linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: David Howells <dhowells@redhat.com>
To: netdev@vger.kernel.org
Cc: dhowells@redhat.com, linux-afs@lists.infradead.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next 12/23] rxrpc: Allow for a security trailer in a packet
Date: Thu, 01 Oct 2020 15:58:06 +0100	[thread overview]
Message-ID: <160156428634.1728886.8717790947771496289.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <160156420377.1728886.5309670328610130816.stgit@warthog.procyon.org.uk>

Allow for a security trailer to added to a packet.  The size is stored in
conn->security_trailer.  Note any size alignment set by the security class
must be applied after subtracting the trailer (but the alignment includes
the security header, which is assumed to be encrypted).

Signed-off-by: David Howells <dhowells@redhat.com>
---

 net/rxrpc/ar-internal.h |    1 +
 net/rxrpc/sendmsg.c     |   28 ++++++++++++++++------------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index dce48162f6c2..5aacd6d7cf28 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -455,6 +455,7 @@ struct rxrpc_connection {
 	u32			service_id;	/* Service ID, possibly upgraded */
 	u8			size_align;	/* data size alignment (for security) */
 	u8			security_size;	/* security header size */
+	u8			security_trailer; /* Security trailer size */
 	u8			security_ix;	/* security type */
 	u8			out_clientflag;	/* RXRPC_CLIENT_INITIATED if we are client */
 	u8			bundle_shift;	/* Index into bundle->avail_chans */
diff --git a/net/rxrpc/sendmsg.c b/net/rxrpc/sendmsg.c
index d27140c836cc..258224bb1227 100644
--- a/net/rxrpc/sendmsg.c
+++ b/net/rxrpc/sendmsg.c
@@ -327,7 +327,7 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
 			rxrpc_send_ack_packet(call, false, NULL);
 
 		if (!skb) {
-			size_t size, chunk, max, space;
+			size_t size, chunk, limit, space, shdr;
 
 			_debug("alloc");
 
@@ -342,18 +342,22 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
 					goto maybe_error;
 			}
 
-			max = RXRPC_JUMBO_DATALEN;
-			max -= call->conn->security_size;
-			max &= ~(call->conn->size_align - 1UL);
-
-			chunk = max;
-			if (chunk > msg_data_left(msg) && !more)
+			/* Work out the maximum size of a packet.  Assume that
+			 * the security header is going to be in the padded
+			 * region (enc blocksize), but the trailer is not.
+			 */
+			shdr = call->conn->security_size;
+			limit = RXRPC_JUMBO_DATALEN;
+			limit -= call->conn->security_trailer;
+			space = round_down(limit, call->conn->size_align);
+
+			chunk = space - shdr;
+			if (msg_data_left(msg) < chunk && !more) {
 				chunk = msg_data_left(msg);
+				space = round_up(shdr + chunk, call->conn->size_align);
+			}
 
-			space = chunk + call->conn->size_align;
-			space &= ~(call->conn->size_align - 1UL);
-
-			size = space + call->conn->security_size;
+			size = space + call->conn->security_trailer;
 
 			_debug("SIZE: %zu/%zu/%zu", chunk, space, size);
 
@@ -425,7 +429,7 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
 			size_t pad;
 
 			/* pad out if we're using security */
-			if (conn->security_ix) {
+			if (conn->size_align > 0) {
 				pad = conn->security_size + skb->mark;
 				pad = conn->size_align - pad;
 				pad &= conn->size_align - 1;



  parent reply	other threads:[~2020-10-01 14:58 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-01 14:56 [PATCH net-next 00/23] rxrpc: Fixes and preparation for RxGK David Howells
2020-10-01 14:56 ` [PATCH net-next 01/23] keys: Provide the original description to the key preparser David Howells
2020-10-01 14:56 ` [PATCH net-next 02/23] rxrpc: Fix bundle counting for exclusive connections David Howells
2020-10-01 14:57 ` [PATCH net-next 03/23] rxrpc: Fix rxkad token xdr encoding David Howells
2020-10-01 14:57 ` [PATCH net-next 04/23] rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() David Howells
2020-10-01 14:57 ` [PATCH net-next 05/23] rxrpc: Fix some missing _bh annotations on locking conn->state_lock David Howells
2020-10-01 14:57 ` [PATCH net-next 06/23] rxrpc: Fix loss of final ack on shutdown David Howells
2020-10-01 14:57 ` [PATCH net-next 07/23] rxrpc: Fix accept on a connection that need securing David Howells
2020-10-01 14:57 ` [PATCH net-next 08/23] rxrpc: The server keyring isn't network-namespaced David Howells
2020-10-01 14:57 ` [PATCH net-next 09/23] rxrpc: Change basic data packet size alignment to 1 David Howells
2020-10-01 14:57 ` [PATCH net-next 10/23] rxrpc: Remove the rxk5 security class as it's now defunct David Howells
2020-10-01 14:57 ` [PATCH net-next 11/23] rxrpc: List the held token types in the key description in /proc/keys David Howells
2020-10-01 14:58 ` David Howells [this message]
2020-10-01 14:58 ` [PATCH net-next 13/23] rxrpc: Merge prime_packet_security into init_connection_security David Howells
2020-10-01 14:58 ` [PATCH net-next 14/23] rxrpc: Support keys with multiple authentication tokens David Howells
2020-10-01 14:58 ` [PATCH net-next 15/23] rxrpc: Don't retain the server key in the connection David Howells
2020-10-01 14:58 ` [PATCH net-next 16/23] rxrpc: Split the server key type (rxrpc_s) into its own file David Howells
2020-10-01 14:58 ` [PATCH net-next 17/23] rxrpc: Hand server key parsing off to the security class David Howells
2020-10-01 14:58 ` [PATCH net-next 18/23] rxrpc: Don't reserve security header in Tx DATA skbuff David Howells
2020-10-01 14:58 ` [PATCH net-next 19/23] rxrpc: Organise connection security to use a union David Howells
2020-10-01 14:59 ` [PATCH net-next 20/23] rxrpc: Don't leak the service-side session key to userspace David Howells
2020-10-01 14:59 ` [PATCH net-next 21/23] rxrpc: Allow security classes to give more info on server keys David Howells
2020-10-01 14:59 ` [PATCH net-next 22/23] rxrpc: Make the parsing of xdr payloads more coherent David Howells
2020-10-01 14:59 ` [PATCH net-next 23/23] rxrpc: rxkad: Don't use pskb_pull() to advance through the response packet David Howells
2020-10-02 23:03 ` [PATCH net-next 00/23] rxrpc: Fixes and preparation for RxGK David Miller
2020-10-03 20:01 ` David Howells
2020-10-03 21:17   ` David Miller
2020-10-03 21:24   ` David Howells
2020-10-03 21:32     ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=160156428634.1728886.8717790947771496289.stgit@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=linux-afs@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).