mbox series

[v2,0/3] avoid plaintext rdma offload if encryption is required

Message ID cover.1675264648.git.metze@samba.org
Headers show
Series avoid plaintext rdma offload if encryption is required | expand

Message

Stefan Metzmacher Feb. 1, 2023, 3:21 p.m. UTC 
I think it is a security problem to send confidential data in plaintext
over the wire, so we should avoid doing that even if rdma is in use.

We already have a similar check to prevent data integrity problems
for rdma offload.

Modern Windows servers support signed and encrypted rdma offload,
but we don't support this yet...

Changes v2:
- Added missing Cc: list on commit 2/3

Stefan Metzmacher (3):
  cifs: introduce cifs_io_parms in smb2_async_writev()
  cifs: split out smb3_use_rdma_offload() helper
  cifs: don't try to use rdma offload on encrypted connections

 fs/cifs/smb2pdu.c | 89 +++++++++++++++++++++++++++++++++++++----------
 1 file changed, 70 insertions(+), 19 deletions(-)

Comments

Steve French Feb. 2, 2023, 12:05 a.m. UTC | #1 
Tentatively merged into cifs-2.6.git for-next pending review and testing

On Wed, Feb 1, 2023 at 9:21 AM Stefan Metzmacher <metze@samba.org> wrote:
>
> I think it is a security problem to send confidential data in plaintext
> over the wire, so we should avoid doing that even if rdma is in use.
>
> We already have a similar check to prevent data integrity problems
> for rdma offload.
>
> Modern Windows servers support signed and encrypted rdma offload,
> but we don't support this yet...
>
> Changes v2:
> - Added missing Cc: list on commit 2/3
>
> Stefan Metzmacher (3):
>   cifs: introduce cifs_io_parms in smb2_async_writev()
>   cifs: split out smb3_use_rdma_offload() helper
>   cifs: don't try to use rdma offload on encrypted connections
>
>  fs/cifs/smb2pdu.c | 89 +++++++++++++++++++++++++++++++++++++----------
>  1 file changed, 70 insertions(+), 19 deletions(-)
>
> --
> 2.34.1
>