[net-next,v2,2/6] net: Block MSG_SENDPAGE_* from being passed to sendmsg() by userspace
| Message ID | 20230531124528.699123-3-dhowells@redhat.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2852169vqr;
Wed, 31 May 2023 05:49:34 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ7L6Ef8OYf9ktBu1qHjOy78PjM7YIu4eKLeClXwpdGLcjC7XHgu99YDYtSu2opBt0Du/Su8
X-Received: by 2002:a05:6a00:2191:b0:643:857d:87a3 with SMTP id
h17-20020a056a00219100b00643857d87a3mr5210351pfi.11.1685537374287;
Wed, 31 May 2023 05:49:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1685537374; cv=none;
d=google.com; s=arc-20160816;
b=P5mZ8II0dDpUM2t3tqWb8tdLd6kFri9KnqXz9Sti2jvwRUTRYbtxqHbu098iB9LYN+
FWJZuLzgM7jJ2dLvejzz2WF2UESvV0mTz2VvX9vuvVSw5SS36VR9qbz1laQAiWAxQpNi
cjGe2YXFhfRAls8gObw+xKysZoWu57QHRawgy+1LJKiWNrjdI8DnIks/E1aDBAKMSV05
DcSykOuy0CYOyeL8ApJMw3LuuRJyrrCICiKwF+4aWmkcoZ4//Fw9KkSsTiD0qTXcbsBf
ETCAVG5iWV3Enecid/LKPFyg+GVZvWmpw7XhfKkyhq73Mq/rTv8Hc+xDKeeJTxY61GzV
VwlQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=704Gul1es5vKB8f3fNlqLP0xfed1dEhsuWb+SLm3klg=;
b=bD7SG57JImrURYFCGXiYbRwvTFJm60p3HeWTQZcqvGnYlXX5pXipbe0NeT+wVPMlAl
VlfWOJfU2ZfT2IwXwz3BlKmg0qXVKCF13QAE8lmLRNE8ER6g1EX5dC7+JoEhFtef97OK
q/s8OqBAYVb5CYDXvJhJVgGpzh8xToBNh+YFG0b6rmzKSA825+D2cj6vcZmSX7GBjtcW
HsjxHUKUQiqkcAo7S/VIWmwHbyOiGISsGQZnEZ7zKFC88nrl/bBv1XnQoQfKNlvyfTiH
lNZ/MPubaxJuNYme/VciVWj8vwlF37zAkoHg8XiL36FGY/N1UMI+CV/rIapfYetZXDiW
z24w==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b="WEbs/vgq";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
b124-20020a62cf82000000b0064f6a52105csi3527948pfg.378.2023.05.31.05.49.21;
Wed, 31 May 2023 05:49:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b="WEbs/vgq";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S235944AbjEaMqf (ORCPT <rfc822;andrewvogler123@gmail.com>
+ 99 others); Wed, 31 May 2023 08:46:35 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43160 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S235909AbjEaMqa (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 31 May 2023 08:46:30 -0400
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.129.124])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE7B7128
for <linux-kernel@vger.kernel.org>;
Wed, 31 May 2023 05:45:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1685537144;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=704Gul1es5vKB8f3fNlqLP0xfed1dEhsuWb+SLm3klg=;
b=WEbs/vgqtdc7UsAEh8O4M0ghNHBj1PiB9QnqdNiMATXe6KuZ8WDckAVxnrIYpEeGtRZpVz
Dgg/KbMZeVf2+T/0e7BHrIPzac6BBLQbKaYG70TI6YRnEFVgKwlbEQiY+ZZqfCwLCr/t0y
9hwdKHHc0uU/gAIZpQIyaU3KoQxhhLU=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
[66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
us-mta-625-u-3ocbAEPfKvWCDqcrmGEg-1; Wed, 31 May 2023 08:45:41 -0400
X-MC-Unique: u-3ocbAEPfKvWCDqcrmGEg-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
[10.11.54.3])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A721F3C0C897;
Wed, 31 May 2023 12:45:40 +0000 (UTC)
Received: from warthog.procyon.org.uk (unknown [10.42.28.182])
by smtp.corp.redhat.com (Postfix) with ESMTP id B74EE112132E;
Wed, 31 May 2023 12:45:38 +0000 (UTC)
From: David Howells <dhowells@redhat.com>
To: netdev@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>,
Chuck Lever <chuck.lever@oracle.com>,
Boris Pismenny <borisp@nvidia.com>,
John Fastabend <john.fastabend@gmail.com>,
Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
David Ahern <dsahern@kernel.org>,
Matthew Wilcox <willy@infradead.org>,
Jens Axboe <axboe@kernel.dk>, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: [PATCH net-next v2 2/6] net: Block MSG_SENDPAGE_* from being passed
to sendmsg() by userspace
Date: Wed, 31 May 2023 13:45:24 +0100
Message-ID: <20230531124528.699123-3-dhowells@redhat.com>
In-Reply-To: <20230531124528.699123-1-dhowells@redhat.com>
References: <20230531124528.699123-1-dhowells@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1767414037981866008?=
X-GMAIL-MSGID: =?utf-8?q?1767414037981866008?=
|
| Series |
splice, net: Handle MSG_SPLICE_PAGES in AF_TLS
|
|
Commit Message
David Howells
May 31, 2023, 12:45 p.m. UTC
It is necessary to allow MSG_SENDPAGE_* to be passed into ->sendmsg() to
allow sendmsg(MSG_SPLICE_PAGES) to replace ->sendpage(). Unblocking them
in the network protocol, however, allows these flags to be passed in by
userspace too[1].
Fix this by marking MSG_SENDPAGE_NOPOLICY, MSG_SENDPAGE_NOTLAST and
MSG_SENDPAGE_DECRYPTED as internal flags, which causes sendmsg() to object
if they are passed to sendmsg() by userspace. Network protocol ->sendmsg()
implementations can then allow them through.
Note that it should be possible to remove MSG_SENDPAGE_NOTLAST once
sendpage is removed as a whole slew of pages will be passed in in one go by
splice through sendmsg, with MSG_MORE being set if it has more data waiting
in the pipe.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: Boris Pismenny <borisp@nvidia.com>
cc: John Fastabend <john.fastabend@gmail.com>
cc: Eric Dumazet <edumazet@google.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Paolo Abeni <pabeni@redhat.com>
cc: Jens Axboe <axboe@kernel.dk>
cc: Matthew Wilcox <willy@infradead.org>
cc: netdev@vger.kernel.org
Link: https://lore.kernel.org/r/20230526181338.03a99016@kernel.org/ [1]
---
include/linux/socket.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Comments
On Wed, May 31, 2023 at 01:45:24PM +0100, David Howells wrote: > It is necessary to allow MSG_SENDPAGE_* to be passed into ->sendmsg() to > allow sendmsg(MSG_SPLICE_PAGES) to replace ->sendpage(). Unblocking them > in the network protocol, however, allows these flags to be passed in by > userspace too[1]. > > Fix this by marking MSG_SENDPAGE_NOPOLICY, MSG_SENDPAGE_NOTLAST and > MSG_SENDPAGE_DECRYPTED as internal flags, which causes sendmsg() to object > if they are passed to sendmsg() by userspace. Network protocol ->sendmsg() > implementations can then allow them through. > > Note that it should be possible to remove MSG_SENDPAGE_NOTLAST once > sendpage is removed as a whole slew of pages will be passed in in one go by Hi David, on the off-chance that you need to respin for some other reason: s/in in/in/ > splice through sendmsg, with MSG_MORE being set if it has more data waiting > in the pipe. ...
Simon Horman <simon.horman@corigine.com> wrote: > > sendpage is removed as a whole slew of pages will be passed in in one go by > > on the off-chance that you need to respin for some other reason: > > s/in in/in/ What I wrote is correct - there should be two ins. I could write it as: ... passed in [as an argument] in one go... For your amusement, consider: All the faith he had had had had no effect on the outcome of his life. https://ell.stackexchange.com/questions/285066/explanation-for-had-had-had-had-being-grammatically-correct David
On Wed, May 31, 2023 at 07:01:12PM +0100, David Howells wrote: > Simon Horman <simon.horman@corigine.com> wrote: > > > > sendpage is removed as a whole slew of pages will be passed in in one go by > > > > on the off-chance that you need to respin for some other reason: > > > > s/in in/in/ > > What I wrote is correct - there should be two ins. I could write it as: > > ... passed in [as an argument] in one go... > > For your amusement, consider: > > All the faith he had had had had no effect on the outcome of his life. > > https://ell.stackexchange.com/questions/285066/explanation-for-had-had-had-had-being-grammatically-correct Let's not buffalo Buffalo buffalo ...
On Wed, May 31, 2023 at 07:01:12PM +0100, David Howells wrote: > Simon Horman <simon.horman@corigine.com> wrote: > > > > sendpage is removed as a whole slew of pages will be passed in in one go by > > > > on the off-chance that you need to respin for some other reason: > > > > s/in in/in/ > > What I wrote is correct - there should be two ins. I could write it as: Thanks David, I see that now. > ... passed in [as an argument] in one go... > > For your amusement, consider: > > All the faith he had had had had no effect on the outcome of his life. > > https://ell.stackexchange.com/questions/285066/explanation-for-had-had-had-had-being-grammatically-correct > > David >
diff --git a/include/linux/socket.h b/include/linux/socket.h index bd1cc3238851..3fd3436bc09f 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h @@ -339,7 +339,9 @@ struct ucred { #endif /* Flags to be cleared on entry by sendmsg and sendmmsg syscalls */ -#define MSG_INTERNAL_SENDMSG_FLAGS (MSG_SPLICE_PAGES) +#define MSG_INTERNAL_SENDMSG_FLAGS \ + (MSG_SPLICE_PAGES | MSG_SENDPAGE_NOPOLICY | MSG_SENDPAGE_NOTLAST | \ + MSG_SENDPAGE_DECRYPTED) /* Setsockoptions(2) level. Thanks to BSD these must match IPPROTO_xxx */ #define SOL_IP 0