lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 16 Nov 2009 09:22:57 -0500
From:	Gregory Haskins <gregory.haskins@...il.com>
To:	David Miller <davem@...emloft.net>
CC:	herbert@...dor.apana.org.au, ghaskins@...ell.com, mst@...hat.com,
	alacrityvm-devel@...ts.sourceforge.net,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [RFC PATCH] net: add dataref destructor to sk_buff

David Miller wrote:
> From: Gregory Haskins <gregory.haskins@...il.com>
> Date: Fri, 13 Nov 2009 20:33:35 -0500
> 
>> Well, not with respect to the overall protocol, of course not.  But with
>> respect to the buffer in question, it _has_ to be.  Or am I missing
>> something?
> 
> sendfile() absolutely, and positively, is not.
> 
> Any entity can write to the pages being send via sendfile(), at will,
> and those writes will show up in the packet stream if they occur
> before the NIC DMA's the memory backed by those pages into it's
> buffer.

Right, understood.

> 
> There is zero data synchronization whatsoever, we don't lock the
> pages, we don't block their usage while they are queued up in the
> socket send queue, nothing like that.

Understood.

> 
> The user returns long before it every hits the wire and there is zero
> "notification" to the user that the pages in question for the
> sendfile() request are no longer in use.

Ok, this was the part I didn't know.

> 
> It seems that your understanding of how buffering and synchronization
> works in the TCP stack has come out of a fairy tale :-)

I understand that we do not protect the buffers from modification from
other entities in process.  This was purely a question of
synchronization from the producers standpoint.

IOW:

for (;;) {
   char buf[512];

   memcpy(buf, next, sizeof(buf));	
   write(fd, buf);
}

would work without worrying that the producer will stomp on buf itself.
 It is now my understanding that for things other than sendfile, this
works because the buffer is copied before it returns control to the app.
 For sendfile(), the producer is more or less on its own and therefore
has to be careful if they are reusing previous mmapped buffers.  Ok.

But really, this is somewhat orthogonal to the original problem, so let
me see if we can bring it back on topic.  Michael stated that this patch
in question may be problematic because there are places in the stack
that can get_page() without also maintaining a reference to the shinfo
object.  Evgeniy seems to say the opposite.  I am not sure who is right,
or if I misunderstood one or both of them.  Any thoughts?

Kind Regards,
-Greg



Download attachment "signature.asc" of type "application/pgp-signature" (268 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ