lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAH2r5mudRezz-9wcHN+dcZmApeZ4L--CmTpCaaMAL6RDNihZtw@mail.gmail.com>
Date:   Tue, 18 Apr 2023 21:32:38 -0500
From:   Steve French <smfrench@...il.com>
To:     David Howells <dhowells@...hat.com>
Cc:     Paulo Alcantara <pc@...guebit.com>,
        Jérôme Glisse <jglisse@...hat.com>,
        Long Li <longli@...rosoft.com>,
        Enzo Matsumiya <ematsumiya@...e.de>,
        Shyam Prasad N <nspmangalore@...il.com>,
        Rohith Surabattula <rohiths.msft@...il.com>,
        Jeff Layton <jlayton@...nel.org>, linux-cifs@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] cifs: Fix unbuffered read

Updated to add Paulo's Acked-by and also attached the other fix. Let
me know if any additional feedback/review/testing results

    cifs: Reapply lost fix from commit 30b2b2196d6e

    Reapply the fix from
       30b2b2196d6e ("cifs: do not include page data when checking signature")
    that got lost in the iteratorisation of the cifs driver.

On Tue, Apr 18, 2023 at 5:40 PM David Howells <dhowells@...hat.com> wrote:
>
>
> If read() is done in an unbuffered manner, such that, say,
> cifs_strict_readv() goes through cifs_user_readv() and thence
> __cifs_readv(), it doesn't recognise the EOF and keeps indicating to
> userspace that it returning full buffers of data.
>
> This is due to ctx->iter being advanced in cifs_send_async_read() as the
> buffer is split up amongst a number of rdata objects.  The iterator count
> is then used in collect_uncached_read_data() in the non-DIO case to set the
> total length read - and thus the return value of sys_read().  But since the
> iterator normally gets used up completely during splitting, ctx->total_len
> gets overridden to the full amount.
>
> However, prior to that in collect_uncached_read_data(), we've gone through
> the list of rdatas and added up the amount of data we actually received
> (which we then throw away).
>
> Fix this by removing the bit that overrides the amount read in the non-DIO
> case and just going with the total added up in the aforementioned loop.
>
> This was observed by mounting a cifs share with multiple channels, e.g.:
>
>         mount //192.168.6.1/test /test/ -o user=shares,pass=...,max_channels=6
>
> and then reading a 1MiB file on the share:
>
>         strace cat /xfstest.test/1M  >/dev/null
>
> Through strace, the same data can be seen being read again and again.
>
> Fixes: d08089f649a0 ("cifs: Change the I/O paths to use an iterator rather than a page list")
> Signed-off-by: David Howells <dhowells@...hat.com>
> cc: Steve French <smfrench@...il.com>
> cc: Paulo Alcantara <pc@...guebit.com>
> cc: Jérôme Glisse <jglisse@...hat.com>
> cc: Long Li <longli@...rosoft.com>
> cc: Enzo Matsumiya <ematsumiya@...e.de>
> cc: Shyam Prasad N <nspmangalore@...il.com>
> cc: Rohith Surabattula <rohiths.msft@...il.com>
> cc: Jeff Layton <jlayton@...nel.org>
> cc: linux-cifs@...r.kernel.org
> ---
>  fs/cifs/file.c |    4 ----
>  1 file changed, 4 deletions(-)
>
> diff --git a/fs/cifs/file.c b/fs/cifs/file.c
> index 321f9b7c84c9..f8877dc91cc5 100644
> --- a/fs/cifs/file.c
> +++ b/fs/cifs/file.c
> @@ -4010,7 +4010,6 @@ static void
>  collect_uncached_read_data(struct cifs_aio_ctx *ctx)
>  {
>         struct cifs_readdata *rdata, *tmp;
> -       struct iov_iter *to = &ctx->iter;
>         struct cifs_sb_info *cifs_sb;
>         int rc;
>
> @@ -4076,9 +4075,6 @@ collect_uncached_read_data(struct cifs_aio_ctx *ctx)
>                 kref_put(&rdata->refcount, cifs_readdata_release);
>         }
>
> -       if (!ctx->direct_io)
> -               ctx->total_len = ctx->len - iov_iter_count(to);
> -
>         /* mask nodata case */
>         if (rc == -ENODATA)
>                 rc = 0;
>


-- 
Thanks,

Steve

View attachment "0002-cifs-Fix-unbuffered-read.patch" of type "text/x-patch" (2773 bytes)

View attachment "0003-cifs-Reapply-lost-fix-from-commit-30b2b2196d6e.patch" of type "text/x-patch" (1742 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ