[v2,0/3] avoid plaintext rdma offload if encryption is required

Message ID	cover.1675264648.git.metze@samba.org (mailing list archive)
Headers	show Return-Path: <linux-cifs-owner@vger.kernel.org> From: Stefan Metzmacher <metze@samba.org> To: linux-cifs@vger.kernel.org Cc: Stefan Metzmacher <metze@samba.org>, Steve French <smfrench@gmail.com>, Tom Talpey <tom@talpey.com>, Long Li <longli@microsoft.com>, Namjae Jeon <linkinjeon@kernel.org>, David Howells <dhowells@redhat.com>, stable@vger.kernel.org Subject: [PATCH v2 0/3] avoid plaintext rdma offload if encryption is required Date: Wed, 1 Feb 2023 16:21:38 +0100 Message-Id: <cover.1675264648.git.metze@samba.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	avoid plaintext rdma offload if encryption is required \| expand [v2,0/3] avoid plaintext rdma offload if encryption is required [v2,1/3] cifs: introduce cifs_io_parms in smb2_async_writev() [v2,2/3] cifs: split out smb3_use_rdma_offload() helper [v2,3/3] cifs: don't try to use rdma offload on encrypted connections

Message ID

cover.1675264648.git.metze@samba.org (mailing list archive)

Headers

From: Stefan Metzmacher <metze@samba.org>
To: linux-cifs@vger.kernel.org
Cc: Stefan Metzmacher <metze@samba.org>,
        Steve French <smfrench@gmail.com>, Tom Talpey <tom@talpey.com>,
        Long Li <longli@microsoft.com>,
        Namjae Jeon <linkinjeon@kernel.org>,
        David Howells <dhowells@redhat.com>, stable@vger.kernel.org
Subject: [PATCH v2 0/3] avoid plaintext rdma offload if encryption is required
Date: Wed,  1 Feb 2023 16:21:38 +0100
Message-Id: <cover.1675264648.git.metze@samba.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

avoid plaintext rdma offload if encryption is required | expand

Message

Stefan Metzmacher Feb. 1, 2023, 3:21 p.m. UTC

I think it is a security problem to send confidential data in plaintext
over the wire, so we should avoid doing that even if rdma is in use.

We already have a similar check to prevent data integrity problems
for rdma offload.

Modern Windows servers support signed and encrypted rdma offload,
but we don't support this yet...

Changes v2:
- Added missing Cc: list on commit 2/3

Stefan Metzmacher (3):
  cifs: introduce cifs_io_parms in smb2_async_writev()
  cifs: split out smb3_use_rdma_offload() helper
  cifs: don't try to use rdma offload on encrypted connections

 fs/cifs/smb2pdu.c | 89 +++++++++++++++++++++++++++++++++++++----------
 1 file changed, 70 insertions(+), 19 deletions(-)

Comments

Steve French Feb. 2, 2023, 12:05 a.m. UTC | #1

Tentatively merged into cifs-2.6.git for-next pending review and testing

On Wed, Feb 1, 2023 at 9:21 AM Stefan Metzmacher <metze@samba.org> wrote:
>
> I think it is a security problem to send confidential data in plaintext
> over the wire, so we should avoid doing that even if rdma is in use.
>
> We already have a similar check to prevent data integrity problems
> for rdma offload.
>
> Modern Windows servers support signed and encrypted rdma offload,
> but we don't support this yet...
>
> Changes v2:
> - Added missing Cc: list on commit 2/3
>
> Stefan Metzmacher (3):
>   cifs: introduce cifs_io_parms in smb2_async_writev()
>   cifs: split out smb3_use_rdma_offload() helper
>   cifs: don't try to use rdma offload on encrypted connections
>
>  fs/cifs/smb2pdu.c | 89 +++++++++++++++++++++++++++++++++++++----------
>  1 file changed, 70 insertions(+), 19 deletions(-)
>
> --
> 2.34.1
>