lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 7 Jun 2021 21:07:02 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Christoph Hellwig <hch@...radead.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        David Sterba <dsterba@...e.com>,
        Miklos Szeredi <miklos@...redi.hu>,
        Anton Altaparmakov <anton@...era.com>,
        David Howells <dhowells@...hat.com>,
        Matthew Wilcox <willy@...radead.org>,
        Pavel Begunkov <asml.silence@...il.com>
Subject: Re: [RFC][PATCHSET] iov_iter work

On Mon, Jun 07, 2021 at 04:59:10PM +0100, Christoph Hellwig wrote:
> On Mon, Jun 07, 2021 at 02:43:40PM +0000, Al Viro wrote:
> > > It can't even happen for the legacy architectures, given that the
> > > remaining set_fs() areas are small and never do iov_iter based I/O.
> > 
> > 	Umm...  It's a bit trickier than that - e.g. a kernel thread on
> > a CONFIG_SET_FS target passing a kernel pointer to vfs_read() could've
> > ended up with new_sync_write() hitting iov_iter_init().
> 
> Yes, that is a possbility, but rather unlikely - it would require an
> arch-specific thread using iov_iter_init.  iov_iter_init instances are
> rather fewer, and only very few in arch code.

Doesn't have to be in arch code itself (see above re vfs_read()/vfs_write()),
but AFAICS it doesn't happen.

Anyway, what I'm going to do is
void iov_iter_init(struct iov_iter *i, unsigned int direction,
                        const struct iovec *iov, unsigned long nr_segs,
			size_t count)
{
	WARN_ON(direction & ~(READ | WRITE));

        if (WARN_ON(uaccess_kernel())) {
		// shouldn't be any such callers left...
		iov_iter_kvec(i, direction, (const struct kvec *)iov,
			      nr_segs, count);
		return;
	}
	*i = (struct iov_iter) {
		.iter_type = ITER_IOVEC,
		.data_source = direction,
		.iov = iov,
		.nr_segs = nr_segs,
		.iov_offset = 0,
		.count = count
	};
}

and in a cycle or two replace that if (WARN_ON()) into flat BUG_ON()

Linus, can you live with that variant?  AFAICS, we really should have
no such callers left on any targets.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ