| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 May 2022 17:21:09 -0600
From: Jens Axboe <axboe@...nel.dk>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: tytso@....edu, hch@....de, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] random: convert to using fops->read_iter()
On 5/19/22 5:12 PM, Jason A. Donenfeld wrote:
> Hi Jens,
>
> On Thu, May 19, 2022 at 01:31:32PM -0600, Jens Axboe wrote:
>> for (;;) {
>> chacha20_block(chacha_state, output);
>> if (unlikely(chacha_state[12] == 0))
>> ++chacha_state[13];
>>
>> block_len = min_t(size_t, len, CHACHA_BLOCK_SIZE);
>> - left = copy_to_user(ubuf, output, block_len);
>> - if (left) {
>> - ret += block_len - left;
>> + block_len = copy_to_iter(output, block_len, to);
>> + if (!block_len)
>> break;
>> - }
>>
>> - ubuf += block_len;
>> ret += block_len;
>> len -= block_len;
>> - if (!len)
>> - break;
>>
>> BUILD_BUG_ON(PAGE_SIZE % CHACHA_BLOCK_SIZE != 0);
>> if (ret % PAGE_SIZE == 0) {
>> if (signal_pending(current))
>> break;
>> cond_resched();
>> }
>> }
>
> This isn't quite the same, is it? Before, it would immediately break
> out of the loop on any short copy. Now, it will only break out on a
> zero copy, which means it's possible that ret % PAGE_SIZE == 0, and
> there'll be an unnecessary cond_resched() before copy_to_iter() runs
> again and then breaks.
True, we could just make that:
copied = copy_to_iter(output, block_len, to);
if (copied != block_len)
...
if that's important. Doesn't seem like it would, if you're passing in
invalid memory ranges. Maybe that ret check makes it so that it is
indeed important. I'll make the changes and send out a v2.
--
Jens Axboe
Powered by blists - more mailing lists