releases/5.0.10/net-tls-fix-the-iv-leaks.patch

   1 From foo@baz Sat Apr 20 16:43:09 CEST 2019
   2 From: Jakub Kicinski <jakub.kicinski@netronome.com>
   3 Date: Wed, 10 Apr 2019 11:04:30 -0700
   4 Subject: net/tls: fix the IV leaks
   5
   6 From: Jakub Kicinski <jakub.kicinski@netronome.com>
   7
   8 [ Upstream commit 5a03bc73abed6ae196c15e9950afde19d48be12c ]
   9
  10 Commit f66de3ee2c16 ("net/tls: Split conf to rx + tx") made
  11 freeing of IV and record sequence number conditional to SW
  12 path only, but commit e8f69799810c ("net/tls: Add generic NIC
  13 offload infrastructure") also allocates that state for the
  14 device offload configuration.  Remember to free it.
  15
  16 Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure")
  17 Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
  18 Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
  19 Reviewed-by: Simon Horman <simon.horman@netronome.com>
  20 Signed-off-by: David S. Miller <davem@davemloft.net>
  21 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  22 ---
  23  net/tls/tls_device.c |    5 ++++-
  24  1 file changed, 4 insertions(+), 1 deletion(-)
  25
  26 --- a/net/tls/tls_device.c
  27 +++ b/net/tls/tls_device.c
  28 @@ -52,8 +52,11 @@ static DEFINE_SPINLOCK(tls_device_lock);
  29
  30  static void tls_device_free_ctx(struct tls_context *ctx)
  31  {
  32 -       if (ctx->tx_conf == TLS_HW)
  33 +       if (ctx->tx_conf == TLS_HW) {
  34                 kfree(tls_offload_ctx_tx(ctx));
  35 +               kfree(ctx->tx.rec_seq);
  36 +               kfree(ctx->tx.iv);
  37 +       }
  38
  39         if (ctx->rx_conf == TLS_HW)
  40                 kfree(tls_offload_ctx_rx(ctx));