| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <PH0PR18MB3845FDA1C8E6063A03ECCE14CCEB0@PH0PR18MB3845.namprd18.prod.outlook.com>
Date: Sun, 8 Nov 2020 06:59:10 +0000
From: Shai Malin <smalin@...vell.com>
To: "linux-nvme@...ts.infradead.org" <linux-nvme@...ts.infradead.org>,
"Sagi Grimberg" <sagi@...mberg.me>,
Boris Pismenny <borisp@...lanox.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"davem@...emloft.net" <davem@...emloft.net>,
"saeedm@...dia.com" <saeedm@...dia.com>, "hch@....de" <hch@....de>,
"axboe@...com" <axboe@...com>,
"kbusch@...nel.org" <kbusch@...nel.org>,
"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
"edumazet@...gle.com" <edumazet@...gle.com>
CC: Yoray Zack <yorayz@...lanox.com>,
Ben Ben-Ishay <benishay@...lanox.com>,
"boris.pismenny@...il.com" <boris.pismenny@...il.com>,
"linux-nvme@...ts.infradead.org" <linux-nvme@...ts.infradead.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Or Gerlitz <ogerlitz@...lanox.com>,
Ariel Elior <aelior@...vell.com>,
Michal Kalderon <mkalderon@...vell.com>
Subject: RE: [PATCH net-next RFC v1 07/10] nvme-tcp : Recalculate crc in the
end of the capsule
On 09/10/2020 1:44, Sagi Grimberg wrote:
> On 9/30/20 7:20 PM, Boris Pismenny wrote:
>
> > crc offload of the nvme capsule. Check if all the skb bits are on,
> > and if not recalculate the crc in SW and check it.
>
> Can you clarify in the patch description that this is only for pdu
> data digest and not header digest?
>
Not a security expert, but according to my understanding, the NVMeTCP data digest is a layer 5 CRC, and as such it is expected to be end-to-end, meaning it is computed by layer 5 on the transmitter and verified on layer 5 on the receiver.
Any data corruption which happens in any of the lower layers, including their software processing, should be protected by this CRC. For example, if the IP or TCP stack has a bug that corrupts the NVMeTCP payload data, the CRC should protect against it. It seems that may not be the case with this offload.
> >
> > This patch reworks the receive-side crc calculation to always run at
> > the end, so as to keep a single flow for both offload and non-offload.
> > This change simplifies the code, but it may degrade performance for
> > non-offload crc calculation.
>
> ??
>
> From my scan it doeesn't look like you do that.. Am I missing something?
> Can you explain?
>
> >
> > Signed-off-by: Boris Pismenny <borisp@...lanox.com>
> > Signed-off-by: Ben Ben-Ishay <benishay@...lanox.com>
> > Signed-off-by: Or Gerlitz <ogerlitz@...lanox.com>
> > Signed-off-by: Yoray Zack <yorayz@...lanox.com>
> > ---
> > drivers/nvme/host/tcp.c | 66
> ++++++++++++++++++++++++++++++++++++-----
> > 1 file changed, 58 insertions(+), 8 deletions(-)
> >
> > diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c index
> > 7bd97f856677..9a620d1dacb4 100644
> > --- a/drivers/nvme/host/tcp.c
> > +++ b/drivers/nvme/host/tcp.c
> > @@ -94,6 +94,7 @@ struct nvme_tcp_queue {
> > size_t data_remaining;
> > size_t ddgst_remaining;
> > unsigned int nr_cqe;
> > + bool crc_valid;
I suggest to rename it to ddgst_valid.
Powered by blists - more mailing lists