lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 21 Aug 2020 14:14:00 -0700 (PDT)
From:   David Miller <>
Subject: Re: [PATCH] net: bypass ->sendpage for slab pages

From: Christoph Hellwig <>
Date: Thu, 20 Aug 2020 06:37:44 +0200

> If you look at who uses sendpage outside the networking layer itself
> you see that it is basically block driver and file systems.  These
> have no way to control what memory they get passed and have to deal
> with everything someone throws at them.

I see nvme doing virt_to_page() on several things when it calls into

This is the kind of stuff I want cleaned up, and which your patch
will not trap nor address.

In nvme it sometimes seems to check for sendpage validity:

		/* can't zcopy slab pages */
		if (unlikely(PageSlab(page))) {
			ret = sock_no_sendpage(queue->sock, page, offset, len,
		} else {
			ret = kernel_sendpage(queue->sock, page, offset, len,

Yet elsewhere does not and just blindly calls:

	ret = kernel_sendpage(queue->sock, virt_to_page(pdu),
			offset_in_page(pdu) + req->offset, len,  flags);

This pdu seems to come from a page frag allocation.

That's the target side.  On the host side:

		ret = kernel_sendpage(cmd->queue->sock, page, cmd->offset,
					left, flags);

No page slab check or anything like that.

I'm hesitent to put in the kernel_sendpage() patch, becuase it provides a
disincentive to fix up code like this.

Powered by blists - more mailing lists