tcp: switch tcp_fastopen key generation to net_get_random_once

Changed key initialization of tcp_fastopen cookies to net_get_random_once.

If the user sets a custom key net_get_random_once must be called at
least once to ensure we don't overwrite the user provided key when the
first cookie is generated later on.

Cc: Yuchung Cheng <ycheng@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/tcp.h b/include/net/tcp.h
index f30326f1c92b4d6235ae539c3848106c27a3f21c..b12e29a7659044623b51b729d524a5ecde7e6a8e 100644 (file)
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1322,7 +1322,7 @@ extern struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
 int tcp_fastopen_reset_cipher(void *key, unsigned int len);
 void tcp_fastopen_cookie_gen(__be32 src, __be32 dst,
                             struct tcp_fastopen_cookie *foc);
-
+void tcp_fastopen_init_key_once(bool publish);
 #define TCP_FASTOPEN_KEY_LENGTH 16
 
 /* Fastopen key context */

diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index c08f096d46b5ec83f379e84e6a5bd32e0088c22f..4b161d5aba0b4123e027015a31c6214d501cee4a 100644 (file)
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -274,6 +274,11 @@ static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write,
                        ret = -EINVAL;
                        goto bad_key;
                }
+               /* Generate a dummy secret but don't publish it. This
+                * is needed so we don't regenerate a new key on the
+                * first invocation of tcp_fastopen_cookie_gen
+                */
+               tcp_fastopen_init_key_once(false);
                tcp_fastopen_reset_cipher(user_key, TCP_FASTOPEN_KEY_LENGTH);
        }
 

diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index ab7bd35bb312c6e9e07aa2950d75ec4bbc982eac..766032b4a6c39b9894c95b5eeef1689e355605ff 100644 (file)
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -14,6 +14,20 @@ struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
 
 static DEFINE_SPINLOCK(tcp_fastopen_ctx_lock);
 
+void tcp_fastopen_init_key_once(bool publish)
+{
+       static u8 key[TCP_FASTOPEN_KEY_LENGTH];
+
+       /* tcp_fastopen_reset_cipher publishes the new context
+        * atomically, so we allow this race happening here.
+        *
+        * All call sites of tcp_fastopen_cookie_gen also check
+        * for a valid cookie, so this is an acceptable risk.
+        */
+       if (net_get_random_once(key, sizeof(key)) && publish)
+               tcp_fastopen_reset_cipher(key, sizeof(key));
+}
+
 static void tcp_fastopen_ctx_free(struct rcu_head *head)
 {
        struct tcp_fastopen_context *ctx =
@@ -70,6 +84,8 @@ void tcp_fastopen_cookie_gen(__be32 src, __be32 dst,
        __be32 path[4] = { src, dst, 0, 0 };
        struct tcp_fastopen_context *ctx;
 
+       tcp_fastopen_init_key_once(true);
+
        rcu_read_lock();
        ctx = rcu_dereference(tcp_fastopen_ctx);
        if (ctx) {
@@ -78,14 +94,3 @@ void tcp_fastopen_cookie_gen(__be32 src, __be32 dst,
        }
        rcu_read_unlock();
 }
-
-static int __init tcp_fastopen_init(void)
-{
-       __u8 key[TCP_FASTOPEN_KEY_LENGTH];
-
-       get_random_bytes(key, sizeof(key));
-       tcp_fastopen_reset_cipher(key, sizeof(key));
-       return 0;
-}
-
-late_initcall(tcp_fastopen_init);