| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8dd10152-b790-d56f-8fbc-5eb2250f2798@mellanox.com>
Date: Tue, 14 Jul 2020 10:27:11 +0300
From: Boris Pismenny <borisp@...lanox.com>
To: David Miller <davem@...emloft.net>
Cc: kuba@...nel.org, john.fastabend@...il.com, daniel@...earbox.net,
tariqt@...lanox.com, netdev@...r.kernel.org
Subject: Re: [PATCH] tls: add zerocopy device sendpage
On 14/07/2020 4:02, David Miller wrote:
> From: Boris Pismenny <borisp@...lanox.com>
> Date: Tue, 14 Jul 2020 01:15:26 +0300
>
>> On 13/07/2020 22:05, David Miller wrote:
>>> From: Boris Pismenny <borisp@...lanox.com>
>>> Date: Mon, 13 Jul 2020 10:49:49 +0300
>>>
>>> Why can't the device generate the correct TLS signature when
>>> offloading? Just like for the protocol checksum, the device should
>>> load the payload into the device over DMA and make it's calculations
>>> on that copy.
>> Right. The problematic case is when some part of the record is already
>> received by the other party, and then some (modified) data including
>> the TLS authentication tag is re-transmitted.
> Then we must copy to avoid this.
Why is it the kernel's role to protect against such an error?
Surely the user that modifies pagecache data while sending it over
sendfile (with TCP) will suffer from consistency bugs that are even worse.
The copy in the TLS_DEVICE sendfile path greatly reduces the value of
all of this work. If we want to get the maximum out of this, then the
copy has to go.
If we can't make this the default (as it is in FreeBSD), and we can't
add a knob to enable this. Then, what should we do here?
Powered by blists - more mailing lists