diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -297,7 +297,6 @@ static MALLOC_DEFINE(M_KTLS, "ktls", "Kernel TLS"); -static void ktls_cleanup(struct ktls_session *tls); #if defined(INET) || defined(INET6) static void ktls_reset_receive_tag(void *context, int pending); static void ktls_reset_send_tag(void *context, int pending); @@ -784,76 +783,6 @@ return (tls_new); } -#endif - -static void -ktls_cleanup(struct ktls_session *tls) -{ - - counter_u64_add(ktls_offload_active, -1); - switch (tls->mode) { - case TCP_TLS_MODE_SW: - switch (tls->params.cipher_algorithm) { - case CRYPTO_AES_CBC: - counter_u64_add(ktls_sw_cbc, -1); - break; - case CRYPTO_AES_NIST_GCM_16: - counter_u64_add(ktls_sw_gcm, -1); - break; - case CRYPTO_CHACHA20_POLY1305: - counter_u64_add(ktls_sw_chacha20, -1); - break; - } - break; - case TCP_TLS_MODE_IFNET: - switch (tls->params.cipher_algorithm) { - case CRYPTO_AES_CBC: - counter_u64_add(ktls_ifnet_cbc, -1); - break; - case CRYPTO_AES_NIST_GCM_16: - counter_u64_add(ktls_ifnet_gcm, -1); - break; - case CRYPTO_CHACHA20_POLY1305: - counter_u64_add(ktls_ifnet_chacha20, -1); - break; - } - if (tls->snd_tag != NULL) - m_snd_tag_rele(tls->snd_tag); - if (tls->rx_ifp != NULL) - if_rele(tls->rx_ifp); - break; -#ifdef TCP_OFFLOAD - case TCP_TLS_MODE_TOE: - switch (tls->params.cipher_algorithm) { - case CRYPTO_AES_CBC: - counter_u64_add(ktls_toe_cbc, -1); - break; - case CRYPTO_AES_NIST_GCM_16: - counter_u64_add(ktls_toe_gcm, -1); - break; - case CRYPTO_CHACHA20_POLY1305: - counter_u64_add(ktls_toe_chacha20, -1); - break; - } - break; -#endif - } - if (tls->ocf_session != NULL) - ktls_ocf_free(tls); - if (tls->params.auth_key != NULL) { - zfree(tls->params.auth_key, M_KTLS); - tls->params.auth_key = NULL; - tls->params.auth_key_len = 0; - } - if (tls->params.cipher_key != NULL) { - zfree(tls->params.cipher_key, M_KTLS); - tls->params.cipher_key = NULL; - tls->params.cipher_key_len = 0; - } - explicit_bzero(tls->params.iv, sizeof(tls->params.iv)); -} - -#if defined(INET) || defined(INET6) #ifdef TCP_OFFLOAD static int @@ -1864,6 +1793,7 @@ void ktls_destroy(struct ktls_session *tls) { + MPASS(tls->refcount == 0); if (tls->sequential_records) { struct mbuf *m, *n; @@ -1879,7 +1809,69 @@ } } } - ktls_cleanup(tls); + + counter_u64_add(ktls_offload_active, -1); + switch (tls->mode) { + case TCP_TLS_MODE_SW: + switch (tls->params.cipher_algorithm) { + case CRYPTO_AES_CBC: + counter_u64_add(ktls_sw_cbc, -1); + break; + case CRYPTO_AES_NIST_GCM_16: + counter_u64_add(ktls_sw_gcm, -1); + break; + case CRYPTO_CHACHA20_POLY1305: + counter_u64_add(ktls_sw_chacha20, -1); + break; + } + break; + case TCP_TLS_MODE_IFNET: + switch (tls->params.cipher_algorithm) { + case CRYPTO_AES_CBC: + counter_u64_add(ktls_ifnet_cbc, -1); + break; + case CRYPTO_AES_NIST_GCM_16: + counter_u64_add(ktls_ifnet_gcm, -1); + break; + case CRYPTO_CHACHA20_POLY1305: + counter_u64_add(ktls_ifnet_chacha20, -1); + break; + } + if (tls->snd_tag != NULL) + m_snd_tag_rele(tls->snd_tag); + if (tls->rx_ifp != NULL) + if_rele(tls->rx_ifp); + break; +#ifdef TCP_OFFLOAD + case TCP_TLS_MODE_TOE: + switch (tls->params.cipher_algorithm) { + case CRYPTO_AES_CBC: + counter_u64_add(ktls_toe_cbc, -1); + break; + case CRYPTO_AES_NIST_GCM_16: + counter_u64_add(ktls_toe_gcm, -1); + break; + case CRYPTO_CHACHA20_POLY1305: + counter_u64_add(ktls_toe_chacha20, -1); + break; + } + break; +#endif + } + if (tls->ocf_session != NULL) + ktls_ocf_free(tls); + if (tls->params.auth_key != NULL) { + zfree(tls->params.auth_key, M_KTLS); + tls->params.auth_key = NULL; + tls->params.auth_key_len = 0; + } + if (tls->params.cipher_key != NULL) { + zfree(tls->params.cipher_key, M_KTLS); + tls->params.cipher_key = NULL; + tls->params.cipher_key_len = 0; + } + explicit_bzero(tls->params.iv, sizeof(tls->params.iv)); + uma_zfree(ktls_session_zone, tls); }