linux/Documentation/networking
Jakub Kicinski 414776621d net/tls: prevent skb_orphan() from leaking TLS plain text with offload
sk_validate_xmit_skb() and drivers depend on the sk member of
struct sk_buff to identify segments requiring encryption.
Any operation which removes or does not preserve the original TLS
socket such as skb_orphan() or skb_clone() will cause clear text
leaks.

Make the TCP socket underlying an offloaded TLS connection
mark all skbs as decrypted, if TLS TX is in offload mode.
Then in sk_validate_xmit_skb() catch skbs which have no socket
(or a socket with no validation) and decrypted flag set.

Note that CONFIG_SOCK_VALIDATE_XMIT, CONFIG_TLS_DEVICE and
sk->sk_validate_xmit_skb are slightly interchangeable right now,
they all imply TLS offload. The new checks are guarded by
CONFIG_TLS_DEVICE because that's the option guarding the
sk_buff->decrypted member.

Second, smaller issue with orphaning is that it breaks
the guarantee that packets will be delivered to device
queues in-order. All TLS offload drivers depend on that
scheduling property. This means skb_orphan_partial()'s
trick of preserving partial socket references will cause
issues in the drivers. We need a full orphan, and as a
result netem delay/throttling will cause all TLS offload
skbs to be dropped.

Reusing the sk_buff->decrypted flag also protects from
leaking clear text when incoming, decrypted skb is redirected
(e.g. by TC).

See commit 0608c69c9a ("bpf: sk_msg, sock{map|hash} redirect
through ULP") for justification why the internal flag is safe.
The only location which could leak the flag in is tcp_bpf_sendmsg(),
which is taken care of by clearing the previously unused bit.

v2:
 - remove superfluous decrypted mark copy (Willem);
 - remove the stale doc entry (Boris);
 - rely entirely on EOR marking to prevent coalescing (Boris);
 - use an internal sendpages flag instead of marking the socket
   (Boris).
v3 (Willem):
 - reorganize the can_skb_orphan_partial() condition;
 - fix the flag leak-in through tcp_bpf_sendmsg.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-08-08 22:39:35 -07:00
..
caif
device_drivers Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
mac80211_hwsim mac80211_hwsim: suggest nl80211 instead of wext driver in documentation 2016-10-17 11:38:01 +02:00
6lowpan.txt docs: networking: fix minor typos in various documentation files 2018-06-04 17:21:28 -04:00
6pack.txt
af_xdp.rst xsk: sample kernel code is now in libbpf 2019-06-24 18:18:30 -07:00
alias.rst docs: networking: Convert alias.txt to rst 2018-07-18 15:28:27 -07:00
altera_tse.txt Documentation: networking: fix spelling mistakes 2016-04-28 14:21:13 -04:00
arcnet-hardware.txt
arcnet.txt
atm.txt
ax25.txt
batman-adv.rst batman-adv: Drop documentation about sysfs files 2019-03-25 09:31:35 +01:00
baycom.txt
bonding.txt bonding: add documentation for peer_notif_delay 2019-07-13 19:29:21 -07:00
bridge.rst docs: networking: Convert bridge.txt to rst 2018-07-18 15:28:27 -07:00
can_ucan_protocol.rst can: ucan: add driver for Theobroma Systems UCAN devices 2018-07-27 10:40:16 +02:00
can.rst docs: can.rst: fix a footnote reference 2018-06-15 12:48:59 -03:00
cdc_mbim.txt Documentation: fix usb related doc refs 2017-10-12 11:15:48 -06:00
checksum-offloads.rst doc: networking: shorten the main title in offloads documents 2019-01-07 15:27:51 -07:00
cops.txt
cxacru-cf.py
cxacru.txt
dccp.txt
dctcp.txt tcp: add rfc3168, section 6.1.1.1. fallback 2015-05-19 16:53:37 -04:00
decnet.txt Documentation: decnet: remove reference to CONFIG_DECNET_ROUTE_FWMARK 2019-04-21 11:25:11 -07:00
defza.txt FDDI: defza: Add support for DEC FDDIcontroller 700 TURBOchannel adapter 2018-10-15 21:46:06 -07:00
devlink-health.txt devlink: Add Documentation/networking/devlink-health.txt 2019-02-07 10:34:29 -08:00
devlink-info-versions.rst Documentation: networking: devlink-info-versions: Add fw.psid 2019-04-08 16:28:01 -07:00
devlink-params-bnxt.txt devlink: Add Documentation/networking/devlink-params-bnxt.txt 2018-10-04 13:49:43 -07:00
devlink-params-mlxsw.txt mlxsw: spectrum: add "acl_region_rehash_interval" devlink param 2019-02-08 15:02:50 -08:00
devlink-params.txt devlink: Add 'fw_load_policy' generic parameter 2018-12-03 13:55:43 -08:00
dns_resolver.txt doc: ReSTify keys-request-key.txt 2017-05-18 10:33:51 -06:00
driver.txt
eql.txt
failover.rst net: Introduce generic failover module 2018-05-28 22:59:54 -04:00
fib_trie.txt
filter.txt docs/bpf: minor casing/punctuation fixes 2019-03-02 00:40:04 +01:00
fore200e.txt Doc: Change wikipedia's URL from http to https 2015-06-22 10:14:05 -06:00
framerelay.txt
gen_stats.txt net: sched: do not acquire qdisc spinlock in qdisc/class stats dump 2016-06-07 16:37:14 -07:00
generic_netlink.txt
generic-hdlc.txt
gtp.txt docs: networking: fix minor typos in various documentation files 2018-06-04 17:21:28 -04:00
hinic.txt net-next/hinic: Initialize hw interface 2017-08-22 10:48:52 -07:00
ieee802154.rst doc: net: ieee802154: introduce IEEE 802.15.4 subsystem doc in rst style 2019-03-01 17:03:00 -08:00
ila.txt docs: networking: fix minor typos in various documentation files 2018-06-04 17:21:28 -04:00
index.rst Documentation: add TLS offload documentation 2019-05-22 12:18:20 -07:00
ip_dynaddr.txt
ip-sysctl.txt docs: admin-guide: move sysctl directory to it 2019-07-15 11:03:01 -03:00
ipddp.txt
iphase.txt
ipsec.txt docs: networking: fix minor typos in various documentation files 2018-06-04 17:21:28 -04:00
ipv6.txt
ipvlan.txt docs: networking: fix minor typos in various documentation files 2018-06-04 17:21:28 -04:00
ipvs-sysctl.txt ipvs: Document sysctl pmtu_disc 2017-03-16 13:33:39 +01:00
kapi.rst sfp: add documentation for kernel APIs 2017-12-05 11:16:19 -05:00
kcm.txt docs: networking: fix minor typos in various documentation files 2018-06-04 17:21:28 -04:00
l2tp.txt net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_* 2016-12-10 23:29:11 -05:00
lapb-module.txt
ltpc.txt
mac80211-auth-assoc-deauth.txt
mac80211-injection.txt mac80211: document only injected *_RADIOTAP_* flags 2016-04-05 10:48:57 +02:00
mpls-sysctl.txt Documentation/networking: fix default_ttl typo in mpls-sysctl 2019-07-01 10:41:33 -07:00
msg_zerocopy.rst doc: fix link to MSG_ZEROCOPY patchset 2019-03-18 09:50:21 -07:00
multiqueue.txt
net_dim.txt Documentation/networking: Add net DIM documentation 2018-03-22 14:50:44 -04:00
net_failover.rst docs: networking: Fix failover build warnings 2018-07-16 11:23:54 -07:00
netconsole.txt docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
netdev-FAQ.rst Documentation: fix netdev-FAQ.rst markup warning 2019-05-01 09:12:51 -04:00
netdev-features.txt docs-networking: fix typo in define 2018-11-21 10:30:30 -08:00
netdevices.txt net: remove NETDEV_TX_LOCKED support 2016-04-26 15:53:05 -04:00
netfilter-sysctl.txt netfilter: allow logging from non-init namespaces 2017-02-02 14:31:58 +01:00
netif-msg.txt
nf_conntrack-sysctl.txt netfilter: conntrack: register sysctl table for gre 2018-12-21 00:51:25 +01:00
nf_flowtable.txt netfilter: nf_flowtable: remove duplicated transition in diagram 2019-03-19 15:02:52 +01:00
nfc.txt
openvswitch.txt openvswitch: Add support for unique flow IDs. 2015-01-26 15:45:50 -08:00
operstates.txt Documentation: bring operstate documentation up-to-date 2019-02-11 12:38:51 -08:00
packet_mmap.txt doc: remove out of date links and info from packet mmap 2018-03-16 10:48:52 -04:00
phonet.txt
phy.rst doc: phy: document some PHY_INTERFACE_MODE_xxx settings 2019-06-23 11:35:06 -07:00
pktgen.txt Documentation/pktgen: Clearify how-to use pktgen samples 2018-01-24 15:03:36 -05:00
PLIP.txt
ppp_generic.txt ppp: remove the PPPIOCDETACH ioctl 2018-05-24 22:55:07 -04:00
proc_net_tcp.txt
radiotap-headers.txt
ray_cs.txt
rds.txt linux-next: DOC: RDS: Fix a typo in rds.txt 2019-06-12 09:56:29 -07:00
regulatory.txt cfg80211: reg: remove support for built-in regdb 2017-10-11 13:18:51 +02:00
rxrpc.txt rxrpc: Allow the kernel to mark a call as being non-interruptible 2019-05-16 16:25:20 +01:00
scaling.rst doc: networking: integrate scaling document into doc tree 2019-01-20 19:10:49 -07:00
sctp.txt
secid.txt
seg6-sysctl.txt ipv6: sr: add documentation file for per-interface sysctls 2016-11-09 20:40:06 -05:00
segmentation-offloads.rst networking: : fix typos in code comments 2019-05-20 20:24:34 -04:00
sfp-phylink.rst net: phylink: Add struct phylink_config to PHYLINK API 2019-05-29 21:48:53 -07:00
skfp.txt
snmp_counter.rst networking: fix snmp_counter.rst Doc. Warnings 2019-03-17 19:37:08 -07:00
strparser.txt strparser: Corrected typo in documentation. 2018-06-24 16:40:20 +09:00
switchdev.txt switchdev: Remove unused transaction item queue 2019-03-01 21:35:19 -08:00
tc-actions-env-rules.txt net: sched: use counter to break reclassify loops 2015-05-13 15:08:14 -04:00
tcp-thin.txt
team.txt
timestamping.txt docs: ptp.txt: convert to ReST and move to driver-api 2019-06-14 14:31:27 -06:00
tls-offload-layers.svg Documentation: add TLS offload documentation 2019-05-22 12:18:20 -07:00
tls-offload-reorder-bad.svg Documentation: add TLS offload documentation 2019-05-22 12:18:20 -07:00
tls-offload-reorder-good.svg Documentation: add TLS offload documentation 2019-05-22 12:18:20 -07:00
tls-offload.rst net/tls: prevent skb_orphan() from leaking TLS plain text with offload 2019-08-08 22:39:35 -07:00
tls.rst Documentation: add TLS offload documentation 2019-05-22 12:18:20 -07:00
tproxy.txt netfilter: doc: Add nf_tables part in tproxy.txt 2018-08-16 19:37:07 +02:00
tuntap.txt net: docs: replace IPX in tuntap documentation 2019-08-08 18:06:53 -07:00
udplite.txt Doc: networking: Fix URL for wiki.wireshark.org in udplite.txt 2015-06-12 14:21:29 -07:00
vrf.txt net: provide a sysctl raw_l3mdev_accept for raw socket lookup with VRFs 2018-11-07 16:12:38 -08:00
vxlan.txt documentation: bring vxlan documentation more up-to-date 2015-08-12 16:46:30 -07:00
x25-iface.txt
x25.txt
xfrm_device.txt net: switch secpath to use skb extension infrastructure 2018-12-19 11:21:38 -08:00
xfrm_proc.txt xfrm: update the stats documentation 2017-12-22 06:45:48 +01:00
xfrm_sync.txt Documentation: networking: fix spelling mistakes 2016-04-28 14:21:13 -04:00
xfrm_sysctl.txt
z8530book.rst docs-rst: convert scsi DocBook to ReST 2017-05-16 08:44:15 -03:00
z8530drv.txt