| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ab1959f9-1b94-4e7f-ba33-12453cb50027@gmail.com> Date: Mon, 19 May 2025 11:45:57 +0100 From: Pavel Begunkov <asml.silence@...il.com> To: Stanislav Fomichev <stfomichev@...il.com>, netdev@...r.kernel.org Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, sagi@...mberg.me, willemb@...gle.com, almasrymina@...gle.com, kaiyuanz@...gle.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH net-next] net: devmem: drop iterator type check On 5/16/25 23:54, Stanislav Fomichev wrote: > sendmsg() with a single iov becomes ITER_UBUF, sendmsg() with multiple > iovs becomes ITER_IOVEC. Instead of adjusting the check to include > ITER_UBUF, drop the check completely. The callers are guaranteed > to happen from system call side and we don't need to pay runtime > cost to verify it. I asked for this because io_uring can pass bvecs. Only sendzc can pass that with cmsg, so probably you won't be able to hit any real issue, but io_uring needs and soon will have bvec support for normal sends as well. One can argue we should care as it isn't merged yet, but there is something very very wrong if an unrelated and legal io_uring change is able to open a vulnerability in the devmem path. On the bright side, checking UBUF on top doesn't add extra overhead as compilers can put it under the same test and generate sth like: if (iter->type > ITER_IOVEC) /* fail */ -- Pavel Begunkov
Powered by blists - more mailing lists