Commit 3142dbf0 authored by Paolo Abeni's avatar Paolo Abeni
Browse files

Merge branch 'tcp-ao-fixes' 

Dmitry Safonov says:

====================
TCP-AO fixes

Changes from v4:
- Dropped 2 patches on which there's no consensus. They will require
  more work TBD if they may made acceptable. Those are:
  o "net/tcp: Allow removing current/rnext TCP-AO keys on TCP_LISTEN sockets"
  o "net/tcp: Store SNEs + SEQs on ao_info"

Changes from v3:
- Don't restrict adding any keys on TCP-AO connection in VRF, but only
  the ones that don't match l3index (David)

Changes from v2:
- rwlocks are problematic in net code (Paolo)
  Changed the SNE code to avoid spin/rw locks on RX/TX fastpath by
  double-accounting SEQ numbers for TCP-AO enabled connections.

Changes from v1:
- Use tcp_can_repair_sock() helper to limit TCP_AO_REPAIR (Eric)
- Instead of hook to listen() syscall, allow removing current/rnext keys
  on TCP_LISTEN (addressing Eric's objection)
- Add sne_lock to protect snd_sne/rcv_sne
- Don't move used_tcp_ao in struct tcp_request_sock (Eric)

I've been working on TCP-AO key-rotation selftests and as a result
exercised some corner-cases that are not usually met in production.

Here are a bunch of semi-related fixes:
- Documentation typo (reported by Markus Elfring)
- Proper alignment for TCP-AO option in TCP header that has MAC length
  of non 4 bytes (now a selftest with randomized maclen/algorithm/etc
  passes)
- 3 uAPI restricting patches that disallow more things to userspace in
  order to prevent it shooting itself in any parts of the body
- SNEs READ_ONCE()/WRITE_ONCE() that went missing by my human factor
- Avoid storing MAC length from SYN header as SYN-ACK will use
  rnext_key.maclen (drops an extra check that fails on new selftests)
====================

Link: https://lore.kernel.org/r/


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parents 6b07b522 9396c4ee

Documentation/networking/tcp_ao.rst

+1 −1
Original line number Diff line number Diff line
@@ -99,7 +99,7 @@ also [6.1]:: 
   when it is no longer considered permitted.



Linux TCP-AO will try its best to prevent you from removing a key that's

being used, considering it a key management failure. But sine keeping

being used, considering it a key management failure. But since keeping

an outdated key may become a security issue and as a peer may

unintentionally prevent the removal of an old key by always setting

it as RNextKeyID - a forced key removal mechanism is provided, where

include/linux/tcp.h

+2 −6
Original line number Diff line number Diff line
@@ -169,7 +169,7 @@ struct tcp_request_sock { 
#ifdef CONFIG_TCP_AO

	u8				ao_keyid;

	u8				ao_rcv_next;

	u8				maclen;

	bool				used_tcp_ao;

#endif

};
@@ -180,14 +180,10 @@ static inline struct tcp_request_sock *tcp_rsk(const struct request_sock *req) 


static inline bool tcp_rsk_used_ao(const struct request_sock *req)

{

	/* The real length of MAC is saved in the request socket,

	 * signing anything with zero-length makes no sense, so here is

	 * a little hack..

	 */

#ifndef CONFIG_TCP_AO

	return false;

#else

	return tcp_rsk(req)->maclen != 0;

	return tcp_rsk(req)->used_tcp_ao;

#endif

}

include/net/tcp_ao.h

+6 −0
Original line number Diff line number Diff line
@@ -62,11 +62,17 @@ static inline int tcp_ao_maclen(const struct tcp_ao_key *key) 
	return key->maclen;

}



/* Use tcp_ao_len_aligned() for TCP header calculations */

static inline int tcp_ao_len(const struct tcp_ao_key *key)

{

	return tcp_ao_maclen(key) + sizeof(struct tcp_ao_hdr);

}



static inline int tcp_ao_len_aligned(const struct tcp_ao_key *key)

{

	return round_up(tcp_ao_len(key), 4);

}



static inline unsigned int tcp_ao_digest_size(struct tcp_ao_key *key)

{

	return key->digest_size;

net/ipv4/tcp.c

+6 −0
Original line number Diff line number Diff line
@@ -3610,6 +3610,10 @@ int do_tcp_setsockopt(struct sock *sk, int level, int optname, 
		break;



	case TCP_AO_REPAIR:

		if (!tcp_can_repair_sock(sk)) {

			err = -EPERM;

			break;

		}

		err = tcp_ao_set_repair(sk, optval, optlen);

		break;

#ifdef CONFIG_TCP_AO
@@ -4309,6 +4313,8 @@ int do_tcp_getsockopt(struct sock *sk, int level, 
	}

#endif

	case TCP_AO_REPAIR:

		if (!tcp_can_repair_sock(sk))

			return -EPERM;

		return tcp_ao_get_repair(sk, optval, optlen);

	case TCP_AO_GET_KEYS:

	case TCP_AO_INFO: {

net/ipv4/tcp_ao.c

+13 −4
Original line number Diff line number Diff line
@@ -851,7 +851,7 @@ void tcp_ao_syncookie(struct sock *sk, const struct sk_buff *skb, 
	const struct tcp_ao_hdr *aoh;

	struct tcp_ao_key *key;



	treq->maclen = 0;

	treq->used_tcp_ao = false;



	if (tcp_parse_auth_options(th, NULL, &aoh) || !aoh)

		return;
@@ -863,7 +863,7 @@ void tcp_ao_syncookie(struct sock *sk, const struct sk_buff *skb, 


	treq->ao_rcv_next = aoh->keyid;

	treq->ao_keyid = aoh->rnext_keyid;

	treq->maclen = tcp_ao_maclen(key);

	treq->used_tcp_ao = true;

}



static enum skb_drop_reason
@@ -1100,7 +1100,7 @@ void tcp_ao_connect_init(struct sock *sk) 
			ao_info->current_key = key;

		if (!ao_info->rnext_key)

			ao_info->rnext_key = key;

		tp->tcp_header_len += tcp_ao_len(key);

		tp->tcp_header_len += tcp_ao_len_aligned(key);



		ao_info->lisn = htonl(tp->write_seq);

		ao_info->snd_sne = 0;
@@ -1346,7 +1346,7 @@ static int tcp_ao_parse_crypto(struct tcp_ao_add *cmd, struct tcp_ao_key *key) 
	syn_tcp_option_space -= TCPOLEN_MSS_ALIGNED;

	syn_tcp_option_space -= TCPOLEN_TSTAMP_ALIGNED;

	syn_tcp_option_space -= TCPOLEN_WSCALE_ALIGNED;

	if (tcp_ao_len(key) > syn_tcp_option_space) {

	if (tcp_ao_len_aligned(key) > syn_tcp_option_space) {

		err = -EMSGSIZE;

		goto err_kfree;

	}
@@ -1608,6 +1608,15 @@ static int tcp_ao_add_cmd(struct sock *sk, unsigned short int family, 
		if (!dev || !l3index)

			return -EINVAL;



		if (!bound_dev_if || bound_dev_if != cmd.ifindex) {

			/* tcp_ao_established_key() doesn't expect having

			 * non peer-matching key on an established TCP-AO

			 * connection.

			 */

			if (!((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)))

				return -EINVAL;

		}



		/* It's still possible to bind after adding keys or even

		 * re-bind to a different dev (with CAP_NET_RAW).

		 * So, no reason to return error here, rather try to be