lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHS8izOSZS8F7vbNVS4VeyxdNBbjcaC47_GXYKTe-0t6qorcTQ@mail.gmail.com>
Date: Fri, 16 May 2025 21:53:36 -0700
From: Mina Almasry <almasrymina@...gle.com>
To: Stanislav Fomichev <stfomichev@...il.com>
Cc: Al Viro <viro@...iv.linux.org.uk>, netdev@...r.kernel.org, davem@...emloft.net, 
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, 
	willemb@...gle.com, sagi@...mberg.me, asml.silence@...il.com, 
	kaiyuanz@...gle.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] net: devmem: remove min_t(iter_iov_len) in sendmsg

On Fri, May 16, 2025 at 9:29 PM Stanislav Fomichev <stfomichev@...il.com> wrote:
>
> On 05/17, Al Viro wrote:
> > On Fri, May 16, 2025 at 08:53:09PM -0700, Stanislav Fomichev wrote:
> > > On 05/17, Al Viro wrote:
> > > > On Fri, May 16, 2025 at 07:17:23PM -0700, Stanislav Fomichev wrote:
> > > > > > Wait, in the same commit there's
> > > > > > +       if (iov_iter_type(from) != ITER_IOVEC)
> > > > > > +               return -EFAULT;
> > > > > >
> > > > > > shortly prior to the loop iter_iov_{addr,len}() are used.  What am I missing now?
> > > > >
> > > > > Yeah, I want to remove that part as well:
> > > > >
> > > > > https://lore.kernel.org/netdev/20250516225441.527020-1-stfomichev@gmail.com/T/#u
> > > > >
> > > > > Otherwise, sendmsg() with a single IOV is not accepted, which makes not
> > > > > sense.
> > > >
> > > > Wait a minute.  What's there to prevent a call with two ranges far from each other?
> > >
> > > It is perfectly possible to have a call with two disjoint ranges,
> > > net_devmem_get_niov_at should correctly resolve it to the IOVA in the
> > > dmabuf. Not sure I understand why it's an issue, can you pls clarify?
> >
> > Er...  OK, the following is given an from with two iovecs.
> >
> >       while (length && iov_iter_count(from)) {
> >               if (i == MAX_SKB_FRAGS)
> >                       return -EMSGSIZE;
> >
> >               virt_addr = (size_t)iter_iov_addr(from);
> >
> > OK, that's iov_base of the first one.
> >
> >               niov = net_devmem_get_niov_at(binding, virt_addr, &off, &size);
> >               if (!niov)
> >                       return -EFAULT;
> > Whatever it does, it does *NOT* see iov_len of the first iovec.  Looks like
> > it tries to set something up, storing the length of what it had set up
> > into size
> >
> >               size = min_t(size_t, size, length);
> > ... no more than length, OK.  Suppose length is considerably more than iov_len
> > of the first iovec.
> >
> >               size = min_t(size_t, size, iter_iov_len(from));
> > ... now trim it down to iov_len of that sucker.  That's what you want to remove,
> > right?  What happens if iov_len is shorter than what we have in size?
> >
> >               get_netmem(net_iov_to_netmem(niov));
> >               skb_add_rx_frag_netmem(skb, i, net_iov_to_netmem(niov), off,
> >                                     size, PAGE_SIZE);
> > Still not looking at that iov_len...
> >
> >               iov_iter_advance(from, size);
> > ... and now that you've removed the second min_t, size happens to be greater
> > than that iovec[0].iov_len.  So we advance into the second iovec, skipping
> > size - iovec[0].iov_len bytes after iovev[1].iov_base.
> >               length -= size;
> >               i++;
> >       }
> > ... and proceed into the second iteration.
> >
> > Would you agree that behaviour ought to depend upon the iovec[0].iov_len?
> > If nothing else, it affects which data do you want to be sent, and I don't
> > see where would anything even look at that value with your change...
>
> Yes, I think you have a point. I was thinking that net_devmem_get_niov_at
> will expose max size of the chunk, but I agree that the iov might have
> requested smaller part and it will bug out in case of multiple chunks...
>
> Are you open to making iter_iov_len more ubuf friendly? Something like
> the following:
>
> static inline size_t iter_iov_len(const struct iov_iter *i)
> {
>         if (iter->iter_type == ITER_UBUF)
>                 return ni->count;
>         return iter_iov(i)->iov_len - i->iov_offset;
> }
>
> Or should I handle the iter_type here?
>
> if (iter->iter_type == ITER_IOVEC)
>         size = min_t(size_t, size, iter_iov_len(from));
> /* else
>         I don think I need to clamp to iov_iter_count() because length
>         should take care of it */

Sorry about this, I was worried about testing multiple io_vecs because
I imagined the single io_vec is just a subcase of that. I did not
expect a single iov converts into a different iter type and the iter
type behaves a bit differently.

I think both approaches Stan points to should be fine. The generic
change may break existing users of ITER_UBUF though.

Lets have some test coverage of this in ncdevmem, if possible.

-- 
Thanks,
Mina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ