tcp: detecting the misuse of .sendpage for Slab objects

Message ID	2a77e65a-9d81-9ddb-f7af-b3b6da095a10@virtuozzo.com
State	Accepted
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Vasily Averin <vvs@virtuozzo.com> Subject: [PATCH] tcp: detecting the misuse of .sendpage for Slab objects To: Eric Dumazet <edumazet@google.com>, netdev@vger.kernel.org Message-ID: <2a77e65a-9d81-9ddb-f7af-b3b6da095a10@virtuozzo.com> Date: Wed, 6 Mar 2019 14:10:22 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	tcp: detecting the misuse of .sendpage for Slab objects \| expand tcp: detecting the misuse of .sendpage for Slab objects

Message ID

2a77e65a-9d81-9ddb-f7af-b3b6da095a10@virtuozzo.com

State

Accepted

Delegated to:

David Miller

Headers

From: Vasily Averin <vvs@virtuozzo.com>
Subject: [PATCH] tcp: detecting the misuse of .sendpage for Slab objects
To: Eric Dumazet <edumazet@google.com>, netdev@vger.kernel.org
Message-ID: <2a77e65a-9d81-9ddb-f7af-b3b6da095a10@virtuozzo.com>
Date: Wed, 6 Mar 2019 14:10:22 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
	Thunderbird/60.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

tcp: detecting the misuse of .sendpage for Slab objects | expand

sendpage was not designed for processing of the Slab pages, in some situations it can trigger BUG_ON on receiving side. Signed-off-by: Vasily Averin <vvs@virtuozzo.com> --- net/ipv4/tcp.c | 4 ++++ 1 file changed, 4 insertions(+)

Comments

Eric Dumazet March 6, 2019, 4:31 p.m. UTC | #1

On 03/06/2019 03:10 AM, Vasily Averin wrote:
> sendpage was not designed for processing of the Slab pages,
> in some situations it can trigger BUG_ON on receiving side.
> 
> Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
> ---
>  net/ipv4/tcp.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index ad07dd71063d..dbb08140cdc9 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -943,6 +943,10 @@ ssize_t do_tcp_sendpages(struct sock *sk, struct page *page, int offset,
>  	ssize_t copied;
>  	long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
>  
> +	if (IS_ENABLED(CONFIG_DEBUG_VM) &&
> +	    WARN_ONCE(PageSlab(page), "page must not be a Slab one"))
> +		return -EINVAL;
> +
>  	/* Wait for a connection to finish. One exception is TCP Fast Open
>  	 * (passive side) where data is allowed to be sent before a connection
>  	 * is fully established.
> 

SGTM

David, this probably can be merged into net tree.

Signed-off-by: Eric Dumazet <edumazet@google.com>

David Miller March 6, 2019, 6:48 p.m. UTC | #2

From: Vasily Averin <vvs@virtuozzo.com>
Date: Wed, 6 Mar 2019 14:10:22 +0300

> sendpage was not designed for processing of the Slab pages,
> in some situations it can trigger BUG_ON on receiving side.
> 
> Signed-off-by: Vasily Averin <vvs@virtuozzo.com>

Applied.

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index ad07dd71063d..dbb08140cdc9 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -943,6 +943,10 @@  ssize_t do_tcp_sendpages(struct sock *sk, struct page *page, int offset,
 	ssize_t copied;
 	long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
 
+	if (IS_ENABLED(CONFIG_DEBUG_VM) &&
+	    WARN_ONCE(PageSlab(page), "page must not be a Slab one"))
+		return -EINVAL;
+
 	/* Wait for a connection to finish. One exception is TCP Fast Open
 	 * (passive side) where data is allowed to be sent before a connection
 	 * is fully established.

tcp: detecting the misuse of .sendpage for Slab objects

Commit Message

Comments

Patch