From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Stefan Metzmacher <metze@samba.org>,
Steve French <smfrench@gmail.com>, Tom Talpey <tom@talpey.com>,
Long Li <longli@microsoft.com>,
Namjae Jeon <linkinjeon@kernel.org>,
David Howells <dhowells@redhat.com>,
linux-cifs@vger.kernel.org, Steve French <stfrench@microsoft.com>
Subject: [PATCH 6.1 675/885] cifs: dont try to use rdma offload on encrypted connections
Date: Tue, 7 Mar 2023 18:00:09 +0100 [thread overview]
Message-ID: <20230307170031.469276199@linuxfoundation.org> (raw)
In-Reply-To: <20230307170001.594919529@linuxfoundation.org>
From: Stefan Metzmacher <metze@samba.org>
commit 3891f6c7655a39065e44980f51ba46bb32be3133 upstream.
The aim of using encryption on a connection is to keep
the data confidential, so we must not use plaintext rdma offload
for that data!
It seems that current windows servers and ksmbd would allow
this, but that's no reason to expose the users data in plaintext!
And servers hopefully reject this in future.
Note modern windows servers support signed or encrypted offload,
see MS-SMB2 2.2.3.1.6 SMB2_RDMA_TRANSFORM_CAPABILITIES, but we don't
support that yet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Cc: Steve French <smfrench@gmail.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: Long Li <longli@microsoft.com>
Cc: Namjae Jeon <linkinjeon@kernel.org>
Cc: David Howells <dhowells@redhat.com>
Cc: linux-cifs@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -4081,6 +4081,10 @@ static inline bool smb3_use_rdma_offload
if (server->sign)
return false;
+ /* we don't support encrypted offload yet */
+ if (smb3_encryption_required(tcon))
+ return false;
+
/* offload also has its overhead, so only do it if desired */
if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold)
return false;
prev parent reply other threads:[~2023-03-07 18:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230307170001.594919529@linuxfoundation.org>
2023-03-07 17:00 ` [PATCH 6.1 673/885] cifs: introduce cifs_io_parms in smb2_async_writev() Greg Kroah-Hartman
2023-03-07 17:00 ` [PATCH 6.1 674/885] cifs: split out smb3_use_rdma_offload() helper Greg Kroah-Hartman
2023-03-07 17:00 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230307170031.469276199@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dhowells@redhat.com \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=longli@microsoft.com \
--cc=metze@samba.org \
--cc=patches@lists.linux.dev \
--cc=smfrench@gmail.com \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
--cc=tom@talpey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).