lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 3 Jun 2024 10:59:15 +0100
From: Terry Tritton <terry.tritton@...aro.org>
To: hch@....de
Cc: "ttritton@...gle.com" <ttritton@...gle.com>, edliaw@...gle.com, keescook@...omium.org, 
	linux-kernel@...r.kernel.org
Subject: Change in splice() behaviour after 5.10?

Hi,
We've found a change in behaviour while testing the splice07 LTP test.
In versions before 5.10 the test will hang on certain combinations but after
5.10 the splice call will return.
I bisected the change to the following commit:
    36e2c7421f02a22f71c9283e55fdb672a9eb58e7
    fs: don't allow splice read/write without explicit ops

There has been some discussion on the LTP github page already:
    https://github.com/linux-test-project/ltp/issues/1156

>From the github link these combinations fail on 5.4:
|in_fd            |  out_fd            |  error  |
--------------------------------------------------
|TST_FD_PIPE_READ |  TST_FD_EPOLL      | hangs   |
|TST_FD_PIPE_READ |  TST_FD_EVENTFD    | hangs   |
|TST_FD_PIPE_READ |  TST_FD_SIGNALFD   | hangs   |
|TST_FD_PIPE_READ |  TST_FD_TIMERFD    | hangs   |
|TST_FD_PIPE_READ |  TST_FD_PIDFD      | hangs   |
|TST_FD_PIPE_READ |  TST_FD_PERF_EVENT | hangs   |
|TST_FD_PIPE_READ |  TST_FD_IO_URING   | hangs   |
|TST_FD_PIPE_READ |  TST_FD_BPF_MAP    | hangs   |
|TST_FD_PIPE_READ |  TST_FD_FSOPEN     | hangs   |
|TST_FD_PIPE_READ |  TST_FD_FSPICK     | hangs   |
|TST_FD_INOTIFY   |  TST_FD_PIPE_WRITE | hangs   |
|TST_FD_DIR       |  TST_FD_PIPE_WRITE | EISDIR  |
|TST_FD_PERF_EVENT| TST_FD_PIPE_WRITE | ENODATA |
|TST_FD_FSOPEN    |  TST_FD_PIPE_WRITE | ENODATA |
|TST_FD_FSPICK    |  TST_FD_PIPE_WRITE | ENODATA |


PoC below, this program will hang before 36e2c7421f and complete after it.

#define _GNU_SOURCE
#include <fcntl.h>
#include <stdio.h>
#include <sys/epoll.h>
#include <unistd.h>

int main(){
    int fd_in[2];
    int fd_out;

    pipe(fd_in);
    fd_out = epoll_create(1);

    splice(fd_in[0], NULL, fd_out, NULL, 1, 0);

    printf("Should not hang!\n");

    return 0;
}

Is this change expected?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ