lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <201712191431.KGfH0D3q%fengguang.wu@intel.com>
Date:   Tue, 19 Dec 2017 15:00:26 +0800
From:   kbuild test robot <lkp@...el.com>
To:     Ilya Lesokhin <ilyal@...lanox.com>
Cc:     kbuild-all@...org, netdev@...r.kernel.org, davem@...emloft.net,
        davejwatson@...com, tom@...bertland.com,
        hannes@...essinduktion.org, borisp@...lanox.com,
        aviadye@...lanox.com, liranl@...lanox.com,
        Ilya Lesokhin <ilyal@...lanox.com>
Subject: Re: [PATCH v3 net-next 6/6] tls: Add generic NIC offload
 infrastructure.

Hi Ilya,

I love your patch! Perhaps something to improve:

[auto build test WARNING on net-next/master]

url:    https://github.com/0day-ci/linux/commits/Ilya-Lesokhin/tls-Add-generic-NIC-offload-infrastructure/20171219-140819
config: xtensa-allmodconfig (attached as .config)
compiler: xtensa-linux-gcc (GCC) 7.2.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=xtensa 

All warnings (new ones prefixed by >>):

   net//tls/tls_device_fallback.c: In function 'tls_sw_fallback':
>> net//tls/tls_device_fallback.c:360:1: warning: the frame size of 1040 bytes is larger than 1024 bytes [-Wframe-larger-than=]
    }
    ^

vim +360 net//tls/tls_device_fallback.c

   214	
   215	/* This function may be called after the user socket is already
   216	 * closed so make sure we don't use anything freed during
   217	 * tls_sk_proto_close here
   218	 */
   219	struct sk_buff *tls_sw_fallback(struct sock *sk, struct sk_buff *skb)
   220	{
   221		int tcp_header_size = tcp_hdrlen(skb);
   222		int tcp_payload_offset = skb_transport_offset(skb) + tcp_header_size;
   223		int payload_len = skb->len - tcp_payload_offset;
   224		struct tls_context *tls_ctx = tls_get_ctx(sk);
   225		struct tls_offload_context *ctx = tls_offload_ctx(tls_ctx);
   226		int remaining, buf_len, resync_sgs, rc, i = 0;
   227		void *buf, *dummy_buf, *iv, *aad;
   228		struct scatterlist sg_in[2 * (MAX_SKB_FRAGS + 1)];
   229		struct scatterlist sg_out[3];
   230		u32 tcp_seq = ntohl(tcp_hdr(skb)->seq);
   231		struct aead_request *aead_req;
   232		struct sk_buff *nskb = NULL;
   233		struct tls_record_info *record;
   234		unsigned long flags;
   235		s32 sync_size;
   236		u64 rcd_sn;
   237	
   238		if (!payload_len)
   239			return skb;
   240	
   241		sg_init_table(sg_in, ARRAY_SIZE(sg_in));
   242		sg_init_table(sg_out, ARRAY_SIZE(sg_out));
   243	
   244		spin_lock_irqsave(&ctx->lock, flags);
   245		record = tls_get_record(ctx, tcp_seq, &rcd_sn);
   246		if (!record) {
   247			spin_unlock_irqrestore(&ctx->lock, flags);
   248			WARN(1, "Record not found for seq %u\n", tcp_seq);
   249			goto free_orig;
   250		}
   251	
   252		sync_size = tcp_seq - tls_record_start_seq(record);
   253		if (sync_size < 0) {
   254			int is_start_marker = tls_record_is_start_marker(record);
   255	
   256			spin_unlock_irqrestore(&ctx->lock, flags);
   257			if (!is_start_marker)
   258			/* This should only occur if the relevant record was
   259			 * already acked. In that case it should be ok
   260			 * to drop the packet and avoid retransmission.
   261			 *
   262			 * There is a corner case where the packet contains
   263			 * both an acked and a non-acked record.
   264			 * We currently don't handle that case and rely
   265			 * on TCP to retranmit a packet that doesn't contain
   266			 * already acked payload.
   267			 */
   268				goto free_orig;
   269	
   270			if (payload_len > -sync_size) {
   271				WARN(1, "Fallback of partially offloaded packets is not supported\n");
   272				goto free_orig;
   273			} else {
   274				return skb;
   275			}
   276		}
   277	
   278		remaining = sync_size;
   279		while (remaining > 0) {
   280			skb_frag_t *frag = &record->frags[i];
   281	
   282			__skb_frag_ref(frag);
   283			sg_set_page(sg_in + i, skb_frag_page(frag),
   284				    skb_frag_size(frag), frag->page_offset);
   285	
   286			remaining -= skb_frag_size(frag);
   287	
   288			if (remaining < 0)
   289				sg_in[i].length += remaining;
   290	
   291			i++;
   292		}
   293		spin_unlock_irqrestore(&ctx->lock, flags);
   294		resync_sgs = i;
   295	
   296		aead_req = tls_alloc_aead_request(ctx->aead_send, GFP_ATOMIC);
   297		if (!aead_req)
   298			goto put_sg;
   299	
   300		buf_len = TLS_CIPHER_AES_GCM_128_SALT_SIZE +
   301			  TLS_CIPHER_AES_GCM_128_IV_SIZE +
   302			  TLS_AAD_SPACE_SIZE +
   303			  sync_size +
   304			  tls_ctx->tag_size;
   305		buf = kmalloc(buf_len, GFP_ATOMIC);
   306		if (!buf)
   307			goto free_req;
   308	
   309		nskb = alloc_skb(skb_headroom(skb) + skb->len, GFP_ATOMIC);
   310		if (!nskb)
   311			goto free_req;
   312	
   313		skb_reserve(nskb, skb_headroom(skb));
   314	
   315		iv = buf;
   316	
   317		memcpy(iv, tls_ctx->crypto_send_aes_gcm_128.salt,
   318		       TLS_CIPHER_AES_GCM_128_SALT_SIZE);
   319		aad = buf + TLS_CIPHER_AES_GCM_128_SALT_SIZE +
   320		      TLS_CIPHER_AES_GCM_128_IV_SIZE;
   321		dummy_buf = aad + TLS_AAD_SPACE_SIZE;
   322	
   323		sg_set_buf(&sg_out[0], dummy_buf, sync_size);
   324		sg_set_buf(&sg_out[1], nskb->data + tcp_payload_offset,
   325			   payload_len);
   326		/* Add room for authentication tag produced by crypto */
   327		dummy_buf += sync_size;
   328		sg_set_buf(&sg_out[2], dummy_buf, tls_ctx->tag_size);
   329		rc = skb_to_sgvec(skb, &sg_in[i], tcp_payload_offset,
   330				  payload_len);
   331		if (rc < 0)
   332			goto free_nskb;
   333	
   334		rc = tls_enc_records(aead_req, ctx->aead_send, sg_in, sg_out, aad, iv,
   335				     rcd_sn, sync_size + payload_len);
   336		if (rc < 0)
   337			goto free_nskb;
   338	
   339		complete_skb(nskb, skb, tcp_payload_offset);
   340	
   341		/* validate_xmit_skb_list assumes that if the skb wasn't segmented
   342		 * nskb->prev will point to the skb itself
   343		 */
   344		nskb->prev = nskb;
   345	free_buf:
   346		kfree(buf);
   347	free_req:
   348		kfree(aead_req);
   349	put_sg:
   350		for (i = 0; i < resync_sgs; i++)
   351			put_page(sg_page(&sg_in[i]));
   352	free_orig:
   353		kfree_skb(skb);
   354		return nskb;
   355	
   356	free_nskb:
   357		kfree_skb(nskb);
   358		nskb = NULL;
   359		goto free_buf;
 > 360	}
   361	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Download attachment ".config.gz" of type "application/gzip" (52638 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ