lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Dec 2017 18:10:10 +0100
From:   Jiri Pirko <jiri@...nulli.us>
To:     Ilya Lesokhin <ilyal@...lanox.com>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, davejwatson@...com,
        tom@...bertland.com, hannes@...essinduktion.org,
        borisp@...lanox.com, aviadye@...lanox.com, liranl@...lanox.com
Subject: Re: [PATCH v3 net-next 0/6] tls: Add generic NIC offload
 infrastructure

Mon, Dec 18, 2017 at 12:10:27PM CET, ilyal@...lanox.com wrote:
>Changes from v2:
>- Fix sk use after free and possible netdev use after free
>- tls device now keeps a refernce on the offloading netdev
>- tls device registers to the netdev notifer. 
>  Upon a NETDEV_DOWN event, offload is stopped and
>  the reference on the netdev is dropped.
>- SW fallback support for skb->ip_summed != CHECKSUM_PARTIAL 
>- Merged TLS patches are no longer part of this series.
>
>Changes from v1:
>- Remove the binding of the socket to a specific netdev 
>  through sk->sk_bound_dev_if.
>  Add a check in validate_xmit_skb to detect route changes
>  and call SW fallback code to do the crypto in software.
>- tls_get_record now returns the tls record sequence number.
>  This is required to support connections with rcd_sn != iv.
>- Bug fixes to the TLS code.
>
>This patchset adds a generic infrastructure to offload TLS crypto to a
>network devices.
>
>patches 1-2 Export functions that we need
>patch 3 adds infrastructue for offloaded socket fallback
>patches 4-5 add new NDOs and capabilities.
>patch 6 adds the TLS NIC offload infrastructure.
>
>Github with mlx5e TLS offload support:
>https://github.com/Mellanox/tls-offload/tree/tls_device_v3

I don't get it. You are pushing infra but not the actual driver part
who is consuming the infra? Why?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ