From patchwork Sat Nov 30 13:38:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Levi Zim via B4 Relay X-Patchwork-Id: 13889155 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DAAE1993B4; Sat, 30 Nov 2024 13:39:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732973954; cv=none; b=E45uzamc4c4zyW5MkR7xDcjm0nM6RFZZwUq2aOyIcgY/EEAKXP8c9ld0zXgkfETWVYFKvyd57vhzamtCis7NBlU7TimI5Ik9Zt9Yl33IbIbQLIaK4w+lHfA9cJllLf8XaTNU/OoKX1ND3bUvi59LCQWkSxH7Cl7PaeuxmjEzAqY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732973954; c=relaxed/simple; bh=xNoawWxL5Y6li8c9tLsL2y/MxQevmVgjNhHQfuMu8o8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ur/9NeiFDK0tqtHxISRQhS/dMHAN7D+Zn7zAouFLQCl1sCB8aYyOgSv6w4irDWJLszb8jKhCV955k+CRMR5XNQMlbrlOOcc92l0VsLE/dZXXfthb1oSyWX+s/VFQMnYSQpz/zM1QtNw9mL8atbN2S31sikjRWsB8bw2+/Nq2HHQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kC2gHsXP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kC2gHsXP" Received: by smtp.kernel.org (Postfix) with ESMTPS id 43149C4CED3; Sat, 30 Nov 2024 13:39:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732973954; bh=xNoawWxL5Y6li8c9tLsL2y/MxQevmVgjNhHQfuMu8o8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=kC2gHsXPMdMygOCBv6KC5Z6BdFCC9RM+cIwBj0cE4WwueRfWWjZI5QxErmta1heDR yklTRGBjiuKcWZ6dk8dWnOdHFjur+jXOOtDQqX17GuT6y9RJmpPAJXvpGvA8YOamk3 mR/khdt5SGvoX4H8lE6kVpuLk5Bq5OsWmzJSg/7S6a8X6ZBKI6aHdQb9HBU7ZdBO1k KrNWKG+ROb8o0lvBwh8rVfLGvgm7jTC2mRef9s0ish+BzQUuGgdPxu95bHgd6Kzwgt Pk+XMSU8C0N256dOH18FsuDnuv6axZ+ZdXEIQSTu3SX7gcnWlxhAGIVs3Swbmu32qA OSoyRNqWC61pg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F795D73606; Sat, 30 Nov 2024 13:39:14 +0000 (UTC) From: Levi Zim via B4 Relay Date: Sat, 30 Nov 2024 21:38:22 +0800 Subject: [PATCH net 1/2] skmsg: return copied bytes in sk_msg_memcopy_from_iter Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241130-tcp-bpf-sendmsg-v1-1-bae583d014f3@outlook.com> References: <20241130-tcp-bpf-sendmsg-v1-0-bae583d014f3@outlook.com> In-Reply-To: <20241130-tcp-bpf-sendmsg-v1-0-bae583d014f3@outlook.com> To: John Fastabend , Jakub Sitnicki , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Levi Zim X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1296; i=rsworktech@outlook.com; h=from:subject:message-id; bh=+jh9LaMvNTwv+zmDx2vk37sFrN9lWR5dQyH5HZC8Q2M=; b=owEBbQKS/ZANAwAIAW87mNQvxsnYAcsmYgBnSxV+cY/4xWp+AOu+HS1pF3mD1lkW8ZroPbktI OGHl4YPTW+JAjMEAAEIAB0WIQQolnD5HDY18KF0JEVvO5jUL8bJ2AUCZ0sVfgAKCRBvO5jUL8bJ 2O4mD/9uiFluDIQT5sursakLeOiycc85GUFuCghVJQyfsOzbd6i1STV1z0tniaX2ZFkcha+XtZK Tn/qA3C6do92pLsRW0VpVB2JpWJS/Bgh80SSj0AHo9pfAqH7Rz9Z1nwznelejLdKFwbPK86zvVN Nd8ar9fgT9f+lvptiLNjUefXXNU53Zv+yQpzZDM9/DWNFvBQ3MFltNWWTbi5NCPpxzoC/Eg243O NoON2+47hgJyprsrI+nyuSwZZGJLwXEw6zNPWPuoC0dkD6sO2qKgJWQ46QfWUQh+ciIHd7cTvpA T5oVR558KA1JDRt8a3prsYkXsGLDmeZ7TDiEzfYDXPZbuvDDuQaXcP9SqxY2i0moRHZqapRMUNo 4ZYho5sDiVRM7L1lz3tUBUeWUH9JYgSOhCXmoP5IxkzAo22iDrd0ePZVAADcqcB15VtCkp6VgTT I5+DdO8cyNgomya2WVLTUKeXFxurvyBAE4BWyt+EGnhlZJLwfR7cQELw/JOYB/RIedqlAyr05bd b+vey1/eH12e3aRy/xMb6hOV4FbG8RczF7+Csj2WO8C+1lChytqCKRFus3On6S1OuO7KYKzZfZl oPG/UpE4AQ6/2R1qV2YdJz3h00IA3T2KTywVhdYFDcEbD3pYc5LWcAtW7FIs6HWzImeirVgX9TO 6tB4maLwLVTPTCA== X-Developer-Key: i=rsworktech@outlook.com; a=openpgp; fpr=17AADD6726DDC58B8EE5881757670CCFA42CCF0A X-Endpoint-Received: by B4 Relay for rsworktech@outlook.com/default with auth_id=219 X-Original-From: Levi Zim Reply-To: rsworktech@outlook.com X-Patchwork-Delegate: kuba@kernel.org From: Levi Zim Previously sk_msg_memcopy_from_iter returns the copied bytes from the last copy_from_iter{,_nocache} call upon success. This commit changes it to return the total number of copied bytes on success. Signed-off-by: Levi Zim --- net/core/skmsg.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/core/skmsg.c b/net/core/skmsg.c index e90fbab703b2db1da49068b5a53338ce7ff99087..a65c2e64645863b80ddd94c464d86fcc587b5c04 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -369,8 +369,8 @@ int sk_msg_memcopy_from_iter(struct sock *sk, struct iov_iter *from, struct sk_msg *msg, u32 bytes) { int ret = -ENOSPC, i = msg->sg.curr; + u32 copy, buf_size, copied = 0; struct scatterlist *sge; - u32 copy, buf_size; void *to; do { @@ -397,6 +397,7 @@ int sk_msg_memcopy_from_iter(struct sock *sk, struct iov_iter *from, goto out; } bytes -= copy; + copied += copy; if (!bytes) break; msg->sg.copybreak = 0; @@ -404,7 +405,7 @@ int sk_msg_memcopy_from_iter(struct sock *sk, struct iov_iter *from, } while (i != msg->sg.end); out: msg->sg.curr = i; - return ret; + return (ret < 0) ? ret : copied; } EXPORT_SYMBOL_GPL(sk_msg_memcopy_from_iter); From patchwork Sat Nov 30 13:38:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Levi Zim via B4 Relay X-Patchwork-Id: 13889157 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DBDE319B3EC; Sat, 30 Nov 2024 13:39:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732973955; cv=none; b=ku+vFsMDm7yvPaHDclYm8NGWnEoGlrjpTja/qz60N8cmwlTwlZCQT6UpW/1AyubiiaqjNl9Ki6qg6s22TY8c2yEQsp0pSi0yneYTHv7K/Demp8FdZj6IVcOsQCjdPSfOMdd0puyFE4NZbiBmUyhg+EMYBqKnIY44Y8FwIgo5cCI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732973955; c=relaxed/simple; bh=YoSM2//cc1OE75pq1asOHygr+KnTmSM58GCnV79QVXU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=STYx8VzZRmF0cdhu/5T0COBc5wnn5x41cE0p0Q07KhRjyFw9FstFXc08jL+KcwpGE41w2zS7g9UJ6oIZHXXJbLoVTkhfwOFNHA9pTT7UyxeoZsF4FJX5uBlHFAtJKrnyaD52QP3eocpOGxG9MmGVCfHg3o38DlntMi44WP2QLD8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=K90m6ATG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="K90m6ATG" Received: by smtp.kernel.org (Postfix) with ESMTPS id 5B1E6C4CED9; Sat, 30 Nov 2024 13:39:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732973954; bh=YoSM2//cc1OE75pq1asOHygr+KnTmSM58GCnV79QVXU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=K90m6ATGI1uKjxBiHQT7I4cq4mR9KgA7lpS8DCJUjc9x2EFHpUsAC6hpvHYVCv+l2 USCsStfVNmx2NtiNA5vckPD7TuXflE9weef1+3Pt90qGXsS6a08SxxdyL5MiJhStud WDv/fQT8siw6nTE2SWeUxdW9YBZNYRZ3NCa9VSanphcMM+iP8+hjoADWqDnLO+HhNY iWuoQYS/l/k15LDNN8HG46s8oFyx7hwdYRSx1GcArvQpzgTqdPgyK8Ba1r1iviKPie JAI7k1LzYfFlrF73ZbwZkvi3Z4lSk72KrR8wadadTHQvcV7rctH60d1qIaSaBsOYb1 Nflp13jCfwj8w== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CB0BD73607; Sat, 30 Nov 2024 13:39:14 +0000 (UTC) From: Levi Zim via B4 Relay Date: Sat, 30 Nov 2024 21:38:23 +0800 Subject: [PATCH net 2/2] tcp_bpf: fix copied value in tcp_bpf_sendmsg Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241130-tcp-bpf-sendmsg-v1-2-bae583d014f3@outlook.com> References: <20241130-tcp-bpf-sendmsg-v1-0-bae583d014f3@outlook.com> In-Reply-To: <20241130-tcp-bpf-sendmsg-v1-0-bae583d014f3@outlook.com> To: John Fastabend , Jakub Sitnicki , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Levi Zim X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2613; i=rsworktech@outlook.com; h=from:subject:message-id; bh=BSkGG9GTRoR+hvU0RGsIgrZN4wSOYMDvwCLwhO4xA0I=; b=owEBbQKS/ZANAwAIAW87mNQvxsnYAcsmYgBnSxV/R4dBaQRVcQRIIaNhbEPgxR11GIvnSrfk0 FNrgI8Ds9qJAjMEAAEIAB0WIQQolnD5HDY18KF0JEVvO5jUL8bJ2AUCZ0sVfwAKCRBvO5jUL8bJ 2JhIEADFnoc0KrtgtrkTiauoo1Nu6q/SztNB5pqKgENVv6F8U11ZtAThNKgJZ0bAqOedmgz5Sa5 rNVW2ooN6hS4zKVq5SGypoGoMqx9k+dEX8B7NP7eQpcU+HOhyXx0eTKZs8P8Yre2UL9N4ZJdRMF AiCTaPnh+Cs3nnuJTK5yMsPsc9c4miizFTzs34FidtHRZ/mRayXqMkVqBnI5aVx6WzoThrtI/mY wGbDC9Qa2jzzAovMCbooG9lxTch9mzRM/p0sbBOAve5eMRnkagDDEqWRPP+sbfhkd+U06REtM8S 95K8uBtqDgQUXSvVdwD2vv2CgDqvkAtHoSehPN47Rcq9JnATvSLxkQqqi1kWWRKvdgHz6Dmm2cy Iy83wsC5iydLapfsWp/vUn60NAHBYBQtaBNpOMl/mZIiWXZCLaq2+UMT+Ybf9tTx3bn/9wdgSUC yIiMvdl57DAobJRLzr+tcFQ6AiKTHOAZ1pmuzkAY9sv3VCDdyZWTlvdljJdiGoM1lf1pNX5VAdq cQcc2hQ1Kmzz1xoUQGv2eRlZ7yiT0YgDVPWs900RGh5N34V6cml7qhDy36RIpv0EIOu/OIBmstL rJ887YIecSfwhK311xHvFjyrCiDcj+4e9SAfYZhV0+ZwirotZ+QM7aiSbZAaoc32pC1pp4ct0HD 3VbRGGq8Qa/z4rw== X-Developer-Key: i=rsworktech@outlook.com; a=openpgp; fpr=17AADD6726DDC58B8EE5881757670CCFA42CCF0A X-Endpoint-Received: by B4 Relay for rsworktech@outlook.com/default with auth_id=219 X-Original-From: Levi Zim Reply-To: rsworktech@outlook.com X-Patchwork-Delegate: kuba@kernel.org From: Levi Zim bpf kselftest sockhash::test_txmsg_cork_hangs in test_sockmap.c triggers a kernel NULL pointer dereference: BUG: kernel NULL pointer dereference, address: 0000000000000008 ? __die_body+0x6e/0xb0 ? __die+0x8b/0xa0 ? page_fault_oops+0x358/0x3c0 ? local_clock+0x19/0x30 ? lock_release+0x11b/0x440 ? kernelmode_fixup_or_oops+0x54/0x60 ? __bad_area_nosemaphore+0x4f/0x210 ? mmap_read_unlock+0x13/0x30 ? bad_area_nosemaphore+0x16/0x20 ? do_user_addr_fault+0x6fd/0x740 ? prb_read_valid+0x1d/0x30 ? exc_page_fault+0x55/0xd0 ? asm_exc_page_fault+0x2b/0x30 ? splice_to_socket+0x52e/0x630 ? shmem_file_splice_read+0x2b1/0x310 direct_splice_actor+0x47/0x70 splice_direct_to_actor+0x133/0x300 ? do_splice_direct+0x90/0x90 do_splice_direct+0x64/0x90 ? __ia32_sys_tee+0x30/0x30 do_sendfile+0x214/0x300 __se_sys_sendfile64+0x8e/0xb0 __x64_sys_sendfile64+0x25/0x30 x64_sys_call+0xb82/0x2840 do_syscall_64+0x75/0x110 entry_SYSCALL_64_after_hwframe+0x4b/0x53 This is caused by tcp_bpf_sendmsg() returning a larger value(12289) than size (8192), which causes the while loop in splice_to_socket() to release an uninitialized pipe buf. The underlying cause is that this code assumes sk_msg_memcopy_from_iter() will copy all bytes upon success but it actually might only copy part of it. This commit changes it to use the real copied bytes. Signed-off-by: Levi Zim --- net/ipv4/tcp_bpf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index 370993c03d31363c0f82a003d9e5b0ca3bbed721..8e46c4d618cbbff0d120fe4cd917624e5d5cae15 100644 --- a/net/ipv4/tcp_bpf.c +++ b/net/ipv4/tcp_bpf.c @@ -496,7 +496,7 @@ static int tcp_bpf_send_verdict(struct sock *sk, struct sk_psock *psock, static int tcp_bpf_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) { struct sk_msg tmp, *msg_tx = NULL; - int copied = 0, err = 0; + int copied = 0, err = 0, ret = 0; struct sk_psock *psock; long timeo; int flags; @@ -539,14 +539,14 @@ static int tcp_bpf_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) copy = msg_tx->sg.size - osize; } - err = sk_msg_memcopy_from_iter(sk, &msg->msg_iter, msg_tx, + ret = sk_msg_memcopy_from_iter(sk, &msg->msg_iter, msg_tx, copy); - if (err < 0) { + if (ret < 0) { sk_msg_trim(sk, msg_tx, osize); goto out_err; } - copied += copy; + copied += ret; if (psock->cork_bytes) { if (size > psock->cork_bytes) psock->cork_bytes = 0;