lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20201109083356.11117-1-rohitm@chelsio.com>
Date:   Mon,  9 Nov 2020 14:03:44 +0530
From:   Rohit Maheshwari <rohitm@...lsio.com>
To:     kuba@...nel.org, netdev@...r.kernel.org, davem@...emloft.net
Cc:     secdev@...lsio.com, Rohit Maheshwari <rohitm@...lsio.com>
Subject: [net v5 00/12] cxgb4/ch_ktls: Fixes in nic tls code

This series helps in fixing multiple nic ktls issues. Series is broken
into 12 patches.

Patch 1 avoids deciding tls packet based on decrypted bit. If its a 
retransmit packet which has tls handshake and finish (for encryption),
decrypted bit won't be set there, and so we can't rely on decrypted
bit.

Patch 2 helps supporting linear skb. SKBs were assumed non-linear.
Corrected the length extraction.

Patch 3 fixes the checksum offload update in WR.

Patch 4 fixes kernel panic happening due to creating new skb for each
record. As part of fix driver will use same skb to send out one tls
record (partial data) of the same SKB.

Patch 5 fixes the problem of skb data length smaller than remaining data
of the record.

Patch 6 fixes the handling of SKBs which has tls header alone pkt, but
not starting from beginning.

Patch 7 avoids sending extra data which is used to make a record 16 byte
aligned. We don't need to retransmit those extra few bytes.

Patch 8 handles the cases where retransmit packet has tls starting
exchanges which are prior to tls start marker.

Patch 9 fixes the problem os skb free before HW knows about tcp FIN.

Patch 10 handles the small packet case which has partial TAG bytes only.
HW can't handle those, hence using sw crypto for such pkts.

Patch 11 corrects the potential tcb update problem.

Patch 12 stops the queue if queue reaches threshold value.

v1->v2:
- Corrected fixes tag issue.
- Marked chcr_ktls_sw_fallback() static.

v2->v3:
- Replaced GFP_KERNEL with GFP_ATOMIC.
- Removed mixed fixes.

v3->v4:
- Corrected fixes tag issue. 

v4->v5:
- Separated mixed fixes from patch 4.

Rohit Maheshwari (12):
  cxgb4/ch_ktls: decrypted bit is not enough
  ch_ktls: Correction in finding correct length
  ch_ktls: Update cheksum information
  cxgb4/ch_ktls: creating skbs causes panic
  ch_ktls: Correction in trimmed_len calculation
  ch_ktls: missing handling of header alone
  ch_ktls: Correction in middle record handling
  ch_ktls: packet handling prior to start marker
  ch_ktls: don't free skb before sending FIN
  ch_ktls/cxgb4: handle partial tag alone SKBs
  ch_ktls: tcb update fails sometimes
  ch_ktls: stop the txq if reaches threshold

 drivers/net/ethernet/chelsio/cxgb4/cxgb4.h    |   3 +
 .../ethernet/chelsio/cxgb4/cxgb4_debugfs.c    |   2 +
 .../net/ethernet/chelsio/cxgb4/cxgb4_main.c   |   1 +
 .../net/ethernet/chelsio/cxgb4/cxgb4_uld.h    |   6 +
 drivers/net/ethernet/chelsio/cxgb4/sge.c      | 111 +++-
 .../chelsio/inline_crypto/ch_ktls/chcr_ktls.c | 582 +++++++++++-------
 .../chelsio/inline_crypto/ch_ktls/chcr_ktls.h |   1 +
 7 files changed, 478 insertions(+), 228 deletions(-)

-- 
2.18.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ