search for: tls_requir

Displaying 12 results from an estimated 12 matches for "tls_requir".

Did you mean: tls_require
2019 Sep 16
2
[LIBNBD SECURITY PATCH 0/1] NBD Protocol Downgrade Attack in libnbd
...14 Fixed: 2019-09-16 Published: 2019-09-16 There is no CVE number assigned for this issue yet, but the bug is being categorized and processed by Red Hat's security team which may result in a CVE being published later. Description ----------- Libnbd includes the method nbd_set_tls(h, LIBNBD_TLS_REQUIRE) which is documented to let a client refuse to connect to a server that is not using TLS encryption. However, if the server uses the oldstyle protocol, a flaw in libnbd meant that the client would proceed with an unencrypted connection without warning. An attacker, perhaps acting as a man-in-the-...
2014 Nov 19
5
[PATCH v2 0/3] nouveau: support for custom VRAM domains
This series is to allow NVIDIA chips with shared memory to operate more efficiently (and to operate at all once we disable VRAM from the kernel driver) by allowing nouveau_screen to specify a domain to use for objects originally allocated into VRAM. If the domain is not overridden, the default NOUVEAU_BO_VRAM is used. A NV_VRAM_DOMAIN() macro is then introduced to be used in place of
2014 Nov 19
0
[PATCH v2 2/3] nvc0: use NV_VRAM_DOMAIN() macro
...*nvc0, struct nouveau_pushbuf *push = nvc0->base.pushbuf; if (prog && prog->need_tls) { - const uint32_t flags = NOUVEAU_BO_VRAM | NOUVEAU_BO_RDWR; + const uint32_t flags = NV_VRAM_DOMAIN(&nvc0->screen->base) | NOUVEAU_BO_RDWR; if (!nvc0->state.tls_required) BCTX_REFN_bo(nvc0->bufctx_3d, TLS, flags, nvc0->screen->tls); nvc0->state.tls_required |= 1 << stage; diff --git a/src/gallium/drivers/nouveau/nvc0/nvc0_state_validate.c b/src/gallium/drivers/nouveau/nvc0/nvc0_state_validate.c index 25a3232b48d9..696eacaa1e20 1...
2014 Nov 19
1
[PATCH v2 2/3] nvc0: use NV_VRAM_DOMAIN() macro
...ushbuf *push = nvc0->base.pushbuf; > > if (prog && prog->need_tls) { > - const uint32_t flags = NOUVEAU_BO_VRAM | NOUVEAU_BO_RDWR; > + const uint32_t flags = NV_VRAM_DOMAIN(&nvc0->screen->base) | NOUVEAU_BO_RDWR; > if (!nvc0->state.tls_required) > BCTX_REFN_bo(nvc0->bufctx_3d, TLS, flags, nvc0->screen->tls); > nvc0->state.tls_required |= 1 << stage; > diff --git a/src/gallium/drivers/nouveau/nvc0/nvc0_state_validate.c b/src/gallium/drivers/nouveau/nvc0/nvc0_state_validate.c > index 25a323...
2014 Nov 19
1
[PATCH v2 2/3] nvc0: use NV_VRAM_DOMAIN() macro
...eau_pushbuf *push = nvc0->base.pushbuf; > > if (prog && prog->need_tls) { > - const uint32_t flags = NOUVEAU_BO_VRAM | NOUVEAU_BO_RDWR; > + const uint32_t flags = NV_VRAM_DOMAIN(&nvc0->screen->base) | NOUVEAU_BO_RDWR; > if (!nvc0->state.tls_required) > BCTX_REFN_bo(nvc0->bufctx_3d, TLS, flags, nvc0->screen->tls); > nvc0->state.tls_required |= 1 << stage; > diff --git a/src/gallium/drivers/nouveau/nvc0/nvc0_state_validate.c b/src/gallium/drivers/nouveau/nvc0/nvc0_state_validate.c > index 25a3232b...
2020 Aug 08
1
Re: [nbdkit PATCH 3/3] tlsdummy: New filter
...port os +h.set_export_name ("hello") +h.connect_unix (os.environ["sock"]) +assert h.get_size () == 512 +assert h.pread (5, 0) == b"dummy" +' + +# Encrypted client sees desired volumes +nbdsh -c ' +import os +h.set_export_name ("hello") +h.set_tls (nbd.TLS_REQUIRE) +h.set_tls_psk_file ("keys.psk") +h.set_tls_username ("qemu") +h.connect_unix (os.environ["sock"]) +assert h.get_size () == 6 +assert h.pread (5, 0) == b"hello" +' -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Vir...
2014 Oct 27
4
[PATCH 0/3] nouveau: support for custom VRAM domains
This series is to allow NVIDIA chips with shared memory to operate more efficiently (and to operate at all once we disable VRAM from the kernel driver) by allowing nouveau_screen to specify a domain to use for objects originally allocated into VRAM. If the domain is not overridden, the default NOUVEAU_BO_VRAM is used. A NV_VRAM_DOMAIN() macro is then introduced to be used in place of
2015 Jun 19
5
[PATCH v3 0/2] nouveau: support for custom VRAM domains
New revision of this patchset that prevents VRAM objects from being allocated on VRAM-less systems like Tegra. This is required for Mesa to work on such systems. Changes since v2: - Use vram_size to detect systems without VRAM and set the correct domain instead of expecting each chip to set its domain explicitly. Alexandre Courbot (2): nouveau: support for custom VRAM domains nvc0: use
2020 Sep 07
4
[libnbd PATCH v2 0/3] Improve type-safety of ocaml/golang getters
Well, the golang changes (patch 1 and 2/3 of v1) were already committed, all that was left was the OCaml changes. I'm a lot happier with how things turned out with an UNKNOWN constructor in the OCaml variants. Eric Blake (3): tests: Enhance coverage of enum/flag range checking ocaml: Support unknown values for Enum/Flags ocaml: Typesafe returns for REnum/RFlags generator/OCaml.ml
2020 Aug 07
7
[nbdkit PATCH 0/3] Content differentiation during --tls=on
Patch 3 still needs tests added, but it is at least working from my simple command line tests. Eric Blake (3): server: Implement nbdkit_is_tls for use during .open server: Expose final thread_model to filter's .get_ready tlsdummy: New filter docs/nbdkit-filter.pod | 21 +- docs/nbdkit-plugin.pod | 34 ++- docs/nbdkit-tls.pod
2020 Aug 27
10
[nbdkit PATCH v2 0/8] exportname filter
This is a revision of my .default_export work, plus new work on .export_descriptions and a new exportname filter. I think it is now ready to check in. Things I'd still like in 1.22: - the file plugin should implement .list_exports (patch already posted, but it needs rebasing on this series) - the ext2 filter should override .list_exports when in exportname mode - the nbd plugin should be
2020 Sep 21
18
[nbdkit PATCH v3 00/14] exportname filter
It's been several weeks since I posted v2 (I got distracted by improving libnbd to better test things, which in turn surfaced some major memory leak problems in nbdsh that are now fixed). Many of the patches are minor rebases from v2, with the biggest changes being fallout from: - patch 2: rename nbdkit_add_default_export to nbdkit_use_default_export - overall: this missed 1.22, so update