414776621d
sk_validate_xmit_skb() and drivers depend on the sk member of
struct sk_buff to identify segments requiring encryption.
Any operation which removes or does not preserve the original TLS
socket such as skb_orphan() or skb_clone() will cause clear text
leaks.
Make the TCP socket underlying an offloaded TLS connection
mark all skbs as decrypted, if TLS TX is in offload mode.
Then in sk_validate_xmit_skb() catch skbs which have no socket
(or a socket with no validation) and decrypted flag set.
Note that CONFIG_SOCK_VALIDATE_XMIT, CONFIG_TLS_DEVICE and
sk->sk_validate_xmit_skb are slightly interchangeable right now,
they all imply TLS offload. The new checks are guarded by
CONFIG_TLS_DEVICE because that's the option guarding the
sk_buff->decrypted member.
Second, smaller issue with orphaning is that it breaks
the guarantee that packets will be delivered to device
queues in-order. All TLS offload drivers depend on that
scheduling property. This means skb_orphan_partial()'s
trick of preserving partial socket references will cause
issues in the drivers. We need a full orphan, and as a
result netem delay/throttling will cause all TLS offload
skbs to be dropped.
Reusing the sk_buff->decrypted flag also protects from
leaking clear text when incoming, decrypted skb is redirected
(e.g. by TC).
See commit
|
||
---|---|---|
.. | ||
caif | ||
device_drivers | ||
dsa | ||
mac80211_hwsim | ||
6lowpan.txt | ||
6pack.txt | ||
af_xdp.rst | ||
alias.rst | ||
altera_tse.txt | ||
arcnet-hardware.txt | ||
arcnet.txt | ||
atm.txt | ||
ax25.txt | ||
batman-adv.rst | ||
baycom.txt | ||
bonding.txt | ||
bridge.rst | ||
can_ucan_protocol.rst | ||
can.rst | ||
cdc_mbim.txt | ||
checksum-offloads.rst | ||
cops.txt | ||
cxacru-cf.py | ||
cxacru.txt | ||
dccp.txt | ||
dctcp.txt | ||
decnet.txt | ||
defza.txt | ||
devlink-health.txt | ||
devlink-info-versions.rst | ||
devlink-params-bnxt.txt | ||
devlink-params-mlxsw.txt | ||
devlink-params.txt | ||
dns_resolver.txt | ||
driver.txt | ||
eql.txt | ||
failover.rst | ||
fib_trie.txt | ||
filter.txt | ||
fore200e.txt | ||
framerelay.txt | ||
gen_stats.txt | ||
generic_netlink.txt | ||
generic-hdlc.txt | ||
gtp.txt | ||
hinic.txt | ||
ieee802154.rst | ||
ila.txt | ||
index.rst | ||
ip_dynaddr.txt | ||
ip-sysctl.txt | ||
ipddp.txt | ||
iphase.txt | ||
ipsec.txt | ||
ipv6.txt | ||
ipvlan.txt | ||
ipvs-sysctl.txt | ||
kapi.rst | ||
kcm.txt | ||
l2tp.txt | ||
lapb-module.txt | ||
ltpc.txt | ||
mac80211-auth-assoc-deauth.txt | ||
mac80211-injection.txt | ||
mpls-sysctl.txt | ||
msg_zerocopy.rst | ||
multiqueue.txt | ||
net_dim.txt | ||
net_failover.rst | ||
netconsole.txt | ||
netdev-FAQ.rst | ||
netdev-features.txt | ||
netdevices.txt | ||
netfilter-sysctl.txt | ||
netif-msg.txt | ||
nf_conntrack-sysctl.txt | ||
nf_flowtable.txt | ||
nfc.txt | ||
openvswitch.txt | ||
operstates.txt | ||
packet_mmap.txt | ||
phonet.txt | ||
phy.rst | ||
pktgen.txt | ||
PLIP.txt | ||
ppp_generic.txt | ||
proc_net_tcp.txt | ||
radiotap-headers.txt | ||
ray_cs.txt | ||
rds.txt | ||
regulatory.txt | ||
rxrpc.txt | ||
scaling.rst | ||
sctp.txt | ||
secid.txt | ||
seg6-sysctl.txt | ||
segmentation-offloads.rst | ||
sfp-phylink.rst | ||
skfp.txt | ||
snmp_counter.rst | ||
strparser.txt | ||
switchdev.txt | ||
tc-actions-env-rules.txt | ||
tcp-thin.txt | ||
team.txt | ||
timestamping.txt | ||
tls-offload-layers.svg | ||
tls-offload-reorder-bad.svg | ||
tls-offload-reorder-good.svg | ||
tls-offload.rst | ||
tls.rst | ||
tproxy.txt | ||
tuntap.txt | ||
udplite.txt | ||
vrf.txt | ||
vxlan.txt | ||
x25-iface.txt | ||
x25.txt | ||
xfrm_device.txt | ||
xfrm_proc.txt | ||
xfrm_sync.txt | ||
xfrm_sysctl.txt | ||
z8530book.rst | ||
z8530drv.txt |