lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZH32Jp1Iop8FaDtC@corigine.com>
Date: Mon, 5 Jun 2023 16:50:14 +0200
From: Simon Horman <simon.horman@...igine.com>
To: David Howells <dhowells@...hat.com>
Cc: netdev@...r.kernel.org, Linus Torvalds <torvalds@...ux-foundation.org>,
	Chuck Lever <chuck.lever@...cle.com>,
	Boris Pismenny <borisp@...dia.com>,
	John Fastabend <john.fastabend@...il.com>,
	Jakub Kicinski <kuba@...nel.org>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
	Willem de Bruijn <willemdebruijn.kernel@...il.com>,
	David Ahern <dsahern@...nel.org>,
	Matthew Wilcox <willy@...radead.org>, Jens Axboe <axboe@...nel.dk>,
	linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next v4 03/11] splice, net: Use
 sendmsg(MSG_SPLICE_PAGES) rather than ->sendpage()

On Mon, Jun 05, 2023 at 01:45:52PM +0100, David Howells wrote:

...

> @@ -846,13 +824,131 @@ EXPORT_SYMBOL(iter_file_splice_write);
>   *    is involved.
>   *
>   */
> -ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
> -				loff_t *ppos, size_t len, unsigned int flags)
> +ssize_t splice_to_socket(struct pipe_inode_info *pipe, struct file *out,
> +			 loff_t *ppos, size_t len, unsigned int flags)
>  {
> -	return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
> -}
> +	struct socket *sock = sock_from_file(out);
> +	struct bio_vec bvec[16];
> +	struct msghdr msg = {};
> +	ssize_t ret;
> +	size_t spliced = 0;
> +	bool need_wakeup = false;
> +
> +	pipe_lock(pipe);
> +
> +	while (len > 0) {

Hi David,

I'm assuming the answer is that this cannot occur,
but I thought I should mention this anyway.

If the initial value of len is 0 (or less).

...

> +
> +out:
> +	pipe_unlock(pipe);
> +	if (need_wakeup)
> +		wakeup_pipe_writers(pipe);
> +	return spliced ?: ret;

Then ret will be used uninitialised here.

> +}
> +#endif
>  
>  static int warn_unsupported(struct file *file, const char *op)
>  {

...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ