Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp5561287rwl; Mon, 3 Apr 2023 23:40:05 -0700 (PDT) X-Google-Smtp-Source: AKy350bSZwDo934y0whuMnmYnJqqILV2dZxjmpucMi/BMnpQlO0JoCMPJHlpBpQxrRAIoYc7R4Xr X-Received: by 2002:a17:903:41c1:b0:19a:839f:435 with SMTP id u1-20020a17090341c100b0019a839f0435mr22909788ple.3.1680590404753; Mon, 03 Apr 2023 23:40:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680590404; cv=none; d=google.com; s=arc-20160816; b=fcLREr4K9pZ0rtNsH61H0yRZOsW9JdzOoqfFgx4eiM+LH69drT2fIbv6q3MM8oMpCR N3qrj+WXrMKob/QEcjpaGLo4m3m5k6I4Mz01Vot9TXqAGrucYtoAqg1vCTaAL+3HUXc4 oevxK4QSbT9pcFGq8GPTN6g1j56E+jjvlWx2YG6+OenQMdtl83hpdU4kAVj9tNTDg4A4 2ju9+ZUQ3Qib+PgIggKh79G/uAetR/x023qLvCKF7I+UuQZmnSx9NBbwwaAz4OAp+hBy iRJivmEb1g9M4niYKLOl6HxVFr9bK3HankbHBFBtcCDUVa/e8G/lvDnyAXSYPJLO4E1U +w4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=+H9GL64TGrcz+vOZNvr1jljQ38/CD9zQDOXsTVZAefM=; b=onoHMghEHbZB3esk+Yb8vd/1r/BzoQCqTqobIGCXOVG40F2fVzeftIdf5jNSCk95rF 7wBGHsto2BGvECEhp70wrq396/QowdO8IvcpkhY8yPwWYzokZKc47zqD5SDwkcnvLqHO pGIVDIO47gVaGVAVhjTVPXPzhGe30RDurthg1WPdVDgdbECtPgP+TB4hcj8OJpbGz1fG Ojx1vGdhPg/WyP+NQrduYh0sdZPfremGVI37wux5BQM4DgSE7V4Gf7/Y4/jP4NFihkJX i6g/DtLp6XkJlkNWnVFF1x4syAO5Jcd28IlYWu3YlUSYE69dfeD78s/s24qJO1HhbAyW kGhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="HI3PNT/p"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i2-20020a635402000000b0050bde92f3adsi3428832pgb.837.2023.04.03.23.39.46; Mon, 03 Apr 2023 23:40:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="HI3PNT/p"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233739AbjDDG0D (ORCPT + 99 others); Tue, 4 Apr 2023 02:26:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46492 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233221AbjDDG0B (ORCPT ); Tue, 4 Apr 2023 02:26:01 -0400 Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C172138; Mon, 3 Apr 2023 23:26:00 -0700 (PDT) Received: by mail-yb1-xb2a.google.com with SMTP id i6so37472893ybu.8; Mon, 03 Apr 2023 23:26:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680589559; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+H9GL64TGrcz+vOZNvr1jljQ38/CD9zQDOXsTVZAefM=; b=HI3PNT/pXakw12UQF3wpfr1WWc3sTtXEAx7eWTPsOicgPgEbBbAsujm/eb0z5okUYj GpAV5tvhWPNDdG/Rn3UabcLCmxPe9axmlKO++m7C4GIbErVpVZSjRY+Z8g9M7WQ6Ny0t s3YS9vEyubZ4bQLFONEBtPWVN/xu20M+wRP5ITlhSn8JLdv9JdBYwuV/9YpvyJE0+gcX JMh6JVMGDjq9OrrVOFT73ugvihaA1YRucSrELAUhVeR5td/pWjISxNlfzB4zv54l5s69 wBwgBdaXXZaY1SWdtqTKWF4A8x8elWHulKZdHW/dTnjQcdPtwyBkpvUbnMZ7ycM53xS2 kWZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680589559; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+H9GL64TGrcz+vOZNvr1jljQ38/CD9zQDOXsTVZAefM=; b=mzacJP6mTQt4oc/z/yvR4x6JQ9i9pB1n8w9w038OgjDEpuShoLpAZDZinowyxVVwYP dlTMGIVCuBLqpj0w6f0tVeyLSwPaR1LTB+jQYa1rqzro+3t7YcrIDvkh/lNtEYmVv6ne 98tZRsBrNdgXwpqLPqtU4rjznx9O9F9xCzHloleJbgWGzJCseDY67FPc5l+jpW8n5aYC Fc84lnOHXf/Ul3iHwLd3oc8BzT5Ze213C2OAOV42qmr57qm+FqdgkXntgMAb8fx9C1iL ikDXKjqjK/MhXDu+DDwYJlIEtFoJ/NoAJ/TQgMivaYUw5/+C4iSzmN5UhLY5iIt8v/OG dLkw== X-Gm-Message-State: AAQBX9fm+42Qv9upyTH5jNGJz6MHUMdWF83vtk7BlfxNA/P11ngGoxr4 YVCo/WoGzQ5YIk+DgRxM57yTXQIAMluoZllLmLs= X-Received: by 2002:a25:d4d0:0:b0:b3b:fb47:8534 with SMTP id m199-20020a25d4d0000000b00b3bfb478534mr990192ybf.5.1680589559363; Mon, 03 Apr 2023 23:25:59 -0700 (PDT) MIME-Version: 1.0 References: <20230403143601.32168-1-kal.conley@dectris.com> In-Reply-To: <20230403143601.32168-1-kal.conley@dectris.com> From: Magnus Karlsson Date: Tue, 4 Apr 2023 08:25:48 +0200 Message-ID: Subject: Re: [PATCH bpf] xsk: Fix unaligned descriptor validation To: Kal Conley Cc: =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , Maxim Mikityanskiy , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 3 Apr 2023 at 16:38, Kal Conley wrote: > > Make sure unaligned descriptors that straddle the end of the UMEM are > considered invalid. Currently, descriptor validation is broken for > zero-copy mode which only checks descriptors at page granularity. > Descriptors that cross the end of the UMEM but not a page boundary may > be therefore incorrectly considered valid. The check needs to happen > before the page boundary and contiguity checks in > xp_desc_crosses_non_contig_pg. Do this check in > xp_unaligned_validate_desc instead like xp_check_unaligned already does. Thanks for catching this Kal. Acked-by: Magnus Karlsson > Fixes: 2b43470add8c ("xsk: Introduce AF_XDP buffer allocation API") > Signed-off-by: Kal Conley > --- > include/net/xsk_buff_pool.h | 9 ++------- > net/xdp/xsk_queue.h | 1 + > 2 files changed, 3 insertions(+), 7 deletions(-) > > diff --git a/include/net/xsk_buff_pool.h b/include/net/xsk_buff_pool.h > index 3e952e569418..d318c769b445 100644 > --- a/include/net/xsk_buff_pool.h > +++ b/include/net/xsk_buff_pool.h > @@ -180,13 +180,8 @@ static inline bool xp_desc_crosses_non_contig_pg(struct xsk_buff_pool *pool, > if (likely(!cross_pg)) > return false; > > - if (pool->dma_pages_cnt) { > - return !(pool->dma_pages[addr >> PAGE_SHIFT] & > - XSK_NEXT_PG_CONTIG_MASK); > - } > - > - /* skb path */ > - return addr + len > pool->addrs_cnt; > + return pool->dma_pages_cnt && > + !(pool->dma_pages[addr >> PAGE_SHIFT] & XSK_NEXT_PG_CONTIG_MASK); > } > > static inline u64 xp_aligned_extract_addr(struct xsk_buff_pool *pool, u64 addr) > diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h > index bfb2a7e50c26..66c6f57c9c44 100644 > --- a/net/xdp/xsk_queue.h > +++ b/net/xdp/xsk_queue.h > @@ -162,6 +162,7 @@ static inline bool xp_unaligned_validate_desc(struct xsk_buff_pool *pool, > return false; > > if (base_addr >= pool->addrs_cnt || addr >= pool->addrs_cnt || > + addr + desc->len > pool->addrs_cnt || > xp_desc_crosses_non_contig_pg(pool, addr, desc->len)) > return false; > > -- > 2.39.2 >