lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <962b6921-b047-2694-23e7-62b23f061895@kernel.dk>
Date:   Thu, 19 May 2022 17:21:09 -0600
From:   Jens Axboe <axboe@...nel.dk>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     tytso@....edu, hch@....de, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] random: convert to using fops->read_iter()

On 5/19/22 5:12 PM, Jason A. Donenfeld wrote:
> Hi Jens,
> 
> On Thu, May 19, 2022 at 01:31:32PM -0600, Jens Axboe wrote:
>>  	for (;;) {
>>  		chacha20_block(chacha_state, output);
>>  		if (unlikely(chacha_state[12] == 0))
>>  			++chacha_state[13];
>>  
>>  		block_len = min_t(size_t, len, CHACHA_BLOCK_SIZE);
>> -		left = copy_to_user(ubuf, output, block_len);
>> -		if (left) {
>> -			ret += block_len - left;
>> +		block_len = copy_to_iter(output, block_len, to);
>> +		if (!block_len)
>>  			break;
>> -		}
>>  
>> -		ubuf += block_len;
>>  		ret += block_len;
>>  		len -= block_len;
>> -		if (!len)
>> -			break;
>>  
>>  		BUILD_BUG_ON(PAGE_SIZE % CHACHA_BLOCK_SIZE != 0);
>>  		if (ret % PAGE_SIZE == 0) {
>>  			if (signal_pending(current))
>>  				break;
>>  			cond_resched();
>>  		}
>>  	}
> 
> This isn't quite the same, is it? Before, it would immediately break
> out of the loop on any short copy. Now, it will only break out on a
> zero copy, which means it's possible that ret % PAGE_SIZE == 0, and
> there'll be an unnecessary cond_resched() before copy_to_iter() runs
> again and then breaks.

True, we could just make that:

copied = copy_to_iter(output, block_len, to);
if (copied != block_len)
	...

if that's important. Doesn't seem like it would, if you're passing in
invalid memory ranges. Maybe that ret check makes it so that it is
indeed important. I'll make the changes and send out a v2.

-- 
Jens Axboe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ