lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 18 Aug 2020 21:12:21 +0800
From:   Coly Li <>
Cc:, Coly Li <>,
        Chaitanya Kulkarni <>,
        Chris Leech <>,
        Christoph Hellwig <>, Cong Wang <>,
        "David S . Miller" <>,
        Eric Dumazet <>,
        Hannes Reinecke <>,
        Ilya Dryomov <>, Jan Kara <>,
        Jeff Layton <>, Jens Axboe <>,
        Lee Duncan <>,
        Mike Christie <>,
        Mikhail Skorzhinskii <>,
        Philipp Reisner <>,
        Sagi Grimberg <>,
        Vasily Averin <>,
        Vlastimil Babka <>
Subject: [PATCH v7 0/6] Introduce sendpage_ok() to detect misused sendpage in network related drivers

This series was original by a bug fix in nvme-over-tcp driver which only
checked whether a page was allocated from slab allcoator, but forgot to
check its page_count: The page handled by sendpage should be neither a
Slab page nor 0 page_count page.

As Sagi Grimberg suggested, the original fix is refind to a more common
inline routine:
    static inline bool sendpage_ok(struct page *page)
        return  (!PageSlab(page) && page_count(page) >= 1);
If sendpage_ok() returns true, the checking page can be handled by the
zero copy sendpage method in network layer.

The first patch in this series introduces sendpage_ok() in header file
include/linux/net.h, the second patch fixes the page checking issue in
nvme-over-tcp driver, the third patch adds page_count check by using
sendpage_ok() in do_tcp_sendpages() as Eric Dumazet suggested, and all
rested patches just replace existing open coded checks with the inline
sendpage_ok() routine.

Coly Li

Cc: Chaitanya Kulkarni <>
Cc: Chris Leech <>
Cc: Christoph Hellwig <>
Cc: Cong Wang <>
Cc: David S. Miller <>
Cc: Eric Dumazet <>
Cc: Hannes Reinecke <>
Cc: Ilya Dryomov <>
Cc: Jan Kara <>
Cc: Jeff Layton <>
Cc: Jens Axboe <>
Cc: Lee Duncan <>
Cc: Mike Christie <>
Cc: Mikhail Skorzhinskii <>
Cc: Philipp Reisner <>
Cc: Sagi Grimberg <>
Cc: Vasily Averin <>
Cc: Vlastimil Babka <>
v7: remove outer brackets from the return line of sendpage_ok() as
    Eric Dumazet suggested.
v6: fix page check in do_tcp_sendpages(), as Eric Dumazet suggested.
    replace other open coded checks with sendpage_ok() in libceph,
    iscsi drivers.
v5, include linux/mm.h in include/linux/net.h
v4, change sendpage_ok() as an inline helper, and post it as
    separate patch, as Christoph Hellwig suggested.
v3, introduce a more common sendpage_ok() as Sagi Grimberg suggested.
v2, fix typo in patch subject
v1, the initial version. 

Coly Li (6):
  net: introduce helper sendpage_ok() in include/linux/net.h
  nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage()
  tcp: use sendpage_ok() to detect misused .sendpage
  drbd: code cleanup by using sendpage_ok() to check page for
  scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map()
  libceph: use sendpage_ok() in ceph_tcp_sendpage()

 drivers/block/drbd/drbd_main.c |  2 +-
 drivers/nvme/host/tcp.c        |  7 +++----
 drivers/scsi/libiscsi_tcp.c    |  2 +-
 include/linux/net.h            | 16 ++++++++++++++++
 net/ceph/messenger.c           |  2 +-
 net/ipv4/tcp.c                 |  3 ++-
 6 files changed, 24 insertions(+), 8 deletions(-)


Powered by blists - more mailing lists