lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 19 Dec 2017 11:30:10 +0100
From:   Jiri Pirko <jiri@...nulli.us>
To:     Ilya Lesokhin <ilyal@...lanox.com>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, davejwatson@...com,
        tom@...bertland.com, hannes@...essinduktion.org,
        borisp@...lanox.com, aviadye@...lanox.com, liranl@...lanox.com
Subject: Re: [PATCH v3 net-next 0/6] tls: Add generic NIC offload
 infrastructure

Mon, Dec 18, 2017 at 06:10:10PM CET, jiri@...nulli.us wrote:
>Mon, Dec 18, 2017 at 12:10:27PM CET, ilyal@...lanox.com wrote:
>>Changes from v2:
>>- Fix sk use after free and possible netdev use after free
>>- tls device now keeps a refernce on the offloading netdev
>>- tls device registers to the netdev notifer. 
>>  Upon a NETDEV_DOWN event, offload is stopped and
>>  the reference on the netdev is dropped.
>>- SW fallback support for skb->ip_summed != CHECKSUM_PARTIAL 
>>- Merged TLS patches are no longer part of this series.
>>
>>Changes from v1:
>>- Remove the binding of the socket to a specific netdev 
>>  through sk->sk_bound_dev_if.
>>  Add a check in validate_xmit_skb to detect route changes
>>  and call SW fallback code to do the crypto in software.
>>- tls_get_record now returns the tls record sequence number.
>>  This is required to support connections with rcd_sn != iv.
>>- Bug fixes to the TLS code.
>>
>>This patchset adds a generic infrastructure to offload TLS crypto to a
>>network devices.
>>
>>patches 1-2 Export functions that we need
>>patch 3 adds infrastructue for offloaded socket fallback
>>patches 4-5 add new NDOs and capabilities.
>>patch 6 adds the TLS NIC offload infrastructure.
>>
>>Github with mlx5e TLS offload support:
>>https://github.com/Mellanox/tls-offload/tree/tls_device_v3
>
>I don't get it. You are pushing infra but not the actual driver part
>who is consuming the infra? Why?

Okay. Since the driver that uses the API introduced by this patchset
is missing, this patchset should be marked as RFC.

Dave, I see that you were about to apply v2. I'm sure you missed this.
Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ