lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Nov 2018 12:25:01 +0300
From:   Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
To:     Saeed Mahameed <saeedm@...lanox.com>,
        "David S. Miller" <davem@...emloft.net>
Cc:     netdev@...r.kernel.org, Raed Salem <raeds@...lanox.com>
Subject: Re: [net 01/13] net/mlx5: IPSec, Fix the SA context hash key

Hello!

On 20.11.2018 2:41, Saeed Mahameed wrote:

> From: Raed Salem <raeds@...lanox.com>
> 
> The commit "net/mlx5: Refactor accel IPSec code" introduced a

    You also need to cite the commit ID.

> bug where asynchronous short time change in hash key value
> by create/release SA context might happen during an asynchronous
> hash resize operation this could cause a subsequent remove SA
> context operation to fail as the key value used during resize is
> not the same key value used when remove SA context operation is
> invoked.
> 
> This commit fixes the bug by defining the SA context hash key
> such that it includes only fields that never change during the
> lifetime of the SA context object.
> 
> Fixes: d6c4f0298cec ("net/mlx5: Refactor accel IPSec code")
> Signed-off-by: Raed Salem <raeds@...lanox.com>
> Reviewed-by: Aviad Yehezkel <aviadye@...lanox.com>
> Signed-off-by: Saeed Mahameed <saeedm@...lanox.com>
> ---
>   drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c | 10 ++++++++--
>   1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
> index 515e3d6de051..5a22c5874f3b 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
> @@ -83,8 +83,14 @@ struct mlx5_fpga_ipsec_rule {
>   };
>   
>   static const struct rhashtable_params rhash_sa = {
> -	.key_len = FIELD_SIZEOF(struct mlx5_fpga_ipsec_sa_ctx, hw_sa),
> -	.key_offset = offsetof(struct mlx5_fpga_ipsec_sa_ctx, hw_sa),
> +	/* Keep out "cmd" field from the key as it's

    Its.

> +	 * value is not constant during the lifetime
> +	 * of the key object.
> +	 */
> +	.key_len = FIELD_SIZEOF(struct mlx5_fpga_ipsec_sa_ctx, hw_sa) -
> +		   FIELD_SIZEOF(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
> +	.key_offset = offsetof(struct mlx5_fpga_ipsec_sa_ctx, hw_sa) +
> +		      FIELD_SIZEOF(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
>   	.head_offset = offsetof(struct mlx5_fpga_ipsec_sa_ctx, hash),
>   	.automatic_shrinking = true,
>   	.min_size = 1,

MBR, Sergei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ