lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20180924.122618.1418901464036152090.davem@davemloft.net>
Date:   Mon, 24 Sep 2018 12:26:18 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     vakul.garg@....com
Cc:     netdev@...r.kernel.org, borisp@...lanox.com, aviadye@...lanox.com,
        davejwatson@...com, doronrk@...com
Subject: Re: [PATCH net-next] net/tls: Fixed race condition in async
 encryption

From: Vakul Garg <vakul.garg@....com>
Date: Mon, 24 Sep 2018 15:35:56 +0530

> On processors with multi-engine crypto accelerators, it is possible that
> multiple records get encrypted in parallel and their encryption
> completion is notified to different cpus in multicore processor. This
> leads to the situation where tls_encrypt_done() starts executing in
> parallel on different cores. In current implementation, encrypted
> records are queued to tx_ready_list in tls_encrypt_done(). This requires
> addition to linked list 'tx_ready_list' to be protected. As
> tls_decrypt_done() could be executing in irq content, it is not possible
> to protect linked list addition operation using a lock.
> 
> To fix the problem, we remove linked list addition operation from the
> irq context. We do tx_ready_list addition/removal operation from
> application context only and get rid of possible multiple access to
> the linked list. Before starting encryption on the record, we add it to
> the tail of tx_ready_list. To prevent tls_tx_records() from transmitting
> it, we mark the record with a new flag 'tx_ready' in 'struct tls_rec'.
> When record encryption gets completed, tls_encrypt_done() has to only
> update the 'tx_ready' flag to true & linked list add operation is not
> required.
> 
> The changed logic brings some other side benefits. Since the records
> are always submitted in tls sequence number order for encryption, the
> tx_ready_list always remains sorted and addition of new records to it
> does not have to traverse the linked list.
> 
> Lastly, we renamed tx_ready_list in 'struct tls_sw_context_tx' to
> 'tx_list'. This is because now, the some of the records at the tail are
> not ready to transmit.
> 
> Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption")
> Signed-off-by: Vakul Garg <vakul.garg@....com>

Applied.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ