From: Scott Guo <scott_gzh@163.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: davem@davemloft.net, linux-crypto@vger.kernel.org,
Scott GUO <scottzhguo@tencent.com>,
netdev@vger.kernel.org
Subject: Re: [PATCH 0/2] authencesn: Refactor in-place decryption
Date: Mon, 18 May 2026 14:48:39 +0800 [thread overview]
Message-ID: <4fb33a60-7e62-4c73-b82a-e990dea7212d@163.com> (raw)
In-Reply-To: <agqEvY4xJYjbZVDI@gondor.apana.org.au>
Then the problem comes down to whether ESP will be able to identify all
the path and mitigate all of it.
I am also wondering whether this in-place crypto + SG list method would
have simular issue with other crypto such as SKCipher. Copy Failed,
Dirty Frag and Fragnesia is ultimately an attack that craft specific
bytes with encryption and decryption. Attacker would potentially be able
to archieve a collision attack on say the record for root in passwd file
and use it on any machine where their passwd files are in a simular format.
在 2026/5/18 11:17, Herbert Xu 写道:
> On Mon, May 18, 2026 at 10:55:38AM +0800, Scott Guo wrote:
>> BTW, I am wondering whether we should disable inplace decryption for now? I
>> think that to mitigate vulnerabilities like Fragnesia, maybe something has
>> to be done on the memory side. Maybe something like forcing a pagefault when
>> trying to write to these pages?
>
> I think stopping ESP from putting frags into the dst SG list would
> be prudent until the whole stack has been audited.
>
> Alternatively switch from the black-list to a white-list approach
> and only allow ESP to do in-place processing of packets from a
> source that's known to be writable.
>
> Cheers,
next prev parent reply other threads:[~2026-05-18 6:49 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 8:36 [PATCH 0/2] authencesn: Refactor in-place decryption scott_gzh
2026-05-15 8:36 ` [PATCH 1/2] scatterlist: Introduce sglist_shift_{left,right} helpers scott_gzh
2026-05-15 8:36 ` [PATCH 2/2] authencesn: Refactor inplace-decryption with sglist shift helper scott_gzh
2026-05-15 10:41 ` [PATCH 0/2] authencesn: Refactor in-place decryption Scott Guo
2026-05-15 11:01 ` Scott Guo
2026-05-18 2:33 ` Herbert Xu
2026-05-18 2:55 ` Scott Guo
2026-05-18 3:17 ` Herbert Xu
2026-05-18 6:48 ` Scott Guo [this message]
2026-05-18 8:21 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4fb33a60-7e62-4c73-b82a-e990dea7212d@163.com \
--to=scott_gzh@163.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=scottzhguo@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox