lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 16 Aug 2020 10:55:09 -0700
From:   Cong Wang <xiyou.wangcong@...il.com>
To:     Coly Li <colyli@...e.de>
Cc:     linux-block@...r.kernel.org, linux-nvme@...ts.infradead.org,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        stable <stable@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Chaitanya Kulkarni <chaitanya.kulkarni@....com>,
        Christoph Hellwig <hch@....de>, Hannes Reinecke <hare@...e.de>,
        Jan Kara <jack@...e.com>, Jens Axboe <axboe@...nel.dk>,
        Mikhail Skorzhinskii <mskorzhinskiy@...arflare.com>,
        Philipp Reisner <philipp.reisner@...bit.com>,
        Sagi Grimberg <sagi@...mberg.me>,
        Vlastimil Babka <vbabka@...e.com>
Subject: Re: [PATCH v5 1/3] net: introduce helper sendpage_ok() in include/linux/net.h

On Sun, Aug 16, 2020 at 1:36 AM Coly Li <colyli@...e.de> wrote:
>
> The original problem was from nvme-over-tcp code, who mistakenly uses
> kernel_sendpage() to send pages allocated by __get_free_pages() without
> __GFP_COMP flag. Such pages don't have refcount (page_count is 0) on
> tail pages, sending them by kernel_sendpage() may trigger a kernel panic
> from a corrupted kernel heap, because these pages are incorrectly freed
> in network stack as page_count 0 pages.
>
> This patch introduces a helper sendpage_ok(), it returns true if the
> checking page,
> - is not slab page: PageSlab(page) is false.
> - has page refcount: page_count(page) is not zero
>
> All drivers who want to send page to remote end by kernel_sendpage()
> may use this helper to check whether the page is OK. If the helper does
> not return true, the driver should try other non sendpage method (e.g.
> sock_no_sendpage()) to handle the page.

Can we leave this helper to mm subsystem?

I know it is for sendpage, but its implementation is all about some
mm details and its two callers do not belong to net subsystem either.

Think this in another way: who would fix it if it is buggy? I bet mm people
should. ;)

Thanks.

Powered by blists - more mailing lists