From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FB1ECD5BC6 for ; Tue, 19 Sep 2023 14:16:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B8DCF6B0541; Tue, 19 Sep 2023 10:16:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B3D426B0542; Tue, 19 Sep 2023 10:16:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A2D0F6B0543; Tue, 19 Sep 2023 10:16:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 92D936B0541 for ; Tue, 19 Sep 2023 10:16:16 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 31FD2404EF for ; Tue, 19 Sep 2023 14:16:16 +0000 (UTC) X-FDA: 81253546752.15.A548062 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf21.hostedemail.com (Postfix) with ESMTP id DADE71C000A for ; Tue, 19 Sep 2023 14:16:13 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Hv5E1TRu; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of brauner@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=brauner@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1695132974; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Mafpe3xDFaFiNCQJ6lZwjL3wsa9CWb6Kg4GjswZvvd4=; b=ZMfo3Evhbc86XxO0tAvbU8nfV2/M6Gcc1DPvulx7dEoHSNZaDSik4MuVXh4N/Hrt2r0gUL 9LBAdOcxkCEeWjXfHdOz70RWcouF1dTjod8Zo3I0KisIK1DCBbjl3qg8xqAxgDA9npF4pu P3X/w01rCj/6fElotE91NNdSLxuDROM= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Hv5E1TRu; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of brauner@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=brauner@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1695132974; a=rsa-sha256; cv=none; b=30nvJTYjteH5wi3lILKXbKRId5oCja77TkjcKjVVBDjrm7NjY91+kcobdZJ+qMAKBEmXpt /ocfWEAqDOlO+qxJbVlVBwOU4H/FakeDzQLcMB9WgTpYEMAf3Wv1XY3IjTPcMc1YccCJTu 9+TmAgDycf+8dnOssYTLdQkYldL7TKk= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3C86CB81604; Tue, 19 Sep 2023 14:16:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 223BFC433C7; Tue, 19 Sep 2023 14:16:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1695132971; bh=DoNwzPQc2IBi/5emx9crPnkubUnAPIyHk1dmESs02BM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Hv5E1TRucxP27VGQhkME58Yqy1YVVc/z5xfzN6KiGj0DHTfRE5pyOGWNVzIQa3fdT cg3HJkvvm+EGGcAo8q375QF5T842seCem1rIto5tg8PGDP0Mgifky8K7XI9SG+kVAQ sde8XklcqbBhgXQX8RI1/7dNh1oxpuwK5b0gU9IC6stnHajelay0jIsae8lJPhaAb3 l3whdrDH4t0ulR8Ugyo4Wxg3si/65IIjybxWX04mAIxZDPlTxc0+kcatY+WY8eRqqY kUg/G4t1s1jzcAQw8nLQgg9TcWSSulrbNAiwfg8MIufzP29Vo32emhrscXo/5R0Wq6 7InVrjPq2UJhw== Date: Tue, 19 Sep 2023 16:16:07 +0200 From: Christian Brauner To: Max Kellermann Cc: Alexander Viro , "Matthew Wilcox (Oracle)" , Andrew Morton , Hugh Dickins , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH] pipe_fs_i.h: add pipe_buf_init() Message-ID: <20230919-deeskalation-hinsehen-3b6765180d71@brauner> References: <20230919080707.1077426-1-max.kellermann@ionos.com> <20230919-fachkenntnis-seenotrettung-3f873c1ec8da@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Queue-Id: DADE71C000A X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: jsix6tme7y786w9jyxeajp3izsc7e8qc X-HE-Tag: 1695132973-437110 X-HE-Meta: U2FsdGVkX18cK7fxETzRmGBE76HwQGgFWloaHTfpPk+Rl8S5osOAQ1uLu4Mst6hYDvQGUSKxxtqV6ju+EUsMqPhwrUIbCjxBrj6QkqbR1MIf03nRrDuZm+dqx2lWbG0jOAM/gtUMPMTTiMaspPk7OBGjOp3KJWsSMk17+TzEWnAHo5+rB1rqUhPkMl+VANze8fLDIjc9Y+OLZAXwMH0SgEzAqnEMs8Q1JmBM25wml1JGfNDPBs4ZSGBzsPUnQLRqCnZfjOdqIWxXEJGLEp2rJcsKIbL0s8JpAke6DGnQEEeyCL4myGQfBe1etd0eIyJ7FECl1kQplhcCvrmAB7yRBdoK/VrKv5Tjknk4QMInlFElSHSaYvIXYxo9TDusiMv3fr+49iz2qN5jq8jznNSS5izkS0NolsT1GYoROMrZtenw0lnM002uRyEQMvsdJwykeJ//czKt6/9CJhU86ZrTDR2/UlYu9D/s7ZnFPUBmAHqQlVjHsiHzvoEDWEduu11CBGq6hsFp7Rz6YpvTQW4bVyboCOgbm83NZ+SjiiuBdcfNZqAgp9o29g9AxMQ+qIKLH3oTskCY9gE3wCC+Nj2dPNjJOhhgdAmcZV6wHTHOpw16+gL2yqV1HtRINrp/YTtmo/EikslOj7tEHwpYsdfzgPW7ZBmAEszoOBQRdb+/T2mZvkHF/B0zNDQeWtv0/3xSoCkcaotGEIsT1VaU4gLtgZN6n2Tuhp0HnpmBIXKvWwDZiyFSU9mJgpWv1++Vm3D50TyN/HwKmDQ4IXkBs1FCZkNvI8nQNlzRINwFBSWG8UkmiL6cpMAguXLsk3OF+fxzazfJf0j0qoEyiEhkrQjs/fdr+2NIH4ZfRkRhcxzmTI9q4yh8pr8u/umttqlcuK85NvKgbpeC67nLrvhnXC4jYgJnLflMEjdz1KLrQ2uDZL3/UrCd0YVIW3Isc7IyIr/bDsUjg9IFGuP5Uu07Sa/ ub32Eu1U mcFEslfiQf61pKuE0l6m9QKHmk6qtRen5sgJuZ4umZzLggORPiGGFlvPthSMqXH6euFdFUWrjhbWm+BzQ7oLuONVI+cJyd7CNzvh81i48OKugF9peiWmc5pO+3sUBok2CJV3lqLixwrkp8AsO9+We21Rw+L219CjN7TxP5VGQiF4A7/Xy4iZKVWSdQGit9gbeIs3AwVoxGkylw49P8NvICvaibYisgp4iOFG0oF4xZ+AjeDN3nhOKftH1Nmvg952YxHgMY5JwU03G8zZQpA1czx4WVofVXxeU3xyYjAahVru1cheknq8gQxrEIJ0Dyguy9yy6jIT3M/mh3z3zOa0MLNQcCuUjKIFkDPNiAiStNeLUl/zFDWBPpjK6WUXjUhFkbUWVCyqYSPlIl04= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Sep 19, 2023 at 03:55:36PM +0200, Max Kellermann wrote: > On Tue, Sep 19, 2023 at 3:45 PM Christian Brauner wrote: > > So pipe_buf->private may now contain garbage. > > NULL is just as garbage as the other 2^64-1 possible pointer values. > NULL isn't special here, nobody checks the field for NULL. This field You're changing how the code currently works which is written in a way that ensures all fields are initialized to zero. The fact that currently nothing looks at private is irrelevant. Following your argument below this might very easily be the cause for another CVE when something starts looking at this. Wouldn't it make more sense to have the pipe_buf_init() initialize the whole thing and for the place where it leaves buf->private untouched you can just do: unsigned long private = buf->private pipe_buf_init(buf, page, 0, 0, &anon_pipe_buf_ops, PIPE_BUF_FLAG_CAN_MERGE, private) So just use a compound initializer in pipe_buf_init() just like we do in copy_clone_args_from_user()?