lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 May 2020 16:13:59 +0100 From: David Howells <dhowells@...hat.com> To: Christoph Hellwig <hch@....de> Cc: dhowells@...hat.com, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Marcelo Ricardo Leitner <marcelo.leitner@...il.com>, Eric Dumazet <edumazet@...gle.com>, linux-nvme@...ts.infradead.org, linux-sctp@...r.kernel.org, target-devel@...r.kernel.org, linux-afs@...ts.infradead.org, drbd-dev@...ts.linbit.com, linux-cifs@...r.kernel.org, rds-devel@....oracle.com, linux-rdma@...r.kernel.org, cluster-devel@...hat.com, Alexey Kuznetsov <kuznet@....inr.ac.ru>, linux-block@...r.kernel.org, ceph-devel@...r.kernel.org, linux-nfs@...r.kernel.org, Neil Horman <nhorman@...driver.com>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, netdev@...r.kernel.org, Vlad Yasevich <vyasevich@...il.com>, linux-kernel@...r.kernel.org, Jon Maloy <jmaloy@...hat.com>, Ying Xue <ying.xue@...driver.com>, ocfs2-devel@....oracle.com Subject: Re: [PATCH 29/33] rxrpc_sock_set_min_security_level Christoph Hellwig <hch@....de> wrote: > > Looks good - but you do need to add this to Documentation/networking/rxrpc.txt > > also, thanks. > > That file doesn't exist, instead we now have a > cumentation/networking/rxrpc.rst in weird markup. Yeah - that's only in net/next thus far. > Where do you want this to be added, and with what text? Remember I don't > really know what this thing does, I just provide a shortcut. The document itself describes what each rxrpc sockopt does. Just look for RXRPC_MIN_SECURITY_LEVEL in there;-) Anyway, see the attached. This also fixes a couple of errors in the doc that I noticed. David --- diff --git a/Documentation/networking/rxrpc.rst b/Documentation/networking/rxrpc.rst index 5ad35113d0f4..68552b92dc44 100644 --- a/Documentation/networking/rxrpc.rst +++ b/Documentation/networking/rxrpc.rst @@ -477,7 +477,7 @@ AF_RXRPC sockets support a few socket options at the SOL_RXRPC level: Encrypted checksum plus packet padded and first eight bytes of packet encrypted - which includes the actual packet length. - (c) RXRPC_SECURITY_ENCRYPTED + (c) RXRPC_SECURITY_ENCRYPT Encrypted checksum plus entire packet padded and encrypted, including actual packet length. @@ -578,7 +578,7 @@ A client would issue an operation by: This issues a request_key() to get the key representing the security context. The minimum security level can be set:: - unsigned int sec = RXRPC_SECURITY_ENCRYPTED; + unsigned int sec = RXRPC_SECURITY_ENCRYPT; setsockopt(client, SOL_RXRPC, RXRPC_MIN_SECURITY_LEVEL, &sec, sizeof(sec)); @@ -1090,6 +1090,15 @@ The kernel interface functions are as follows: jiffies). In the event of the timeout occurring, the call will be aborted and -ETIME or -ETIMEDOUT will be returned. + (#) Apply the RXRPC_MIN_SECURITY_LEVEL sockopt to a socket from within in the + kernel:: + + int rxrpc_sock_set_min_security_level(struct sock *sk, + unsigned int val); + + This specifies the minimum security level required for calls on this + socket. + Configurable Parameters ======================= diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c index 7dfcbd58da85..e313dae01674 100644 --- a/fs/afs/rxrpc.c +++ b/fs/afs/rxrpc.c @@ -57,7 +57,7 @@ int afs_open_socket(struct afs_net *net) srx.transport.sin6.sin6_port = htons(AFS_CM_PORT); ret = rxrpc_sock_set_min_security_level(socket->sk, - RXRPC_SECURITY_ENCRYPT); + RXRPC_SECURITY_ENCRYPT); if (ret < 0) goto error_2;
Powered by blists - more mailing lists