lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 26 May 2021 12:57:44 +0300
From:   Tariq Toukan <tariqt@...dia.com>
To:     "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>
CC:     <netdev@...r.kernel.org>, Moshe Shemesh <moshe@...dia.com>,
        Boris Pismenny <borisp@...dia.com>,
        Saeed Mahameed <saeedm@...dia.com>,
        Maxim Mikityanskiy <maximmi@...dia.com>,
        Tariq Toukan <tariqt@...dia.com>
Subject: [RFC PATCH 3/6] net: Disable RX TLS device offload on lower devices if disabled on the upper

In the control flow of the TLS device offload feature, the upper device
gives a pointer to the target lower device. All struct tlsdev_ops
are called directly against the lower device, bypassing the upper.

This means, the upper device has very limited means of blocking/disabling
the TLS device offload.

Today, for instance, disabling RX checksum offload of the upper dev
automatically disables the RX TLS device offload capability.
However, this does not affect the lower device at all, and it keeps
doing TLS device offload for all new connections.

Here we fix this, by propagating the disablement of the TLS RX device
offload features to all lower devices.

Fixes: a3eb4e9d4c92 ("net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled")
Signed-off-by: Tariq Toukan <tariqt@...dia.com>
---
 include/linux/netdev_features.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/netdev_features.h b/include/linux/netdev_features.h
index 0061c5b988c1..a8b33313ad17 100644
--- a/include/linux/netdev_features.h
+++ b/include/linux/netdev_features.h
@@ -239,7 +239,7 @@ static inline int find_next_netdev_feature(u64 feature, unsigned long start)
  * If upper/master device has these features disabled, they must be disabled
  * on all lower/slave devices as well.
  */
-#define NETIF_F_UPPER_DISABLES	(NETIF_F_LRO | NETIF_F_HW_TLS_TX)
+#define NETIF_F_UPPER_DISABLES	(NETIF_F_LRO | NETIF_F_HW_TLS_TX | NETIF_F_HW_TLS_RX)
 
 /* changeable features with no special hardware requirements */
 #define NETIF_F_SOFT_FEATURES	(NETIF_F_GSO | NETIF_F_GRO)
-- 
2.21.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ