lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250814081218.09b31c82@kernel.org>
Date: Thu, 14 Aug 2025 08:12:18 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Daniel Zahka <daniel.zahka@...il.com>
Cc: Paolo Abeni <pabeni@...hat.com>, Donald Hunter
 <donald.hunter@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric
 Dumazet <edumazet@...gle.com>, Simon Horman <horms@...nel.org>, Jonathan
 Corbet <corbet@....net>, Andrew Lunn <andrew+netdev@...n.ch>, Saeed
 Mahameed <saeedm@...dia.com>, Leon Romanovsky <leon@...nel.org>, Tariq
 Toukan <tariqt@...dia.com>, Boris Pismenny <borisp@...dia.com>, Kuniyuki
 Iwashima <kuniyu@...gle.com>, Willem de Bruijn <willemb@...gle.com>, David
 Ahern <dsahern@...nel.org>, Neal Cardwell <ncardwell@...gle.com>,
 Patrisious Haddad <phaddad@...dia.com>, Raed Salem <raeds@...dia.com>,
 Jianbo Liu <jianbol@...dia.com>, Dragos Tatulea <dtatulea@...dia.com>,
 Rahul Rameshbabu <rrameshbabu@...dia.com>, Stanislav Fomichev
 <sdf@...ichev.me>, Toke Høiland-Jørgensen
 <toke@...hat.com>, Alexander Lobakin <aleksander.lobakin@...el.com>, Kiran
 Kella <kiran.kella@...adcom.com>, Jacob Keller <jacob.e.keller@...el.com>,
 netdev@...r.kernel.org
Subject: Re: [PATCH net-next v6 04/19] tcp: add datapath logic for PSP with
 inline key exchange

On Thu, 14 Aug 2025 10:43:34 -0400 Daniel Zahka wrote:
> On 8/14/25 9:18 AM, Paolo Abeni wrote:
> > On 8/12/25 2:29 AM, Daniel Zahka wrote:  
> >> @@ -2070,7 +2076,9 @@ bool tcp_add_backlog(struct sock *sk, struct sk_buff *skb,
> >>   	     (TCPHDR_ECE | TCPHDR_CWR | TCPHDR_AE)) ||
> >>   	    !tcp_skb_can_collapse_rx(tail, skb) ||
> >>   	    thtail->doff != th->doff ||
> >> -	    memcmp(thtail + 1, th + 1, hdrlen - sizeof(*th)))
> >> +	    memcmp(thtail + 1, th + 1, hdrlen - sizeof(*th)) ||
> >> +	    /* prior to PSP Rx policy check, retain exact PSP metadata */
> >> +	    psp_skb_coalesce_diff(tail, skb))
> >>   		goto no_coalesce;  
> > The TCP stack will try to coalesce skbs in other places, too (i.e.
> > tcp_try_coalesce(), tcp_collapse()...) Why a similar check is not needed
> > there?  
> 
> We handle coalescing of skb's in various places. On the tx path, we 
> place a call to tcp_write_collapse_fence() in psp_sock_assoc_set_tx(), 
> to prevent data written into the socket as cleartext from being merged 
> with data written after the tx-assoc netlink operation has been 
> performed. On the rx path, for dealing with coalescing before the skb is 
> in the socket receive queue we call psp_skb_coalesce_diff() from 
> tcp_add_backlog() and gro_list_prepare(). For skb's that are already on 
> the socket receive queue, we rely on the fact that psp skb's will have 
> skb->decrypted set, and all tcp functions that try to collapse skb's on 
> the receive queue should call skb_cmp_decrypted() at some point. If we 
> have missed a case, than that would be a bug.

Stating the obvious, but please incorporate the answers to the questions
asked in the review in the commit message. I think this came up before..

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ