From patchwork Wed Feb 1 12:04:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Metzmacher X-Patchwork-Id: 1735507 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (3072-bit key; secure) header.d=samba.org header.i=@samba.org header.a=rsa-sha256 header.s=42 header.b=EOdkW0Np; dkim-atps=neutral Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4P6LG62z3wz23gY for ; Wed, 1 Feb 2023 23:05:18 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230447AbjBAMFP (ORCPT ); Wed, 1 Feb 2023 07:05:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229597AbjBAMFP (ORCPT ); Wed, 1 Feb 2023 07:05:15 -0500 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BFE2F29E29 for ; Wed, 1 Feb 2023 04:05:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-Id:Date:Cc:To:From; bh=ckIKHSSh7ZXwZqAGA+y+Om+tLDlRLH0yoGEQVhYOAuM=; b=EOdkW0NpFg1tzreXX3tHHPisqt ggjcjBudtVUYbCgDFVTr9ucJF7VXH9KHU/z4TraNOVLmuv+WvSYpOV7NoCgOckPGyPi/iMzgGYKXa 1OS3etMBroEnO6WqUgUS8hQRoLO4dxToKfBqkjV4+0SedalAva8G2s/3TvjmRhQqfUus/gTp6QgiQ KtG25urBy7DttyzTpFSgyYHoH4e9jXfcF3OVmj6auaUjx4GIj0+c0nbmTP654r8+v7eFNv2vasbNf zrecL3Gid5m8nbRw/9nyzFSDbCO/GwBkBDNNtkDa+/2KmH94cai8H9BDK3WnvZvf/bVhy7c+CXna4 xckrHARBjMgRR5z2geLs2RSSbhgUuAjresaDPv4rnDrAWU2YeEbA2/x3eRm2MCkXMcWJSW2Gj+r3/ +e22zdVIyJcVUUrURleGTGJ6me1TFpKpIYTXlVrQCDads2YsQ+44IHM4GBGwLuwZgDThic7zThcgw VQFrtc3VNm7Hl+L+g5Wow6KE; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1pNBrQ-00BE5d-5r; Wed, 01 Feb 2023 12:05:08 +0000 From: Stefan Metzmacher To: linux-cifs@vger.kernel.org Cc: Stefan Metzmacher , Steve French , Tom Talpey , Long Li , Namjae Jeon , David Howells , stable@vger.kernel.org Subject: [PATCH 0/3] avoid plaintext rdma offset if encryption is required Date: Wed, 1 Feb 2023 13:04:40 +0100 Message-Id: X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org I think it is a security problem to send confidential data in plaintext over the wire, so we should avoid doing that even if rdma is in use. We already have a similar check to prevent data integrity problems for rdma offload. Modern Windows servers support signed and encrypted rdma offload, but we don't support this yet... Stefan Metzmacher (3): cifs: introduce cifs_io_parms in smb2_async_writev() cifs: split out smb3_use_rdma_offload() helper cifs: don't try to use rdma offload on encrypted connections fs/cifs/smb2pdu.c | 89 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 70 insertions(+), 19 deletions(-)