lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAF=yD-LLCoSTH1Jb+EFmpmTVO+Oo7Hjg6xcF4T2wR96QkjHZRw@mail.gmail.com>
Date:   Fri, 16 Jun 2023 10:34:41 +0200
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     David Howells <dhowells@...hat.com>, netdev@...r.kernel.org,
        syzbot+d8486855ef44506fd675@...kaller.appspotmail.com,
        David Ahern <dsahern@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>, Jens Axboe <axboe@...nel.dk>,
        Matthew Wilcox <willy@...radead.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] ip, ip6: Fix splice to raw and ping sockets

On Fri, Jun 16, 2023 at 7:23 AM Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Wed, 14 Jun 2023 09:04:16 +0100 David Howells wrote:
> > Splicing to SOCK_RAW sockets may set MSG_SPLICE_PAGES, but in such a case,
> > __ip_append_data() will call skb_splice_from_iter() to access the 'from'
> > data, assuming it to point to a msghdr struct with an iter, instead of
> > using the provided getfrag function to access it.
> >
> > In the case of raw_sendmsg(), however, this is not the case and 'from' will
> > point to a raw_frag_vec struct and raw_getfrag() will be the frag-getting
> > function.  A similar issue may occur with rawv6_sendmsg().
> >
> > Fix this by ignoring MSG_SPLICE_PAGES if getfrag != ip_generic_getfrag as
> > ip_generic_getfrag() expects "from" to be a msghdr*, but the other getfrags
> > don't.  Note that this will prevent MSG_SPLICE_PAGES from being effective
> > for udplite.
> >
> > This likely affects ping sockets too.  udplite looks like it should be okay
> > as it expects "from" to be a msghdr.
>
> Willem, looks good?

Reviewed-by: Willem de Bruijn <willemb@...gle.com>

Disabling splicing if not ip_generic_getfrag sounds great to me.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ