linux-sg2042/Documentation/networking
Jakub Kicinski 414776621d net/tls: prevent skb_orphan() from leaking TLS plain text with offload
sk_validate_xmit_skb() and drivers depend on the sk member of
struct sk_buff to identify segments requiring encryption.
Any operation which removes or does not preserve the original TLS
socket such as skb_orphan() or skb_clone() will cause clear text
leaks.

Make the TCP socket underlying an offloaded TLS connection
mark all skbs as decrypted, if TLS TX is in offload mode.
Then in sk_validate_xmit_skb() catch skbs which have no socket
(or a socket with no validation) and decrypted flag set.

Note that CONFIG_SOCK_VALIDATE_XMIT, CONFIG_TLS_DEVICE and
sk->sk_validate_xmit_skb are slightly interchangeable right now,
they all imply TLS offload. The new checks are guarded by
CONFIG_TLS_DEVICE because that's the option guarding the
sk_buff->decrypted member.

Second, smaller issue with orphaning is that it breaks
the guarantee that packets will be delivered to device
queues in-order. All TLS offload drivers depend on that
scheduling property. This means skb_orphan_partial()'s
trick of preserving partial socket references will cause
issues in the drivers. We need a full orphan, and as a
result netem delay/throttling will cause all TLS offload
skbs to be dropped.

Reusing the sk_buff->decrypted flag also protects from
leaking clear text when incoming, decrypted skb is redirected
(e.g. by TC).

See commit 0608c69c9a ("bpf: sk_msg, sock{map|hash} redirect
through ULP") for justification why the internal flag is safe.
The only location which could leak the flag in is tcp_bpf_sendmsg(),
which is taken care of by clearing the previously unused bit.

v2:
 - remove superfluous decrypted mark copy (Willem);
 - remove the stale doc entry (Boris);
 - rely entirely on EOR marking to prevent coalescing (Boris);
 - use an internal sendpages flag instead of marking the socket
   (Boris).
v3 (Willem):
 - reorganize the can_skb_orphan_partial() condition;
 - fix the flag leak-in through tcp_bpf_sendmsg.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-08-08 22:39:35 -07:00
..
caif
device_drivers Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
mac80211_hwsim
6lowpan.txt
6pack.txt
PLIP.txt
af_xdp.rst xsk: sample kernel code is now in libbpf 2019-06-24 18:18:30 -07:00
alias.rst
altera_tse.txt
arcnet-hardware.txt
arcnet.txt
atm.txt
ax25.txt
batman-adv.rst
baycom.txt
bonding.txt bonding: add documentation for peer_notif_delay 2019-07-13 19:29:21 -07:00
bridge.rst
can.rst
can_ucan_protocol.rst
cdc_mbim.txt
checksum-offloads.rst
cops.txt
cxacru-cf.py
cxacru.txt
dccp.txt
dctcp.txt
decnet.txt
defza.txt
devlink-health.txt
devlink-info-versions.rst
devlink-params-bnxt.txt
devlink-params-mlxsw.txt
devlink-params.txt
dns_resolver.txt
driver.txt
eql.txt
failover.rst
fib_trie.txt
filter.txt
fore200e.txt
framerelay.txt
gen_stats.txt
generic-hdlc.txt
generic_netlink.txt
gtp.txt
hinic.txt
ieee802154.rst
ila.txt
index.rst
ip-sysctl.txt docs: admin-guide: move sysctl directory to it 2019-07-15 11:03:01 -03:00
ip_dynaddr.txt
ipddp.txt
iphase.txt
ipsec.txt
ipv6.txt
ipvlan.txt
ipvs-sysctl.txt
kapi.rst
kcm.txt
l2tp.txt
lapb-module.txt
ltpc.txt
mac80211-auth-assoc-deauth.txt
mac80211-injection.txt
mpls-sysctl.txt Documentation/networking: fix default_ttl typo in mpls-sysctl 2019-07-01 10:41:33 -07:00
msg_zerocopy.rst
multiqueue.txt
net_dim.txt
net_failover.rst
netconsole.txt
netdev-FAQ.rst
netdev-features.txt
netdevices.txt
netfilter-sysctl.txt
netif-msg.txt
nf_conntrack-sysctl.txt
nf_flowtable.txt
nfc.txt
openvswitch.txt
operstates.txt
packet_mmap.txt
phonet.txt
phy.rst doc: phy: document some PHY_INTERFACE_MODE_xxx settings 2019-06-23 11:35:06 -07:00
pktgen.txt
ppp_generic.txt
proc_net_tcp.txt
radiotap-headers.txt
ray_cs.txt
rds.txt
regulatory.txt
rxrpc.txt
scaling.rst
sctp.txt
secid.txt
seg6-sysctl.txt
segmentation-offloads.rst
sfp-phylink.rst
skfp.txt
snmp_counter.rst
strparser.txt
switchdev.txt
tc-actions-env-rules.txt
tcp-thin.txt
team.txt
timestamping.txt
tls-offload-layers.svg
tls-offload-reorder-bad.svg
tls-offload-reorder-good.svg
tls-offload.rst net/tls: prevent skb_orphan() from leaking TLS plain text with offload 2019-08-08 22:39:35 -07:00
tls.rst
tproxy.txt
tuntap.txt net: docs: replace IPX in tuntap documentation 2019-08-08 18:06:53 -07:00
udplite.txt
vrf.txt
vxlan.txt
x25-iface.txt
x25.txt
xfrm_device.txt
xfrm_proc.txt
xfrm_sync.txt
xfrm_sysctl.txt
z8530book.rst
z8530drv.txt