From patchwork Tue Mar 7 16:59:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 1753421 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=linux-cifs-owner@vger.kernel.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.a=rsa-sha256 header.s=korg header.b=eg3slsrz; dkim-atps=neutral Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4PWNM6182qz1yXD for ; Wed, 8 Mar 2023 04:52:34 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232312AbjCGRwc (ORCPT ); Tue, 7 Mar 2023 12:52:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232276AbjCGRv7 (ORCPT ); Tue, 7 Mar 2023 12:51:59 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 986A6ACE38; Tue, 7 Mar 2023 09:46:35 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 6DBACB819C1; Tue, 7 Mar 2023 17:46:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB081C4339E; Tue, 7 Mar 2023 17:46:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1678211172; bh=9aSMdrE6eO87rmSUfXuG5Ak7lUktr+u5yI/oZLiPlTs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eg3slsrzSTRpjEFyXN+aS3jZlnR5L1UaMdSoSrGXyW+gmBUAEqE6fObn1GUBE3T2p iYIzIix24lq+k1cHoFQiT02Oqf1hcCKEpfbp7E/wfXqPF1C37cOmGNzTjRg/OSonyV CRYCRGgcztawonYdBBcu4QFq8wGdoxyUzVE5kKkI= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Stefan Metzmacher , Steve French , Tom Talpey , Long Li , Namjae Jeon , David Howells , linux-cifs@vger.kernel.org, Steve French Subject: [PATCH 6.2 0776/1001] cifs: dont try to use rdma offload on encrypted connections Date: Tue, 7 Mar 2023 17:59:08 +0100 Message-Id: <20230307170055.423579951@linuxfoundation.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230307170022.094103862@linuxfoundation.org> References: <20230307170022.094103862@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org From: Stefan Metzmacher commit 3891f6c7655a39065e44980f51ba46bb32be3133 upstream. The aim of using encryption on a connection is to keep the data confidential, so we must not use plaintext rdma offload for that data! It seems that current windows servers and ksmbd would allow this, but that's no reason to expose the users data in plaintext! And servers hopefully reject this in future. Note modern windows servers support signed or encrypted offload, see MS-SMB2 2.2.3.1.6 SMB2_RDMA_TRANSFORM_CAPABILITIES, but we don't support that yet. Signed-off-by: Stefan Metzmacher Cc: Steve French Cc: Tom Talpey Cc: Long Li Cc: Namjae Jeon Cc: David Howells Cc: linux-cifs@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman --- fs/cifs/smb2pdu.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -4081,6 +4081,10 @@ static inline bool smb3_use_rdma_offload if (server->sign) return false; + /* we don't support encrypted offload yet */ + if (smb3_encryption_required(tcon)) + return false; + /* offload also has its overhead, so only do it if desired */ if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold) return false;