diff mbox series

[v2,3/3] cifs: don't try to use rdma offload on encrypted connections

Message ID cd26594054b0c291e01b1da20f974245d3f494c3.1675264648.git.metze@samba.org (mailing list archive)
State New, archived
Headers show
Series avoid plaintext rdma offload if encryption is required | expand

Commit Message

Stefan Metzmacher Feb. 1, 2023, 3:21 p.m. UTC
The aim of using encryption on a connection is to keep
the data confidential, so we must not use plaintext rdma offload
for that data!

It seems that current windows servers and ksmbd would allow
this, but that's no reason to expose the users data in plaintext!
And servers hopefully reject this in future.

Note modern windows servers support signed or encrypted offload,
support that yet.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Cc: Steve French <smfrench@gmail.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: Long Li <longli@microsoft.com>
Cc: Namjae Jeon <linkinjeon@kernel.org>
Cc: David Howells <dhowells@redhat.com>
Cc: linux-cifs@vger.kernel.org
Cc: stable@vger.kernel.org
 fs/cifs/smb2pdu.c | 4 ++++
 1 file changed, 4 insertions(+)
diff mbox series


diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 6a4d621241dd..c5cb2639b3f1 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -4081,6 +4081,10 @@  static inline bool smb3_use_rdma_offload(struct cifs_io_parms *io_parms)
 	if (server->sign)
 		return false;
+	/* we don't support encrypted offload yet */
+	if (smb3_encryption_required(tcon))
+		return false;
 	/* offload also has its overhead, so only do it if desired */
 	if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold)
 		return false;