Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp193654rwb; Sun, 25 Sep 2022 18:30:59 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6omnNsOYsiARwSQ4UwY7hZ2QDpQQNraIWGv9zpoYanxtV+MuhfFxyAPsEM2tDksk3O6+kI X-Received: by 2002:a17:902:e889:b0:178:2d4f:171f with SMTP id w9-20020a170902e88900b001782d4f171fmr19885774plg.51.1664155859720; Sun, 25 Sep 2022 18:30:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664155859; cv=none; d=google.com; s=arc-20160816; b=vavWKOx6eMZwoQmcH42xC3VElI2DWfJPwuIc8QbMdeUdSIZMonOjOZFtsXRuWoRsqT qxWwbRlwXQn3d07jQXLuLlVYVzVOqpPuw2W4QY1CM39UmZTwhC+pbcxocbGvcGofWaGV 6HyYxOyKeJgaa1p1wnLWnTiOtHpwvGxdHyvz1LTnVQ+IdA+orIYJzlJWPvWZbf1lieIy EDtBgfnsqrjtvY54A3ku7nTJZvZsrYoz1HZTBNNHfd2v00dxrOmoF1goXGeijZ1f2x1/ ecuoRv+lVdKdTRUjFIvtADQ2Wz3lFvOQCaPrEdvIOPPjZeN8cFICHNekHLAAXQ8/2/5B Dxcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Ee6jY7viFUfMjAsx1AOZFi9ykD0TZlKjDDVt7+BAWpA=; b=PobHtFwTk1Kca19iC7y2C/EBUshlzBrmDLz6gu+6NiiUPCDFaCrcRCorP3xeAAwqbT fn1XXKP7Sb5nTc01Di/k7V2cXyrj+ALG+Skfwg6jLQGF9N3UXmrjHMn4Ef7Fuhwq8kju srUid2LtVmnVzNwZgMiF/xcU13r69VUxkrOdFgvRmVOtt3E/6YzI6B3JtDcNUxZlEaUX 8AT6hlJTIWATWiJa16SODaNtnhiQnlHnmkvTQJp4Q8Snfh6Adpk0i6LhsmJVKVZJJygc k+jMn0H3mpyptbhUmwonNjEL6QWoUNoJ0zh4GQvb0lyYmbcuEYQBoE/0jyjZ6c+fFofY 8VcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Tymc3mQ6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gx18-20020a17090b125200b001fe061b0de8si8418328pjb.48.2022.09.25.18.30.49; Sun, 25 Sep 2022 18:30:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Tymc3mQ6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233202AbiIZAlb (ORCPT + 99 others); Sun, 25 Sep 2022 20:41:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233218AbiIZAl3 (ORCPT ); Sun, 25 Sep 2022 20:41:29 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F4782E685 for ; Sun, 25 Sep 2022 17:41:27 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id g1-20020a17090a708100b00203c1c66ae3so5255024pjk.2 for ; Sun, 25 Sep 2022 17:41:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date; bh=Ee6jY7viFUfMjAsx1AOZFi9ykD0TZlKjDDVt7+BAWpA=; b=Tymc3mQ6yYtKo/fUwb0pntTGEsuDmA3KGe5ZainSrzJcqfvTUXGD6g4AS/QDrdEz1m IPp9Tld0kqL2gFrY1NTkahNxDsLTe8rCfVZ7Sf6Yy58l+LrHh3LtaZFzBUsKT5oECTI8 ASxk03BGu9JGtTcAH5Y41r1unU3COw5iwE/sg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date; bh=Ee6jY7viFUfMjAsx1AOZFi9ykD0TZlKjDDVt7+BAWpA=; b=oYr2usBu0HBqG4QqjZW+1YYnVVV8KuJIXpVMsl1wj29BVrn1aU/lI85D3Ph58bUbiL khC4aju3Ge+hjDHp0eyY4gYlegRN/rBYKQYvXVY/RPEZth2eLl3prlB0l3D73d2JT5LG 3T1jGxm5dx2BaMjOtXYtSI2p5B1BmKb4i5Foyh9NvbvL/inqtOHe6Le2cx9Nh62WugYa MbYupJkKncJjQz1eTFvG64L1qe1XQ5xQk9EAmr9Ns9NN6FQxZeUu9cUoDXrxNzZVJYv0 r5LidF0E1qe1E4+Truncm8Frp5YXo6IKadoWr7LyNSbHVRnBve5fU4IFxjj+XvfCRZJf UXEA== X-Gm-Message-State: ACrzQf22HPfmOGzMbo3/icp2HYN4Lr4AM4z6HGJUjhcIxi+ENs4fnBe4 /fxa7u1CjR+BKGqcPbNpAu8E6w== X-Received: by 2002:a17:902:ea0e:b0:178:3d49:45ad with SMTP id s14-20020a170902ea0e00b001783d4945admr19810833plg.103.1664152885590; Sun, 25 Sep 2022 17:41:25 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id l7-20020a622507000000b0053ebafa7c42sm10576331pfl.79.2022.09.25.17.41.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Sep 2022 17:41:24 -0700 (PDT) Date: Sun, 25 Sep 2022 17:41:23 -0700 From: Kees Cook To: Paolo Abeni Cc: Vlastimil Babka , "David S. Miller" , Eric Dumazet , Jakub Kicinski , netdev@vger.kernel.org, "Ruhl, Michael J" , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Greg Kroah-Hartman , Nick Desaulniers , Alex Elder , Josef Bacik , David Sterba , Sumit Semwal , Christian =?iso-8859-1?Q?K=F6nig?= , Jesse Brandeburg , Daniel Micay , Yonghong Song , Marco Elver , Miguel Ojeda , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-fsdevel@vger.kernel.org, intel-wired-lan@lists.osuosl.org, dev@openvswitch.org, x86@kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: Re: [PATCH v2 04/16] skbuff: Phase out ksize() fallback for frag_size Message-ID: <202209251738.2E6B9C29D@keescook> References: <20220923202822.2667581-1-keescook@chromium.org> <20220923202822.2667581-5-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Sep 25, 2022 at 09:17:40AM +0200, Paolo Abeni wrote: > On Fri, 2022-09-23 at 13:28 -0700, Kees Cook wrote: > > All callers of APIs that allowed a 0-sized frag_size appear to be > > passing actual size information already > > AFAICS, not yet: > > drivers/net/ethernet/qlogic/qed/qed_ll2.c: > skb = build_skb(buffer->data, 0); // -> __build_skb(..., 0)? > // -> __build_skb_around() > > drivers/net/ethernet/broadcom/bnx2.c: > skb = build_skb(data, 0); > > I guess some more drivers have calls leading to? > > __build_skb_around(..., 0) > > there are several call path to checks... Ah-ha! Thank you. I will try to hunt these down -- I think we can't remove the "secret resizing" effect of ksize() without fixing these. > > [...] > > diff --git a/net/core/skbuff.c b/net/core/skbuff.c > > index 0b30fbdbd0d0..84ca89c781cd 100644 > > --- a/net/core/skbuff.c > > +++ b/net/core/skbuff.c > > @@ -195,7 +195,11 @@ static void __build_skb_around(struct sk_buff *skb, void *data, > > unsigned int frag_size) > > { > > struct skb_shared_info *shinfo; > > - unsigned int size = frag_size ? : ksize(data); > > + unsigned int size = frag_size; > > + > > + /* All callers should be setting frag size now? */ > > + if (WARN_ON_ONCE(size == 0)) > > + size = ksize(data); > > At some point in the future, I guess we could even drop this check, > right? Alternatively, we might be able to ask the slab if "data" came from kmalloc or a kmem_cache, and if the former, do: data = krealloc(kmalloc_size_roundup(ksize(data), ...) But that seems ugly... -- Kees Cook