From: Stefan Metzmacher Date: Wed, 1 Feb 2023 15:21:41 +0000 (+0100) Subject: cifs: don't try to use rdma offload on encrypted connections X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=3891f6c7655a39065e44980f51ba46bb32be3133;p=linux.git cifs: don't try to use rdma offload on encrypted connections The aim of using encryption on a connection is to keep the data confidential, so we must not use plaintext rdma offload for that data! It seems that current windows servers and ksmbd would allow this, but that's no reason to expose the users data in plaintext! And servers hopefully reject this in future. Note modern windows servers support signed or encrypted offload, see MS-SMB2 2.2.3.1.6 SMB2_RDMA_TRANSFORM_CAPABILITIES, but we don't support that yet. Signed-off-by: Stefan Metzmacher Cc: Steve French Cc: Tom Talpey Cc: Long Li Cc: Namjae Jeon Cc: David Howells Cc: linux-cifs@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Steve French --- diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 6a4d621241dd5..c5cb2639b3f19 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -4081,6 +4081,10 @@ static inline bool smb3_use_rdma_offload(struct cifs_io_parms *io_parms) if (server->sign) return false; + /* we don't support encrypted offload yet */ + if (smb3_encryption_required(tcon)) + return false; + /* offload also has its overhead, so only do it if desired */ if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold) return false;