lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070402180717.GA32435@one.firstfloor.org>
Date:	Mon, 2 Apr 2007 20:07:17 +0200
From:	Andi Kleen <andi@...stfloor.org>
To:	Rick Jones <rick.jones2@...com>
Cc:	Andi Kleen <andi@...stfloor.org>,
	Aaron Lehmann <aaronl@...elus.com>, Jim Paris <jim@...n.com>,
	netdev@...r.kernel.org
Subject: Re: NIC data corruption

On Mon, Apr 02, 2007 at 10:46:00AM -0700, Rick Jones wrote:
> I changed the title to be more accurate, and culled the distribution to 
> individuals and netdev
> 
> The mention of trying to turn-off CKO and see if the data corruption 
> goes away leads me to ask a possibly "delicate" question:
> 
>   Should "Linux" only enable CKO on those NICs certified to have
>   ECC/parity throughout their _entire_ data path?

Even with reliable software checksumming you can have quite a lot of undetected
errors (there was a interesting study about this some years ago). 
If you really care about your data you should use SSL or some
other protocol with strong checksums.

That said it would probably make quite a lot of people unhappy
because it would make their NICs much slower and the occasional
bit error that is missed by the NIC is likely not a big issue for them.

What might be a good idea would to have some optional knob 
somewhere that allows to disable hardware checksumming for NICs
that are not trusted this way. But then someone would need to 
do the necessary research for the hundreds of NICs Linux support

Just providing a general global "disable hardware checksumming"
knob for the paranoid would be much easier. I guess that would
be a good idea.

-Andi

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ