On 11/5/2020 6:46 AM, Jakub Kicinski wrote:
On Tue, 3 Nov 2020 16:17:03 +0530 Vinay Kumar Yadav wrote:user can initialize tls ulp using setsockopt call on socket before listen() in case of tls-toe (TLS_HW_RECORD) and same setsockopt call on connected socket in case of kernel tls (TLS_SW). In presence of tls-toe devices, TLS ulp is initialized, tls context is allocated per listen socket and socket is listening at adapter as well as kernel tcp stack. now consider the scenario, connections are established in kernel stack. on every connection close which is established in kernel stack, it clears tls context which is created on listen socket causing kernel panic. Addressed the issue by setting child socket to base (non TLS ULP) when tls ulp is initialized on parent socket (listen socket). Fixes: 76f7164d02d4 ("net/tls: free ctx in sock destruct") Signed-off-by: Vinay Kumar Yadav <vinay.ya...@chelsio.com>We should prevent from the socket getting into LISTEN state in the first place. Can we make a copy of proto_ops (like tls_sw_proto_ops) and set listen to sock_no_listen?
Once tls-toe (TLS_HW_RECORD) is configured on a socket, listen() call from user on same socket will create hash at two places.
tls_toe_hash() ---> ctx->sk_proto->hash(sk); dev->hash(dev, sk); when connection establishes, same sock is cloned in case of both (connection in adapter or kernel stack). Please suggest if we can handle it other way?
