From patchwork Fri Nov 18 13:55:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominique Martinet X-Patchwork-Id: 22341 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp211996wrr; Fri, 18 Nov 2022 06:05:15 -0800 (PST) X-Google-Smtp-Source: AA0mqf5yyGKDclUACv1nUg7d4uy1Xd8+WjJ7drIoAZ3wxCdW1Sn36K80NM1HBSy0WUQikJND+703 X-Received: by 2002:a17:90a:3f89:b0:217:90e0:3f8c with SMTP id m9-20020a17090a3f8900b0021790e03f8cmr13883525pjc.192.1668780315408; Fri, 18 Nov 2022 06:05:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668780315; cv=none; d=google.com; s=arc-20160816; b=vcO+4O2kz4j+RIirAQkoISeRXSWxYpmIn9Z7+mVr9Hy7exdDNfzM+O/3Cto5eq0iPQ +6ViDbwaiJGs6gyEofqkadAKciaBIKCIAF6ealHPxkX/iqvrcgb1vB9h+MzhEmHbISH7 frKcdqEon0WK5ldfn3JncF/XeKOU9KbDzFl+Li6uBUiTjLKBUBZWTOLJqkVcqpz2Tnn3 EReq2c2KYlgYfyJDMyyX6jFX7xIHahjjJ67nHVPkArE1B/3lIGlSlu+pRDYHBn//EUi0 gLG/DO4ZHQj8157e89L/bPC7uO4KFPrN8FtnJqJDVlQ4i1PHGdVsnSWQwfxwqPTNh0Mh rSNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature:dkim-signature; bh=CQZUY2pFucgWJB1sP94KlRMevw8XHM75WorqTLQ5yWo=; b=N0uUBHY/26ORAlHn/2Hv3NPfcIk3I2P8twylBiWlZmxgs0xE0NKwc9tm4wFgD7yfiF eJ/T2vpHAPN+K+jQ1oIQR2Wo5vvV25luU+iUG5koLjpg/TC/4rr6jxMjcfKwdQMojOYh e+Hjfg7DQfs/LZqAPnLcndrSXc/oRF7QwvI3+BADjaYotGH0FemMhVUUaIkZynXNW7jT tnjQQWRs30wx6khF1e0TdnJ32TrRxnctbT1EsRe89nv56WIfOHUnpEaQPAl+t2MTc1/a W8/agtKBWd0aVyNgJDozMKC1T0CFWZDgUIV4FNdHMeZRDCXNuQNVVZUVN7d3BOUO/D8Y rIZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codewreck.org header.s=2 header.b=uSvAaMZ0; dkim=pass header.i=@codewreck.org header.s=2 header.b=XiMNoADA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a5-20020a656545000000b00430b00f507dsi4006010pgw.430.2022.11.18.06.04.48; Fri, 18 Nov 2022 06:05:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@codewreck.org header.s=2 header.b=uSvAaMZ0; dkim=pass header.i=@codewreck.org header.s=2 header.b=XiMNoADA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241768AbiKRN4I (ORCPT + 99 others); Fri, 18 Nov 2022 08:56:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40780 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241506AbiKRN4F (ORCPT ); Fri, 18 Nov 2022 08:56:05 -0500 Received: from nautica.notk.org (ipv6.notk.org [IPv6:2001:41d0:1:7a93::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3BF1B855 for ; Fri, 18 Nov 2022 05:56:04 -0800 (PST) Received: by nautica.notk.org (Postfix, from userid 108) id EABC2C021; Fri, 18 Nov 2022 14:56:09 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2; t=1668779769; bh=CQZUY2pFucgWJB1sP94KlRMevw8XHM75WorqTLQ5yWo=; h=From:To:Cc:Subject:Date:From; b=uSvAaMZ0OpQj5Glb1zO0fX4Vtf2UxJ5sbZfbsKWIfztAOXVUTsOHzFmFyc0pmE+t5 GQrWZvuuh3a4liNcgeOQwvCoEHFs6y2K7+Yt/77E3yJDKEzFtZGiT3WjkeWt0H/iwl 82ZX0SajJI92Rqi3iomzgjTv9stjt2NyPtAGTpBmygKeGXdJgg8r0vstY/LgzWvsFK tyAHuR1PD6EHY3hz5GWH16hYAsYjBEYo9IM3arp7YcJD4h/hdUtX38LCkhCSNOORBg gWmorINpw+gHsHqP1SOebXgTBaNQYE0ydZ5qQRSt1lzWsAO422MKQjywksSUlOO7wg gFS1rQN5O+GGw== X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from odin.codewreck.org (localhost [127.0.0.1]) by nautica.notk.org (Postfix) with ESMTPS id 6A553C009; Fri, 18 Nov 2022 14:55:58 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2; t=1668779760; bh=CQZUY2pFucgWJB1sP94KlRMevw8XHM75WorqTLQ5yWo=; h=From:To:Cc:Subject:Date:From; b=XiMNoADAAyrOPpLTaJNzk8a4IsyZYtJ+O7/RXIn5s83g068QaP45+jsLpxBpwDnfo C5+OMLcLzxe40UuXlB7wiAwffKkXW9YveqbrK5IVaa9RH/AuJ8whqMXlyFG0G1UziS lGWwTs0s8GmziCje641LY3z6twFh3tHcype78ggsA7Hu92Lp+GfQkzjlrmOoK+p19f X9prWTCp8OX5ByauPLfYvkIsBpzcL4TsnSaOuOqmhi9sac1b6FjPcyKq1PDoBPbiZA jHzQxFgLOlkWJ36wmqfexu+Y9wAqpdP3vdSONWV9ImJSC9UtKlNy/YWd7WPY3okRFb 62TjSrtWPcbGA== Received: from localhost (odin.codewreck.org [local]) by odin.codewreck.org (OpenSMTPD) with ESMTPA id 286f58e1; Fri, 18 Nov 2022 13:55:49 +0000 (UTC) From: Dominique Martinet To: Stefano Stabellini Cc: GUO Zihua , linux_oss@crudebyte.com, v9fs-developer@lists.sourceforge.net, linux-kernel@vger.kernel.org, Dominique Martinet Subject: [PATCH 1/2] 9p/xen: check logical size for buffer size Date: Fri, 18 Nov 2022 22:55:41 +0900 Message-Id: <20221118135542.63400-1-asmadeus@codewreck.org> X-Mailer: git-send-email 2.38.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749842988142198503?= X-GMAIL-MSGID: =?utf-8?q?1749842988142198503?= trans_xen did not check the data fits into the buffer before copying from the xen ring, but we probably should. Add a check that just skips the request and return an error to userspace if it did not fit Signed-off-by: Dominique Martinet --- This comes more or less as a follow up of a fix for trans_fd: https://lkml.kernel.org/r/20221117091159.31533-1-guozihua@huawei.com Where msize should be replaced by capacity check, except trans_xen did not actually use to check the size fits at all. While we normally trust the hypervisor (they can probably do whatever they want with our memory), a bug in the 9p server is always possible so sanity checks never hurt, especially now buffers got drastically smaller with a recent patch. My setup for xen is unfortunately long dead so I cannot test this: Stefano, you've tested v9fs xen patches in the past, would you mind verifying this works as well? net/9p/trans_xen.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c index b15c64128c3e..66ceb3b3ae30 100644 --- a/net/9p/trans_xen.c +++ b/net/9p/trans_xen.c @@ -208,6 +208,14 @@ static void p9_xen_response(struct work_struct *work) continue; } + if (h.size > req->rc.capacity) { + dev_warn(&priv->dev->dev, + "requested packet size too big: %d for tag %d with capacity %zd\n", + h.size, h.tag, rreq->rc.capacity); + req->status = REQ_STATUS_ERROR; + goto recv_error; + } + memcpy(&req->rc, &h, sizeof(h)); req->rc.offset = 0; @@ -217,6 +225,7 @@ static void p9_xen_response(struct work_struct *work) masked_prod, &masked_cons, XEN_9PFS_RING_SIZE(ring)); +recv_error: virt_mb(); cons += h.size; ring->intf->in_cons = cons; From patchwork Fri Nov 18 13:55:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominique Martinet X-Patchwork-Id: 22340 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp211972wrr; Fri, 18 Nov 2022 06:05:13 -0800 (PST) X-Google-Smtp-Source: AA0mqf6yrvcSqRcAooLiTyHxQM1Zr/kwktlULMpSLAdUtC7velEIUND4ghd1WmDWpEteDyL2N7eO X-Received: by 2002:a17:90a:4a8f:b0:215:f80c:18e6 with SMTP id f15-20020a17090a4a8f00b00215f80c18e6mr14152494pjh.45.1668780313185; Fri, 18 Nov 2022 06:05:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668780313; cv=none; d=google.com; s=arc-20160816; b=MZ2ClC14tXyLjhyOqMNNT1U6oyvf99nllGUSpFEFpAHboATWUp8Be8am0g2B6PvgHY YY44B2184wL2z1xsr4VOLEVoLyOwlow7h6fAMAfNziZ60wTZ6tDGNx4AKUz2vaKp0KZd ohXr9vgVWy0unHLjI0CGjWVf1v2W2VHfIe8swWd1PzlF+5muUzEYv6CUvNQrvDo8EP8p H6K+14TgaYoZNjDSG2sYfoOH7BR3pvWRV5dZ1OG5AlY8/FF7D0ri0gH8GHUkhaqQHPQz yVzJWZ0wRtUTfieGLsSgNUacV73BCSWQAeK5DojLLvTaEiCjQ65SWiwTZqDrIkyJfscA n9pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=2zvNrnwZIdlntvmhBz/DN7S4Glsc0P6Qb340ojUDEN4=; b=wQ44jCDcGwvsDvfmGAL4r3TVhjgFjc47jHgKFl/dUGKc8Az9OhbQypfmiDcjiH/4Gh Rg7Yd7OOoKP7uQK7kCsrKj/oFWcpLILwY2JOB6yzzcgWEFCYMe4gaWIW4UH2ooshvayo +s4ZDwn983nYG4SAAULWHhaHl//VFVkVXt2S2X0LFCllfhhxehYU1nqF6zZy2TNpUZPr kI/bkt0vtX9eUqIIvBdvAl187JoyG29Bus68FvdpNPXuqVQFL1O6EP2w4BEyv80hDbkP TAjhFNw7DsQK6rrezGiZucaajBOAmkHG64p33WUS3whaBRrzjAnSmVbkGt9o/BAQlRI+ itew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codewreck.org header.s=2 header.b=PeAPOtRV; dkim=pass header.i=@codewreck.org header.s=2 header.b="M9LB1/hK"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cp5-20020a170902e78500b001869c57b02bsi3581764plb.144.2022.11.18.06.04.45; Fri, 18 Nov 2022 06:05:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@codewreck.org header.s=2 header.b=PeAPOtRV; dkim=pass header.i=@codewreck.org header.s=2 header.b="M9LB1/hK"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241487AbiKRN4F (ORCPT + 99 others); Fri, 18 Nov 2022 08:56:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229476AbiKRN4D (ORCPT ); Fri, 18 Nov 2022 08:56:03 -0500 Received: from nautica.notk.org (ipv6.notk.org [IPv6:2001:41d0:1:7a93::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A83D3B855 for ; Fri, 18 Nov 2022 05:56:01 -0800 (PST) Received: by nautica.notk.org (Postfix, from userid 108) id E763EC020; Fri, 18 Nov 2022 14:56:05 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2; t=1668779765; bh=2zvNrnwZIdlntvmhBz/DN7S4Glsc0P6Qb340ojUDEN4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PeAPOtRVbJ7Wva3/UzmTuuf7pmbZUYr64c0FxzoXadMWRdyZtMCZNm5J3k8BCIeQw i0bAV78KpveYWd8UC7vHHmsE2Lf71ObZCIIMmGc2GPrYoOWzeJ0qt+CoeqzbzO7bil 5NC7290ME3DmigoT1BzBuEzeux9Ape6cGp8tZnmQEOyeZsDI1ZRBmpd5pdrxBRM7Ky PY96OSDWxN71Cq0biGnxl5ktsa8DSZkabg6MVdfHwqbL2PnI5JSKnLdp3WN1mE6lbY zg2rnnArrZao8DjmAbrjfTaTDzoXSm5t0n8CEd2VigSfiRGD/VAgEKNF9sT6VOHT09 hW8B4Jcv1/B6Q== X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from odin.codewreck.org (localhost [127.0.0.1]) by nautica.notk.org (Postfix) with ESMTPS id E9FDEC01B; Fri, 18 Nov 2022 14:56:00 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2; t=1668779764; bh=2zvNrnwZIdlntvmhBz/DN7S4Glsc0P6Qb340ojUDEN4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=M9LB1/hKMOS7DeTEEQ1/0eAXlpmjuJsOBW/Ir2WRkCVKs7K+eleFNnn5X5DwNO0qk QAWeOYLys+gqtNHBvt5w+EBeF6GBYNb2rhZf/qj+GM4UlPmci7lZiBFhTJSWaVThTY a58N+X6CJoeOQjCAfFWoK6V3gaDRBdy0Hgstqm1rwGnm5S0XqgSPZRZnEe2hzxCxQ3 jT6oHNQITzzlYsuDi8YobMdqtP2cpPxbw7Psr0Wphh23A5U+xZLpC2yVQox05Dge1w +FhfTOP+8P+/jiFuTfUl196RscW3+Gf1X13NTlCtmgRPqr56rqMu1DeSrUTtlDWtd8 lbHRDzRlH2+NQ== Received: from localhost (odin.codewreck.org [local]) by odin.codewreck.org (OpenSMTPD) with ESMTPA id e762b5e8; Fri, 18 Nov 2022 13:55:50 +0000 (UTC) From: Dominique Martinet To: Stefano Stabellini Cc: GUO Zihua , linux_oss@crudebyte.com, v9fs-developer@lists.sourceforge.net, linux-kernel@vger.kernel.org, Dominique Martinet Subject: [PATCH 2/2] 9p: ensure logical size fits allocated size Date: Fri, 18 Nov 2022 22:55:42 +0900 Message-Id: <20221118135542.63400-2-asmadeus@codewreck.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221118135542.63400-1-asmadeus@codewreck.org> References: <20221118135542.63400-1-asmadeus@codewreck.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749842986059096631?= X-GMAIL-MSGID: =?utf-8?q?1749842986059096631?= all buffers used to be msize big, but the size can now vary based on message type and arguments. Adjut p9_check_error() to check the logical size (request payload) fits within the allocated size (capacity) rather than msize Transports normally all check this when the packet is being read, but might as well stay coherent. Fixes: 60ece0833b6c ("net/9p: allocate appropriate reduced message buffers") Signed-off-by: Dominique Martinet --- I think with the previous patch this is purely redundant, but better safe than sorry... The main problem is that if we didn't find this before we already overflowed a buffer, so this is quite late! net/9p/client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/9p/client.c b/net/9p/client.c index aaa37b07e30a..45dcc9e5d091 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -514,7 +514,7 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req) int ecode; err = p9_parse_header(&req->rc, NULL, &type, NULL, 0); - if (req->rc.size >= c->msize) { + if (req->rc.size >= req->rc.capacity) { p9_debug(P9_DEBUG_ERROR, "requested packet size too big: %d\n", req->rc.size);