| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <685c8ef72e61f_2a5da429434@willemb.c.googlers.com.notmuch> Date: Wed, 25 Jun 2025 20:06:15 -0400 From: Willem de Bruijn <willemdebruijn.kernel@...il.com> To: Daniel Zahka <daniel.zahka@...il.com>, Donald Hunter <donald.hunter@...il.com>, Jakub Kicinski <kuba@...nel.org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, Jonathan Corbet <corbet@....net>, Andrew Lunn <andrew+netdev@...n.ch> Cc: Saeed Mahameed <saeedm@...dia.com>, Leon Romanovsky <leon@...nel.org>, Tariq Toukan <tariqt@...dia.com>, Boris Pismenny <borisp@...dia.com>, Kuniyuki Iwashima <kuniyu@...gle.com>, Willem de Bruijn <willemb@...gle.com>, David Ahern <dsahern@...nel.org>, Neal Cardwell <ncardwell@...gle.com>, Patrisious Haddad <phaddad@...dia.com>, Raed Salem <raeds@...dia.com>, Jianbo Liu <jianbol@...dia.com>, Dragos Tatulea <dtatulea@...dia.com>, Rahul Rameshbabu <rrameshbabu@...dia.com>, Stanislav Fomichev <sdf@...ichev.me>, Toke Høiland-Jørgensen <toke@...hat.com>, Alexander Lobakin <aleksander.lobakin@...el.com>, Jacob Keller <jacob.e.keller@...el.com>, netdev@...r.kernel.org Subject: Re: [PATCH v2 04/17] tcp: add datapath logic for PSP with inline key exchange Daniel Zahka wrote: > From: Jakub Kicinski <kuba@...nel.org> > > Add validation points and state propagation to support PSP key > exchange inline, on TCP connections. The expectation is that > application will use some well established mechanism like TLS > handshake to establish a secure channel over the connection and > if both endpoints are PSP-capable - exchange and install PSP keys. > Because the connection can existing in PSP-unsecured and PSP-secured > state we need to make sure that there are no race conditions or > retransmission leaks. > > On Tx - mark packets with the skb->decrypted bit when PSP key > is at the enqueue time. Drivers should only encrypt packets with > this bit set. This prevents retransmissions getting encrypted when > original transmission was not. Similarly to TLS, we'll use > sk->sk_validate_xmit_skb to make sure PSP skbs can't "escape" > via a PSP-unaware device without being encrypted. > > On Rx - validation is done under socket lock. This moves the validation > point later than xfrm, for example. Please see the documentation patch > for more details on the flow of securing a connection, but for > the purpose of this patch what's important is that we want to > enforce the invariant that once connection is secured any skb > in the receive queue has been encrypted with PSP. > > Add trivialities like GRO and coalescing checks. > > This change only adds the validation points, for ease of review. > Subsequent change will add the ability to install keys, and flesh > the enforcement logic out > > Signed-off-by: Jakub Kicinski <kuba@...nel.org> > Signed-off-by: Daniel Zahka <daniel.zahka@...il.com> > Co-developed-by: Daniel Zahka <daniel.zahka@...il.com> > @@ -2068,7 +2074,8 @@ bool tcp_add_backlog(struct sock *sk, struct sk_buff *skb, > (TCPHDR_ECE | TCPHDR_CWR | TCPHDR_AE)) || > !tcp_skb_can_collapse_rx(tail, skb) || > thtail->doff != th->doff || > - memcmp(thtail + 1, th + 1, hdrlen - sizeof(*th))) > + memcmp(thtail + 1, th + 1, hdrlen - sizeof(*th)) || > + psp_skb_coalesce_diff(tail, skb)) > goto no_coalesce; Since this is a "can these skbs be coalesced" condition check, move it inside tcp_skb_can_collapse_rx?
Powered by blists - more mailing lists