Message ID | 1585899.1688486184@warthog.procyon.org.uk |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp1319833vqx; Tue, 4 Jul 2023 09:03:32 -0700 (PDT) X-Google-Smtp-Source: APBJJlEt3VL7dzhHB3AV02UO05LDx54d2AHHzkyBz3iZMsNdanzYFs2b8Kyvmgh3BU38/o4dHTic X-Received: by 2002:a17:902:d2cd:b0:1b1:a7d8:a3a1 with SMTP id n13-20020a170902d2cd00b001b1a7d8a3a1mr17002289plc.21.1688486612261; Tue, 04 Jul 2023 09:03:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688486612; cv=none; d=google.com; s=arc-20160816; b=ppcRqUHb2StBKBZH1kNhjlCZUsx2UCppYXMl4XQFB+aU3dNFaABPPRYpVuGSc5NTlg 9VUjhnfPfHFViEszJ6PQugX1eW1QWgEFXcI1Q3cGm0VLQalKL1offznbVfOrKHNERScP t4RkCTH/imEnTmdtBPWIGX7NV/MtkcwTPPiJf/doMuLHsCtXtWbxUmiUwcRm6yGrtVJN 9xLXU0VOI+s5Cv1dSB/zESckOQ+diLKApdu0ZeFcTun5x/h7BVMUGBFwolDzVtog2+vr gM5vVK+/MwesLeF/oO6MhSAzqxRftU31YyXALCqIO/TyhQyb7vYegV7cojUVJjOlv+Kg cTLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:content-transfer-encoding :mime-version:subject:cc:to:from:organization:dkim-signature; bh=6+ZHn5E4Ey2ZPvoR0JBGrpwDUf/hUgRLwKW3bRltrnM=; fh=ElcMGMOH7Z6JHvmsvEISBUG2dcNvIR0QuxNIAhuPqBQ=; b=vnG1b4X8xsMRqYlsgpsBxW/Cw+kDJKLO/GWu9WGu6jvtV2tS+orul1pGB27qA4rztv F+tbkSYcnqD4D3ZDdMLm5+UI6qqfio889btiiJlDjxM9gHCYkMNA72MPE/fhhJisYQgN rxam8ZS0KlgtfeNgFRcT9FC+/ZuUcBhYo3PDiyyB4eE5jhtip5qR+7xUG9Nn8eWMTdOg BDvLupRX+GWGbawxkUCy2p48tgqZUe8zKAktTNkocpG8X04CkNIkJk8wlYuZgpbYUk6B 6egYIfKa8l7wpJJCX/pAyuDj9eOS6rfS4CdOx2f1C3ubbzT4Iz9W2VRMMFQ6DuPwnOxf sLXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YuXJlRYZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t2-20020a1709027fc200b001b261eba754si11681817plb.165.2023.07.04.09.03.19; Tue, 04 Jul 2023 09:03:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YuXJlRYZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231491AbjGDP5N (ORCPT <rfc822;tebrre53rla2o@gmail.com> + 99 others); Tue, 4 Jul 2023 11:57:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230195AbjGDP5M (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 4 Jul 2023 11:57:12 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5378FB2 for <linux-kernel@vger.kernel.org>; Tue, 4 Jul 2023 08:56:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1688486188; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6+ZHn5E4Ey2ZPvoR0JBGrpwDUf/hUgRLwKW3bRltrnM=; b=YuXJlRYZJdq+bLLlVyvWPYx5z+q5OcQOz8VpZ4hQkNc1h8atNV7b58od9MMraW3pQI0zjJ Gw6U1V2b9Da0O16/AEj9RoUnr7irg9604n8pbh98Dqpg/PTGFp9Q05vwjzqSqja/g7pf7U cYAKo1g7nHEpNNAtd2DpCn9cr1QUBl0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-48-iMiKNks1MWGc2_Z9ocmsWQ-1; Tue, 04 Jul 2023 11:56:27 -0400 X-MC-Unique: iMiKNks1MWGc2_Z9ocmsWQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D53AF805C3F; Tue, 4 Jul 2023 15:56:26 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.42.28.195]) by smtp.corp.redhat.com (Postfix) with ESMTP id 777A81121318; Tue, 4 Jul 2023 15:56:25 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells <dhowells@redhat.com> To: netdev@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>, Ondrej =?utf-8?b?TW9zbsOhxI1law==?= <omosnacek@gmail.com> cc: dhowells@redhat.com, Paolo Abeni <pabeni@redhat.com>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Jens Axboe <axboe@kernel.dk>, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH net] crypto: af_alg: Fix merging of written data into spliced pages MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Date: Tue, 04 Jul 2023 16:56:24 +0100 Message-ID: <1585899.1688486184@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770506538103454624?= X-GMAIL-MSGID: =?utf-8?q?1770506538103454624?= |
Series |
[net] crypto: af_alg: Fix merging of written data into spliced pages
|
|
Commit Message
David Howells
July 4, 2023, 3:56 p.m. UTC
af_alg_sendmsg() takes data-to-be-copied that's provided by write(),
send(), sendmsg() and similar into pages that it allocates and will merge
new data into the last page in the list, based on the value of ctx->merge.
Now that af_alg_sendmsg() accepts MSG_SPLICE_PAGES, it adds spliced pages
directly into the list and then incorrectly appends data to them if there's
space left because ctx->merge says that it can. This was cleared by
af_alg_sendpage(), but that got lost.
Fix this by skipping the merge if MSG_SPLICE_PAGES is specified and
clearing ctx->merge after MSG_SPLICE_PAGES has added stuff to the list.
Fixes: bf63e250c4b1 ("crypto: af_alg: Support MSG_SPLICE_PAGES")
Reported-by: Ondrej Mosnáček <omosnacek@gmail.com>
Link: https://lore.kernel.org/r/CAAUqJDvFuvms55Td1c=XKv6epfRnnP78438nZQ-JKyuCptGBiQ@mail.gmail.com/
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: Paolo Abeni <pabeni@redhat.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: linux-crypto@vger.kernel.org
cc: netdev@vger.kernel.org
---
crypto/af_alg.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
Comments
On Tue, Jul 04, 2023 at 04:56:24PM +0100, David Howells wrote: > > af_alg_sendmsg() takes data-to-be-copied that's provided by write(), > send(), sendmsg() and similar into pages that it allocates and will merge > new data into the last page in the list, based on the value of ctx->merge. > > Now that af_alg_sendmsg() accepts MSG_SPLICE_PAGES, it adds spliced pages > directly into the list and then incorrectly appends data to them if there's > space left because ctx->merge says that it can. This was cleared by > af_alg_sendpage(), but that got lost. > > Fix this by skipping the merge if MSG_SPLICE_PAGES is specified and > clearing ctx->merge after MSG_SPLICE_PAGES has added stuff to the list. > > Fixes: bf63e250c4b1 ("crypto: af_alg: Support MSG_SPLICE_PAGES") > Reported-by: Ondrej Mosnáček <omosnacek@gmail.com> > Link: https://lore.kernel.org/r/CAAUqJDvFuvms55Td1c=XKv6epfRnnP78438nZQ-JKyuCptGBiQ@mail.gmail.com/ > Signed-off-by: David Howells <dhowells@redhat.com> > cc: Herbert Xu <herbert@gondor.apana.org.au> > cc: Paolo Abeni <pabeni@redhat.com> > cc: "David S. Miller" <davem@davemloft.net> > cc: Eric Dumazet <edumazet@google.com> > cc: Jakub Kicinski <kuba@kernel.org> > cc: linux-crypto@vger.kernel.org > cc: netdev@vger.kernel.org > --- > crypto/af_alg.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) Thanks for fixing this David! I'll push it out soon.
On Tue, Jul 04, 2023 at 04:56:24PM +0100, David Howells wrote: > > af_alg_sendmsg() takes data-to-be-copied that's provided by write(), > send(), sendmsg() and similar into pages that it allocates and will merge > new data into the last page in the list, based on the value of ctx->merge. > > Now that af_alg_sendmsg() accepts MSG_SPLICE_PAGES, it adds spliced pages > directly into the list and then incorrectly appends data to them if there's > space left because ctx->merge says that it can. This was cleared by > af_alg_sendpage(), but that got lost. > > Fix this by skipping the merge if MSG_SPLICE_PAGES is specified and > clearing ctx->merge after MSG_SPLICE_PAGES has added stuff to the list. > > Fixes: bf63e250c4b1 ("crypto: af_alg: Support MSG_SPLICE_PAGES") > Reported-by: Ondrej Mosnáček <omosnacek@gmail.com> > Link: https://lore.kernel.org/r/CAAUqJDvFuvms55Td1c=XKv6epfRnnP78438nZQ-JKyuCptGBiQ@mail.gmail.com/ > Signed-off-by: David Howells <dhowells@redhat.com> > cc: Herbert Xu <herbert@gondor.apana.org.au> > cc: Paolo Abeni <pabeni@redhat.com> > cc: "David S. Miller" <davem@davemloft.net> > cc: Eric Dumazet <edumazet@google.com> > cc: Jakub Kicinski <kuba@kernel.org> > cc: linux-crypto@vger.kernel.org > cc: netdev@vger.kernel.org > --- > crypto/af_alg.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) Patch appiled. Thanks.
On Tue, Jul 4, 2023 at 5:56 PM David Howells <dhowells@redhat.com> wrote: > af_alg_sendmsg() takes data-to-be-copied that's provided by write(), > send(), sendmsg() and similar into pages that it allocates and will merge > new data into the last page in the list, based on the value of ctx->merge. > > Now that af_alg_sendmsg() accepts MSG_SPLICE_PAGES, it adds spliced pages > directly into the list and then incorrectly appends data to them if there's > space left because ctx->merge says that it can. This was cleared by > af_alg_sendpage(), but that got lost. > > Fix this by skipping the merge if MSG_SPLICE_PAGES is specified and > clearing ctx->merge after MSG_SPLICE_PAGES has added stuff to the list. > > Fixes: bf63e250c4b1 ("crypto: af_alg: Support MSG_SPLICE_PAGES") > Reported-by: Ondrej Mosnáček <omosnacek@gmail.com> > Link: https://lore.kernel.org/r/CAAUqJDvFuvms55Td1c=XKv6epfRnnP78438nZQ-JKyuCptGBiQ@mail.gmail.com/ > Signed-off-by: David Howells <dhowells@redhat.com> > cc: Herbert Xu <herbert@gondor.apana.org.au> > cc: Paolo Abeni <pabeni@redhat.com> > cc: "David S. Miller" <davem@davemloft.net> > cc: Eric Dumazet <edumazet@google.com> > cc: Jakub Kicinski <kuba@kernel.org> > cc: linux-crypto@vger.kernel.org > cc: netdev@vger.kernel.org > --- > crypto/af_alg.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) Thanks for the fix! I can confirm that it fixes the reported issue. There remains some kernel panic on s390x that I hadn't noticed in the results earlier, but that's probably a different issue. I'll investigate and send a report/patch when I have more information.
diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 6218c773d71c..06b15b9f661c 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -992,7 +992,7 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, ssize_t plen; /* use the existing memory in an allocated page */ - if (ctx->merge) { + if (ctx->merge && !(msg->msg_flags & MSG_SPLICE_PAGES)) { sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, list); sg = sgl->sg + sgl->cur - 1; @@ -1054,6 +1054,7 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, ctx->used += plen; copied += plen; size -= plen; + ctx->merge = 0; } else { do { struct page *pg; @@ -1085,12 +1086,12 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, size -= plen; sgl->cur++; } while (len && sgl->cur < MAX_SGL_ENTS); + + ctx->merge = plen & (PAGE_SIZE - 1); } if (!size) sg_mark_end(sg + sgl->cur - 1); - - ctx->merge = plen & (PAGE_SIZE - 1); } err = 0;