. skb->len -= over;
  266. skb->data_len -= over;
  267. __pskb_trim(nskb, nskb->len - over);
  268. chunk -= over;
  269. }
  270. strp->stm.full_len = sz;
  271. }
  272. return chunk;
  273. }
  274. static int tls_strp_copyin(read_descriptor_t *desc, struct sk_buff *in_skb,
  275. unsigned int offset, size_t in_len)
  276. {
  277. struct tls_strparser *strp = (struct tls_strparser *)desc->arg.data;
  278. struct sk_buff *skb;
  279. int ret;
  280. if (strp->msg_ready)
  281. return 0;
  282. skb = strp->anchor;
  283. if (!skb->len)
  284. skb_copy_decrypted(skb, in_skb);
  285. else
  286. strp->mixed_decrypted |= !!skb_cmp_decrypted(skb, in_skb);
  287. if (IS_ENABLED(CONFIG_TLS_DEVICE) && strp->mixed_decrypted)
  288. ret = tls_strp_copyin_skb(strp, skb, in_skb, offset, in_len);
  289. else
  290. ret = tls_strp_copyin_frag(strp, skb, in_skb, offset, in_len);
  291. if (ret < 0) {
  292. desc->error = ret;
  293. ret = 0;
  294. }
  295. if (strp->stm.full_len && strp->stm.full_len == skb->len) {
  296. desc->count = 0;
  297. WRITE_ONCE(strp->msg_ready, 1);
  298. tls_rx_msg_ready(strp);
  299. }
  300. return ret;
  301. }
  302. static int tls_strp_read_copyin(struct tls_strparser *strp)
  303. {
  304. read_descriptor_t desc;
  305. desc.arg.data = strp;
  306. desc.error = 0;
  307. desc.count = 1; /* give more than one skb per call */
  308. /* sk should be locked here, so okay to do read_sock */
  309. tcp_read_sock(strp->sk, &desc, tls_strp_copyin);
  310. return desc.error;
  311. }
  312. static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort)
  313. {
  314. struct skb_shared_info *shinfo;
  315. struct page *page;
  316. int need_spc, len;
  317. /* If the rbuf is small or rcv window has collapsed to 0 we need
  318. * to read the data out. Otherwise the connection will stall.
  319. * Without pressure threshold of INT_MAX will never be ready.
  320. */
  321. if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX)))
  322. return 0;
  323. shinfo = skb_shinfo(strp->anchor);
  324. /* If we don't know the length go max plus page for cipher overhead */
  325. need_spc = strp->stm.full_len ?: TLS_MAX_PAYLOAD_SIZE + PAGE_SIZE;
  326. for (len = need_spc; len > 0; len -= PAGE_SIZE) {
  327. page = alloc_page(strp->sk->sk_allocation);
  328. if (!page) {
  329. tls_strp_flush_anchor_copy(strp);
  330. return -ENOMEM;
  331. }
  332. skb_fill_page_desc(strp->anchor, shinfo->nr_frags++,
  333. page, 0, 0);
  334. }
  335. shinfo->frag_list = NULL;
  336. strp->copy_mode = 1;
  337. strp->stm.offset = 0;
  338. strp->anchor->len = 0;
  339. strp->anchor->data_len = 0;
  340. strp->anchor->truesize = round_up(need_spc, PAGE_SIZE);
  341. tls_strp_read_copyin(strp);
  342. return 0;
  343. }
  344. static bool tls_strp_check_queue_ok(struct tls_strparser *strp)
  345. {
  346. unsigned int len = strp->stm.offset + strp->stm.full_len;
  347. struct sk_buff *first, *skb;
  348. u32 seq;
  349. first = skb_shinfo(strp->anchor)->frag_list;
  350. skb = first;
  351. seq = TCP_SKB_CB(first)->seq;
  352. /* Make sure there's no duplicate data in the queue,
  353. * and the decrypted status matches.
  354. */
  355. while (skb->len < len) {
  356. seq += skb->len;
  357. len -= skb->len;
  358. skb = skb->next;
  359. if (TCP_SKB_CB(skb)->seq != seq)
  360. return false;
  361. if (skb_cmp_decrypted(first, skb))
  362. return false;
  363. }
  364. return true;
  365. }
  366. static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, int len)
  367. {
  368. struct tcp_sock *tp = tcp_sk(strp->sk);
  369. struct sk_buff *first;
  370. u32 offset;
  371. first = tcp_recv_skb(strp->sk, tp->copied_seq, &offset);
  372. if (WARN_ON_ONCE(!first))
  373. return;
  374. /* Bestow the state onto the anchor */
  375. strp->anchor->len = offset + len;
  376. strp->anchor->data_len = offset + len;
  377. strp->anchor->truesize = offset + len;
  378. skb_shinfo(strp->anchor)->frag_list = first;
  379. skb_copy_header(strp->anchor, first);
  380. strp->anchor->destructor = NULL;
  381. strp->stm.offset = offset;
  382. }
  383. bool tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh)
  384. {
  385. struct strp_msg *rxm;
  386. struct tls_msg *tlm;
  387. DEBUG_NET_WARN_ON_ONCE(!strp->msg_ready);
  388. DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len);
  389. if (!strp->copy_mode && force_refresh) {
  390. if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) {
  391. WRITE_ONCE(strp->msg_ready, 0);
  392. memset(&strp->stm, 0, sizeof(strp->stm));
  393. return false;
  394. }
  395. tls_strp_load_anchor_with_queue(strp, strp->stm.full_len);
  396. }
  397. rxm = strp_msg(strp->anchor);
  398. rxm->full_len = strp->stm.full_len;
  399. rxm->offset = strp->stm.offset;
  400. tlm = tls_msg(strp->anchor);
  401. tlm->control = strp->mark;
  402. return true;
  403. }
  404. /* Called with lock held on lower socket */
  405. static int tls_strp_read_sock(struct tls_strparser *strp)
  406. {
  407. int sz, inq;
  408. inq = tcp_inq(strp->sk);
  409. if (inq < 1)
  410. return 0;
  411. if (unlikely(strp->copy_mode))
  412. return tls_strp_read_copyin(strp);
  413. if (inq < strp->stm.full_len)
  414. return tls_strp_read_copy(strp, true);
  415. tls_strp_load_anchor_with_queue(strp, inq);
  416. if (!strp->stm.full_len) {
  417. sz = tls_rx_msg_size(strp, strp->anchor);
  418. if (sz < 0)
  419. return sz;
  420. strp->stm.full_len = sz;
  421. if (!strp->stm.full_len || inq < strp->stm.full_len)
  422. return tls_strp_read_copy(strp, true);
  423. }
  424. if (!tls_strp_check_queue_ok(strp))
  425. return tls_strp_read_copy(strp, false);
  426. WRITE_ONCE(strp->msg_ready, 1);
  427. tls_rx_msg_ready(strp);
  428. return 0;
  429. }
  430. void tls_strp_check_rcv(struct tls_strparser *strp)
  431. {
  432. if (unlikely(strp->stopped) || strp->msg_ready)
  433. return;
  434. if (tls_strp_read_sock(strp) == -ENOMEM)
  435. queue_work(tls_strp_wq, &strp->work);
  436. }
  437. /* Lower sock lock held */
  438. void tls_strp_data_ready(struct tls_strparser *strp)
  439. {
  440. /* This check is needed to synchronize with do_tls_strp_work.
  441. * do_tls_strp_work acquires a process lock (lock_sock) whereas
  442. * the lock held here is bh_lock_sock. The two locks can be
  443. * held by different threads at the same time, but bh_lock_sock
  444. * allows a thread in BH context to safely check if the process
  445. * lock is held. In this case, if the lock is held, queue work.
  446. */
  447. if (sock_owned_by_user_nocheck(strp->sk)) {
  448. queue_work(tls_strp_wq, &strp->work);
  449. return;
  450. }
  451. tls_strp_check_rcv(strp);
  452. }
  453. static void tls_strp_work(struct work_struct *w)
  454. {
  455. struct tls_strparser *strp =
  456. container_of(w, struct tls_strparser, work);
  457. lock_sock(strp->sk);
  458. tls_strp_check_rcv(strp);
  459. release_sock(strp->sk);
  460. }
  461. void tls_strp_msg_done(struct tls_strparser *strp)
  462. {
  463. WARN_ON(!strp->stm.full_len);
  464. if (likely(!strp->copy_mode))
  465. tcp_read_done(strp->sk, strp->stm.full_len);
  466. else
  467. tls_strp_flush_anchor_copy(strp);
  468. WRITE_ONCE(strp->msg_ready, 0);
  469. memset(&strp->stm, 0, sizeof(strp->stm));
  470. tls_strp_check_rcv(strp);
  471. }
  472. void tls_strp_stop(struct tls_strparser *strp)
  473. {
  474. strp->stopped = 1;
  475. }
  476. int tls_strp_init(struct tls_strparser *strp, struct sock *sk)
  477. {
  478. memset(strp, 0, sizeof(*strp));
  479. strp->sk = sk;
  480. strp->anchor = alloc_skb(0, GFP_KERNEL);
  481. if (!strp->anchor)
  482. return -ENOMEM;
  483. INIT_WORK(&strp->work, tls_strp_work);
  484. return 0;
  485. }
  486. /* strp must already be stopped so that tls_strp_recv will no longer be called.
  487. * Note that tls_strp_done is not called with the lower socket held.
  488. */
  489. void tls_strp_done(struct tls_strparser *strp)
  490. {
  491. WARN_ON(!strp->stopped);
  492. cancel_work_sync(&strp->work);
  493. tls_strp_anchor_free(strp);
  494. }
  495. int __init tls_strp_dev_init(void)
  496. {
  497. tls_strp_wq = create_workqueue("tls-strp");
  498. if (unlikely(!tls_strp_wq))
  499. return -ENOMEM;
  500. return 0;
  501. }
  502. void tls_strp_dev_exit(void)
  503. {
  504. destroy_workqueue(tls_strp_wq);
  505. }