From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A4BEC6FA82 for ; Mon, 26 Sep 2022 00:41:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9033A8E0028; Sun, 25 Sep 2022 20:41:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8B0488E0007; Sun, 25 Sep 2022 20:41:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 778478E0028; Sun, 25 Sep 2022 20:41:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 67F4B8E0007 for ; Sun, 25 Sep 2022 20:41:27 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 3D4BF1602CE for ; Mon, 26 Sep 2022 00:41:27 +0000 (UTC) X-FDA: 79952383014.01.CF26A19 Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by imf12.hostedemail.com (Postfix) with ESMTP id C781E40002 for ; Mon, 26 Sep 2022 00:41:26 +0000 (UTC) Received: by mail-pj1-f48.google.com with SMTP id x1-20020a17090ab00100b001fda21bbc90so10886546pjq.3 for ; Sun, 25 Sep 2022 17:41:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date; bh=Ee6jY7viFUfMjAsx1AOZFi9ykD0TZlKjDDVt7+BAWpA=; b=Tymc3mQ6yYtKo/fUwb0pntTGEsuDmA3KGe5ZainSrzJcqfvTUXGD6g4AS/QDrdEz1m IPp9Tld0kqL2gFrY1NTkahNxDsLTe8rCfVZ7Sf6Yy58l+LrHh3LtaZFzBUsKT5oECTI8 ASxk03BGu9JGtTcAH5Y41r1unU3COw5iwE/sg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date; bh=Ee6jY7viFUfMjAsx1AOZFi9ykD0TZlKjDDVt7+BAWpA=; b=ohXsYLTmb79IXrhbzSjPP6lXE1wwG3AHu2MDjrD2curH4HOBe054TnsS1Gv5odKaLH RziK1tG5vxeJl6991KKaS7k0ZdIiIbDYU/j7/5Wc8wLhsdnIxEwGCt//r7W18GmvpjWh BVylqMNjFTssbsXIL6gdtNQcxRheDADNmMiPHhkskHioD6pyhCljjDUlpgx2QkZtxF5+ 7+wmzs/3d3zjxBsuRYZHqGEfd7R4Sx3S4c5j9HCyHw40+bIu7RA9+xp01Eq6M207WTR4 46kxpQ1TdiasIahFt3epgtR/pJN/sZU8+sPTr4hZi2QfBEDkXZgNW/xYOnWtdrXB3N4T rXvg== X-Gm-Message-State: ACrzQf0/HedlhlnNilpo0oZFa1JWZ3/rHctaZnq4r+suUbTLqJSfBZ5/ QKf6xHJmzajjMpb8081C0m3DSQ== X-Google-Smtp-Source: AMsMyM5VpMx54A01n2IxbeNYegjZcGYyyX6uNC/69UJfyYAh5+QLjokwGVSlu1kDsKsMHY6BwDZQuA== X-Received: by 2002:a17:902:ea0e:b0:178:3d49:45ad with SMTP id s14-20020a170902ea0e00b001783d4945admr19810833plg.103.1664152885590; Sun, 25 Sep 2022 17:41:25 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id l7-20020a622507000000b0053ebafa7c42sm10576331pfl.79.2022.09.25.17.41.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Sep 2022 17:41:24 -0700 (PDT) Date: Sun, 25 Sep 2022 17:41:23 -0700 From: Kees Cook To: Paolo Abeni Cc: Vlastimil Babka , "David S. Miller" , Eric Dumazet , Jakub Kicinski , netdev@vger.kernel.org, "Ruhl, Michael J" , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Greg Kroah-Hartman , Nick Desaulniers , Alex Elder , Josef Bacik , David Sterba , Sumit Semwal , Christian =?iso-8859-1?Q?K=F6nig?= , Jesse Brandeburg , Daniel Micay , Yonghong Song , Marco Elver , Miguel Ojeda , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-fsdevel@vger.kernel.org, intel-wired-lan@lists.osuosl.org, dev@openvswitch.org, x86@kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: Re: [PATCH v2 04/16] skbuff: Phase out ksize() fallback for frag_size Message-ID: <202209251738.2E6B9C29D@keescook> References: <20220923202822.2667581-1-keescook@chromium.org> <20220923202822.2667581-5-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1664152886; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Ee6jY7viFUfMjAsx1AOZFi9ykD0TZlKjDDVt7+BAWpA=; b=XpUB815wlIqSaQt9DoA+5u4G6xFwIdJUNKisiSd0Lc6UiJlrA/7x1hLVYF/2RyPvtYc6Bn GY7HJxUaI8krpUXxM4MQBrleqOagpiDAlcQynXztGxt+m+AKeKFcm8aO39KtUIJ9Oo36Dy 1WITW/9I1lF79VFuYr7frOVV/hP95fA= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Tymc3mQ6; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf12.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.48 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1664152886; a=rsa-sha256; cv=none; b=KQ0Oi5i32g9vs81HrEWa2AsCNr1LdF/t1wNwL7DMe/av923E9dxXDntn0H+owWzx0Pv50e KmEXuRPYG/cpiotPKagPWKRZjwVZcvEVo/f2Dz3e3ojXOvkKmFo1a50rGgy/+p+Zg6GHWK rOYFXM7YX7uM9MEOoUCWXqCcFqDFmIY= X-Rspam-User: Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Tymc3mQ6; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf12.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.48 as permitted sender) smtp.mailfrom=keescook@chromium.org X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: C781E40002 X-Stat-Signature: q4g4cm5j5tmt6j1y7gs1amh9gu4og6wx X-HE-Tag: 1664152886-31604 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sun, Sep 25, 2022 at 09:17:40AM +0200, Paolo Abeni wrote: > On Fri, 2022-09-23 at 13:28 -0700, Kees Cook wrote: > > All callers of APIs that allowed a 0-sized frag_size appear to be > > passing actual size information already > > AFAICS, not yet: > > drivers/net/ethernet/qlogic/qed/qed_ll2.c: > skb = build_skb(buffer->data, 0); // -> __build_skb(..., 0)  > // -> __build_skb_around() > > drivers/net/ethernet/broadcom/bnx2.c: > skb = build_skb(data, 0); > > I guess some more drivers have calls leading to  > > __build_skb_around(..., 0) > > there are several call path to checks... Ah-ha! Thank you. I will try to hunt these down -- I think we can't remove the "secret resizing" effect of ksize() without fixing these. > > [...] > > diff --git a/net/core/skbuff.c b/net/core/skbuff.c > > index 0b30fbdbd0d0..84ca89c781cd 100644 > > --- a/net/core/skbuff.c > > +++ b/net/core/skbuff.c > > @@ -195,7 +195,11 @@ static void __build_skb_around(struct sk_buff *skb, void *data, > > unsigned int frag_size) > > { > > struct skb_shared_info *shinfo; > > - unsigned int size = frag_size ? : ksize(data); > > + unsigned int size = frag_size; > > + > > + /* All callers should be setting frag size now? */ > > + if (WARN_ON_ONCE(size == 0)) > > + size = ksize(data); > > At some point in the future, I guess we could even drop this check, > right? Alternatively, we might be able to ask the slab if "data" came from kmalloc or a kmem_cache, and if the former, do: data = krealloc(kmalloc_size_roundup(ksize(data), ...) But that seems ugly... -- Kees Cook