lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  8 Jul 2019 19:53:07 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     davem@...emloft.net
Cc:     netdev@...r.kernel.org, oss-drivers@...ronome.com,
        alexei.starovoitov@...il.com,
        Jakub Kicinski <jakub.kicinski@...ronome.com>
Subject: [PATCH net-next 00/11] nfp: tls: fixes for initial TLS support

Hi!

This series brings various fixes to nfp tls offload recently added
to net-next.

First 4 patches revolve around device mailbox communication, trying
to make it more reliable. Next patch fixes statistical counter.
Patch 6 improves the TX resync if device communication failed.
Patch 7 makes sure we remove keys from memory after talking to FW.
Patch 8 adds missing tls context initialization, we fill in the
context information from various places based on the configuration
and looks like we missed the init in the case of where TX is
offloaded, but RX wasn't initialized yet. Patches 9 and 10 make
the nfp driver undo TLS state changes if we need to drop the
frame (e.g. due to DMA mapping error).

Last but not least TLS fallback should not adjust socket memory
after skb_orphan_partial(). This code will go away once we forbid
orphaning of skbs in need of crypto, but that's "real" -next
material, so lets do a quick fix.

Dirk van der Merwe (2):
  nfp: ccm: increase message limits
  net/tls: don't clear TX resync flag on error

Jakub Kicinski (9):
  nfp: tls: ignore queue limits for delete commands
  nfp: tls: move setting ipver_vlan to a helper
  nfp: tls: use unique connection ids instead of 4-tuple for TX
  nfp: tls: count TSO segments separately for the TLS offload
  nfp: tls: don't leave key material in freed FW cmsg skbs
  net/tls: add missing prot info init
  nfp: tls: avoid one of the ifdefs for TLS
  nfp: tls: undo TLS sequence tracking when dropping the frame
  net/tls: fix socket wmem accounting on fallback with netem

 .../mellanox/mlx5/core/en_accel/tls.c         |  8 +-
 drivers/net/ethernet/netronome/nfp/ccm.h      |  4 +
 drivers/net/ethernet/netronome/nfp/ccm_mbox.c | 31 ++++---
 .../net/ethernet/netronome/nfp/crypto/fw.h    |  2 +
 .../net/ethernet/netronome/nfp/crypto/tls.c   | 93 +++++++++++++------
 drivers/net/ethernet/netronome/nfp/nfp_net.h  |  3 +
 .../ethernet/netronome/nfp/nfp_net_common.c   | 32 ++++++-
 include/net/tls.h                             |  6 +-
 net/tls/tls_device.c                          | 10 +-
 net/tls/tls_device_fallback.c                 |  4 +
 10 files changed, 143 insertions(+), 50 deletions(-)

-- 
2.21.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ