Linux cryptographic layer development
 help / color / mirror / Atom feed
From: Scott Guo <scott_gzh@163.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: davem@davemloft.net, linux-crypto@vger.kernel.org,
	Scott GUO <scottzhguo@tencent.com>,
	netdev@vger.kernel.org
Subject: Re: [PATCH 0/2] authencesn: Refactor in-place decryption
Date: Mon, 18 May 2026 14:48:39 +0800	[thread overview]
Message-ID: <4fb33a60-7e62-4c73-b82a-e990dea7212d@163.com> (raw)
In-Reply-To: <agqEvY4xJYjbZVDI@gondor.apana.org.au>

Then the problem comes down to whether ESP will be able to identify all 
the path and mitigate all of it.

I am also wondering whether this in-place crypto + SG list method would 
have simular issue with other crypto such as SKCipher. Copy Failed, 
Dirty Frag and Fragnesia is ultimately an attack that craft specific 
bytes with encryption and decryption. Attacker would potentially be able 
to archieve a collision attack on say the record for root in passwd file 
and use it on any machine where their passwd files are in a simular format.

在 2026/5/18 11:17, Herbert Xu 写道:
> On Mon, May 18, 2026 at 10:55:38AM +0800, Scott Guo wrote:
>> BTW, I am wondering whether we should disable inplace decryption for now? I
>> think that to mitigate vulnerabilities like Fragnesia, maybe something has
>> to be done on the memory side. Maybe something like forcing a pagefault when
>> trying to write to these pages?
> 
> I think stopping ESP from putting frags into the dst SG list would
> be prudent until the whole stack has been audited.
> 
> Alternatively switch from the black-list to a white-list approach
> and only allow ESP to do in-place processing of packets from a
> source that's known to be writable.
> 
> Cheers,


  reply	other threads:[~2026-05-18  6:49 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-15  8:36 [PATCH 0/2] authencesn: Refactor in-place decryption scott_gzh
2026-05-15  8:36 ` [PATCH 1/2] scatterlist: Introduce sglist_shift_{left,right} helpers scott_gzh
2026-05-15  8:36 ` [PATCH 2/2] authencesn: Refactor inplace-decryption with sglist shift helper scott_gzh
2026-05-15 10:41 ` [PATCH 0/2] authencesn: Refactor in-place decryption Scott Guo
2026-05-15 11:01   ` Scott Guo
2026-05-18  2:33     ` Herbert Xu
2026-05-18  2:55       ` Scott Guo
2026-05-18  3:17         ` Herbert Xu
2026-05-18  6:48           ` Scott Guo [this message]
2026-05-18  8:21             ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4fb33a60-7e62-4c73-b82a-e990dea7212d@163.com \
    --to=scott_gzh@163.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=scottzhguo@tencent.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox