| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5764.1537219964@warthog.procyon.org.uk>
Date: Mon, 17 Sep 2018 22:32:44 +0100
From: David Howells <dhowells@...hat.com>
To: Trond Myklebust <trondmy@...merspace.com>
Cc: dhowells@...hat.com,
"viro@...IV.linux.org.uk" <viro@...IV.linux.org.uk>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-afs@...ts.infradead.org" <linux-afs@...ts.infradead.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH 04/10] iov_iter: Add mapping and discard iterator types
Trond Myklebust <trondmy@...merspace.com> wrote:
> Another question that is relevant for most networked filesystems
> (including AFS, I believe), is how will you deal with encryption of the
> data you are transmitting? Encrypting and decrypting in-place directly
> in the page cache or in a userspace O_DIRECT mapped buffer might not be
> the best and most secure option, so won't you find yourself wanting to
> copy the data anyway?
For kAFS, the interface between kAFS and AF_RXRPC takes an iterator.
Currently, encryption is done in place on the sk_buffs inside AF_RXRPC, but
the goal I have in mind is to use the crypto operation to replace the copy
between sk_buff and buffer. This is tricky, however, as the encrypted payload
contains metadata as well as data and on reception I have to read the metadata
to find out how much data there actually is.
David
Powered by blists - more mailing lists