| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5dcbb7b1-f1e2-f436-f211-8f4ef6712e52@gmail.com>
Date: Sun, 8 Nov 2020 09:28:04 +0200
From: Boris Pismenny <borispismenny@...il.com>
To: Shai Malin <smalin@...vell.com>,
"linux-nvme@...ts.infradead.org" <linux-nvme@...ts.infradead.org>,
Sagi Grimberg <sagi@...mberg.me>,
Boris Pismenny <borisp@...lanox.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"davem@...emloft.net" <davem@...emloft.net>,
"saeedm@...dia.com" <saeedm@...dia.com>, "hch@....de" <hch@....de>,
"axboe@...com" <axboe@...com>,
"kbusch@...nel.org" <kbusch@...nel.org>,
"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
"edumazet@...gle.com" <edumazet@...gle.com>
Cc: Yoray Zack <yorayz@...lanox.com>,
Ben Ben-Ishay <benishay@...lanox.com>,
"boris.pismenny@...il.com" <boris.pismenny@...il.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Or Gerlitz <ogerlitz@...lanox.com>,
Ariel Elior <aelior@...vell.com>,
Michal Kalderon <mkalderon@...vell.com>
Subject: Re: [PATCH net-next RFC v1 07/10] nvme-tcp : Recalculate crc in the
end of the capsule
On 08/11/2020 8:59, Shai Malin wrote:
> On 09/10/2020 1:44, Sagi Grimberg wrote:
>> On 9/30/20 7:20 PM, Boris Pismenny wrote:
>>
>>> crc offload of the nvme capsule. Check if all the skb bits are on,
>>> and if not recalculate the crc in SW and check it.
>> Can you clarify in the patch description that this is only for pdu
>> data digest and not header digest?
>>
> Not a security expert, but according to my understanding, the NVMeTCP data digest is a layer 5 CRC, and as such it is expected to be end-to-end, meaning it is computed by layer 5 on the transmitter and verified on layer 5 on the receiver.
> Any data corruption which happens in any of the lower layers, including their software processing, should be protected by this CRC. For example, if the IP or TCP stack has a bug that corrupts the NVMeTCP payload data, the CRC should protect against it. It seems that may not be the case with this offload.
If the TCP/IP stack corrupts packet data, then likely many TCP/IP consumers will be effected, and it will be fixed promptly.
Unlike with TOE, these bugs can be easily fixed/hotpatched by the community.
>
>>> This patch reworks the receive-side crc calculation to always run at
>>> the end, so as to keep a single flow for both offload and non-offload.
>>> This change simplifies the code, but it may degrade performance for
>>> non-offload crc calculation.
>> ??
>>
>> From my scan it doeesn't look like you do that.. Am I missing something?
>> Can you explain?
>>
>>> Signed-off-by: Boris Pismenny <borisp@...lanox.com>
>>> Signed-off-by: Ben Ben-Ishay <benishay@...lanox.com>
>>> Signed-off-by: Or Gerlitz <ogerlitz@...lanox.com>
>>> Signed-off-by: Yoray Zack <yorayz@...lanox.com>
>>> ---
>>> drivers/nvme/host/tcp.c | 66
>> ++++++++++++++++++++++++++++++++++++-----
>>> 1 file changed, 58 insertions(+), 8 deletions(-)
>>>
>>> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c index
>>> 7bd97f856677..9a620d1dacb4 100644
>>> --- a/drivers/nvme/host/tcp.c
>>> +++ b/drivers/nvme/host/tcp.c
>>> @@ -94,6 +94,7 @@ struct nvme_tcp_queue {
>>> size_t data_remaining;
>>> size_t ddgst_remaining;
>>> unsigned int nr_cqe;
>>> + bool crc_valid;
> I suggest to rename it to ddgst_valid.
>
Sure
Powered by blists - more mailing lists