lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201001075408.25508-1-colyli@suse.de>
Date:   Thu,  1 Oct 2020 15:54:01 +0800
From:   Coly Li <colyli@...e.de>
To:     linux-block@...r.kernel.org, linux-nvme@...ts.infradead.org,
        netdev@...r.kernel.org, open-iscsi@...glegroups.com,
        linux-scsi@...r.kernel.org, ceph-devel@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, Coly Li <colyli@...e.de>,
        Chaitanya Kulkarni <chaitanya.kulkarni@....com>,
        Chris Leech <cleech@...hat.com>,
        Christoph Hellwig <hch@....de>, Cong Wang <amwang@...hat.com>,
        "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <eric.dumazet@...il.com>,
        Hannes Reinecke <hare@...e.de>,
        Ilya Dryomov <idryomov@...il.com>, Jan Kara <jack@...e.com>,
        Jeff Layton <jlayton@...nel.org>, Jens Axboe <axboe@...nel.dk>,
        Lee Duncan <lduncan@...e.com>,
        Mike Christie <michaelc@...wisc.edu>,
        Mikhail Skorzhinskii <mskorzhinskiy@...arflare.com>,
        Philipp Reisner <philipp.reisner@...bit.com>,
        Sagi Grimberg <sagi@...mberg.me>,
        Vasily Averin <vvs@...tuozzo.com>,
        Vlastimil Babka <vbabka@...e.com>
Subject: [PATCH v9 0/7] Introduce sendpage_ok() to detect misused sendpage in network related drivers

This series was original by a bug fix in nvme-over-tcp driver which only
checked whether a page was allocated from slab allcoator, but forgot to
check its page_count: The page handled by sendpage should be neither a
Slab page nor 0 page_count page.

As Sagi Grimberg suggested, the original fix is refind to a more common
inline routine:
    static inline bool sendpage_ok(struct page *page)
    {
        return  (!PageSlab(page) && page_count(page) >= 1);
    }
If sendpage_ok() returns true, the checking page can be handled by the
concrete zero-copy sendpage method in network layer.

The v9 series has 7 patches, no change from v8 series,
- The 1st patch in this series introduces sendpage_ok() in header file
  include/linux/net.h.
- The 2nd patch adds WARN_ONCE() for improper zero-copy send in
  kernel_sendpage().
- The 3rd patch fixes the page checking issue in nvme-over-tcp driver.
- The 4th patch adds page_count check by using sendpage_ok() in
  do_tcp_sendpages() as Eric Dumazet suggested.
- The 5th and 6th patches just replace existing open coded checks with
  the inline sendpage_ok() routine.

Coly Li

Cc: Chaitanya Kulkarni <chaitanya.kulkarni@....com>
Cc: Chris Leech <cleech@...hat.com>
Cc: Christoph Hellwig <hch@....de>
Cc: Cong Wang <amwang@...hat.com>
Cc: David S. Miller <davem@...emloft.net>
Cc: Eric Dumazet <eric.dumazet@...il.com>
Cc: Hannes Reinecke <hare@...e.de>
Cc: Ilya Dryomov <idryomov@...il.com>
Cc: Jan Kara <jack@...e.com>
Cc: Jeff Layton <jlayton@...nel.org>
Cc: Jens Axboe <axboe@...nel.dk>
Cc: Lee Duncan <lduncan@...e.com>
Cc: Mike Christie <michaelc@...wisc.edu>
Cc: Mikhail Skorzhinskii <mskorzhinskiy@...arflare.com>
Cc: Philipp Reisner <philipp.reisner@...bit.com>
Cc: Sagi Grimberg <sagi@...mberg.me>
Cc: Vasily Averin <vvs@...tuozzo.com>
Cc: Vlastimil Babka <vbabka@...e.com>
---
Changelog:
v9, fix a typo pointed out by Greg KH.
    add Acked-by tags from Martin K. Petersen and Ilya Dryomov.
v8: add WARN_ONCE() in kernel_sendpage() as Christoph suggested.
v7: remove outer brackets from the return line of sendpage_ok() as
    Eric Dumazet suggested.
v6: fix page check in do_tcp_sendpages(), as Eric Dumazet suggested.
    replace other open coded checks with sendpage_ok() in libceph,
    iscsi drivers.
v5, include linux/mm.h in include/linux/net.h
v4, change sendpage_ok() as an inline helper, and post it as
    separate patch, as Christoph Hellwig suggested.
v3, introduce a more common sendpage_ok() as Sagi Grimberg suggested.
v2, fix typo in patch subject
v1, the initial version.


Coly Li (7):
  net: introduce helper sendpage_ok() in include/linux/net.h
  net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send
  nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage()
  tcp: use sendpage_ok() to detect misused .sendpage
  drbd: code cleanup by using sendpage_ok() to check page for
    kernel_sendpage()
  scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map()
  libceph: use sendpage_ok() in ceph_tcp_sendpage()

 drivers/block/drbd/drbd_main.c |  2 +-
 drivers/nvme/host/tcp.c        |  7 +++----
 drivers/scsi/libiscsi_tcp.c    |  2 +-
 include/linux/net.h            | 16 ++++++++++++++++
 net/ceph/messenger.c           |  2 +-
 net/ipv4/tcp.c                 |  3 ++-
 net/socket.c                   |  6 ++++--
 7 files changed, 28 insertions(+), 10 deletions(-)

-- 
2.26.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ