* [PATCH net] Fix a potential infinite loop in extract_user_to_sg()
@ 2024-04-25 8:39 David Howells
2024-04-25 15:45 ` Jakub Kicinski
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: David Howells @ 2024-04-25 8:39 UTC (permalink / raw)
To: netdev
Cc: dhowells, Jeff Layton, Steve French, Herbert Xu, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, netfs, linux-crypto,
linux-cifs, linux-fsdevel, linux-kernel
Fix extract_user_to_sg() so that it will break out of the loop if
iov_iter_extract_pages() returns 0 rather than looping around forever.
[Note that I've included two fixes lines as the function got moved to a
different file and renamed]
Fixes: 85dd2c8ff368 ("netfs: Add a function to extract a UBUF or IOVEC into a BVEC iterator")
Fixes: f5f82cd18732 ("Move netfs_extract_iter_to_sg() to lib/scatterlist.c")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jeff Layton <jlayton@kernel.org>
cc: Steve French <sfrench@samba.org>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: "David S. Miller" <davem@davemloft.net>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: netfs@lists.linux.dev
cc: linux-crypto@vger.kernel.org
cc: linux-cifs@vger.kernel.org
cc: linux-fsdevel@vger.kernel.org
cc: netdev@vger.kernel.org
---
lib/scatterlist.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index 68b45c82c37a..7bc2220fea80 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -1124,7 +1124,7 @@ static ssize_t extract_user_to_sg(struct iov_iter *iter,
do {
res = iov_iter_extract_pages(iter, &pages, maxsize, sg_max,
extraction_flags, &off);
- if (res < 0)
+ if (res <= 0)
goto failed;
len = res;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net] Fix a potential infinite loop in extract_user_to_sg()
2024-04-25 8:39 [PATCH net] Fix a potential infinite loop in extract_user_to_sg() David Howells
@ 2024-04-25 15:45 ` Jakub Kicinski
2024-04-26 8:00 ` David Howells
2024-04-26 19:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Jakub Kicinski @ 2024-04-25 15:45 UTC (permalink / raw)
To: David Howells
Cc: netdev, Jeff Layton, Steve French, Herbert Xu, David S. Miller,
Eric Dumazet, Paolo Abeni, netfs, linux-crypto, linux-cifs,
linux-fsdevel, linux-kernel
On Thu, 25 Apr 2024 09:39:32 +0100 David Howells wrote:
> Fix extract_user_to_sg() so that it will break out of the loop if
> iov_iter_extract_pages() returns 0 rather than looping around forever.
Is "goto fail" the right way to break out here?
My intuition would be "break".
On a quick read it seems like res = 0 may occur if we run out of
iterator, is passing maxsize > iter->count illegal?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net] Fix a potential infinite loop in extract_user_to_sg()
2024-04-25 8:39 [PATCH net] Fix a potential infinite loop in extract_user_to_sg() David Howells
2024-04-25 15:45 ` Jakub Kicinski
@ 2024-04-26 8:00 ` David Howells
2024-04-26 19:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: David Howells @ 2024-04-26 8:00 UTC (permalink / raw)
To: Jakub Kicinski
Cc: dhowells, netdev, Jeff Layton, Steve French, Herbert Xu,
David S. Miller, Eric Dumazet, Paolo Abeni, netfs, linux-crypto,
linux-cifs, linux-fsdevel, linux-kernel
Jakub Kicinski <kuba@kernel.org> wrote:
> On Thu, 25 Apr 2024 09:39:32 +0100 David Howells wrote:
> > Fix extract_user_to_sg() so that it will break out of the loop if
> > iov_iter_extract_pages() returns 0 rather than looping around forever.
>
> Is "goto fail" the right way to break out here?
> My intuition would be "break".
>
> On a quick read it seems like res = 0 may occur if we run out of
> iterator, is passing maxsize > iter->count illegal?
I would say that you're not allowed to ask for more than is in the iterator.
In a number of places this is called, it's a clear failure if you can't get
that the requested amount out of it - for example, if we're building a cifs
message and have set all the fields in the header and are trying to encrypt
the message.
David
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net] Fix a potential infinite loop in extract_user_to_sg()
2024-04-25 8:39 [PATCH net] Fix a potential infinite loop in extract_user_to_sg() David Howells
2024-04-25 15:45 ` Jakub Kicinski
2024-04-26 8:00 ` David Howells
@ 2024-04-26 19:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-04-26 19:50 UTC (permalink / raw)
To: David Howells
Cc: netdev, jlayton, sfrench, herbert, davem, edumazet, kuba, pabeni,
netfs, linux-crypto, linux-cifs, linux-fsdevel, linux-kernel
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Thu, 25 Apr 2024 09:39:32 +0100 you wrote:
> Fix extract_user_to_sg() so that it will break out of the loop if
> iov_iter_extract_pages() returns 0 rather than looping around forever.
>
> [Note that I've included two fixes lines as the function got moved to a
> different file and renamed]
>
> Fixes: 85dd2c8ff368 ("netfs: Add a function to extract a UBUF or IOVEC into a BVEC iterator")
> Fixes: f5f82cd18732 ("Move netfs_extract_iter_to_sg() to lib/scatterlist.c")
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: Jeff Layton <jlayton@kernel.org>
> cc: Steve French <sfrench@samba.org>
> cc: Herbert Xu <herbert@gondor.apana.org.au>
> cc: "David S. Miller" <davem@davemloft.net>
> cc: Eric Dumazet <edumazet@google.com>
> cc: Jakub Kicinski <kuba@kernel.org>
> cc: Paolo Abeni <pabeni@redhat.com>
> cc: netfs@lists.linux.dev
> cc: linux-crypto@vger.kernel.org
> cc: linux-cifs@vger.kernel.org
> cc: linux-fsdevel@vger.kernel.org
> cc: netdev@vger.kernel.org
>
> [...]
Here is the summary with links:
- [net] Fix a potential infinite loop in extract_user_to_sg()
https://git.kernel.org/netdev/net/c/6a30653b604a
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-04-26 19:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-25 8:39 [PATCH net] Fix a potential infinite loop in extract_user_to_sg() David Howells
2024-04-25 15:45 ` Jakub Kicinski
2024-04-26 8:00 ` David Howells
2024-04-26 19:50 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).