From: David Howells <dhowells@redhat.com>
To: David Laight <david.laight.linux@gmail.com>
Cc: dhowells@redhat.com, netdev@vger.kernel.org,
Hyunwoo Kim <imv4bel@gmail.com>,
Marc Dionne <marc.dionne@auristor.com>,
Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org,
Jeffrey Altman <jaltman@auristor.com>,
Jiayuan Chen <jiayuan.chen@linux.dev>,
stable@vger.kernel.org
Subject: Re: [PATCH net 2/3] rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg
Date: Tue, 12 May 2026 17:52:03 +0100 [thread overview]
Message-ID: <1072349.1778604723@warthog.procyon.org.uk> (raw)
In-Reply-To: <20260512143835.13af8bc4@pumpkin>
David Laight <david.laight.linux@gmail.com> wrote:
> > Note also that I would generally prefer to replace the buffers of the
> > current sk_buff with a new kmalloc'd buffer of the right size, ditching the
> > old data and frags as this makes the handling of MSG_PEEK easier and
> > removes the double-decryption issue, but this looks like quite a
> > complicated thing to achieve. skb_morph() looks half way to what I want,
> > but I don't want to have to allocate a new sk_buff.
>
> Wouldn't you need to do that anyway when the kkb is shared - or can't
> that happen?
Hmmm... That may well be the case - but if it's shared, do I own the
->next/prev pointers and the ->cb area?
> > + unsigned short rx_dec_bsize; /* rx_dec_buffer size */
> > + unsigned short rx_dec_offset; /* Decrypted packet data offset */
> > + unsigned short rx_dec_len; /* Decrypted packet data len */
>
> Is it actually worth making those short rather than int?
> I doubt the extra 4 bytes will matter and the generated code might be better.
> (IIRC 32bit arm has a limited offset from 16 bit load/store, dunno about 64bit)
Well, the capacity of a UDP packet less the rxrpc header can't reach 65535, so
on that basis this should be fine. I'm a little worried about the rxrpc_call
struct's size - it's already ~1.3K. It's already got a lot of 8- and 16-bit
fields in it. Of course, it's nowhere near as bit-for-bit optimised as
sk_buff, but I guess there are a lot more of those in a system.
> > + if (call->rx_dec_bsize < sp->len) {
>
> IMHO That test is backwards; the 'more constant' value should be on the right.
Actually, the thing you're testing should be on the left and the thing you're
testing against on the right - but, yes, I should switch them around.
> > + size_t size = umin(round_up(sp->len, 32), 2048);
>
> Doesn't min() work?
Actually, it should be umax() as I want the largest of the values (as Jeff
pointed out). I prefer using umin/umax for values that are known to be
unsigned as you don't get casting errors (see the number of places we end up
using min/max_t(<unsigned-type>, ...) when we should use umin/umax() instead)
and the compiler may generate better code as we've told it that it doesn't
have to worry about negatives.
> That doesn't look right.
> If sp->len is bigger than 2048 the you keep allocating a new buffer
> and the call below overruns the allocated buffer.
Yep - see the aforementioned umax comment.
David
next prev parent reply other threads:[~2026-05-12 16:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-11 16:07 [PATCH net 0/3] rxrpc: Better fix for DATA/RESPONSE decrypt vs splice() David Howells
2026-05-11 16:07 ` [PATCH net 1/3] rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present David Howells
2026-05-11 16:07 ` [PATCH net 2/3] rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg David Howells
2026-05-12 7:58 ` Jeffrey Altman
2026-05-13 8:01 ` David Howells
2026-05-13 8:13 ` David Howells
2026-05-13 8:38 ` David Laight
2026-05-13 9:48 ` Jeffrey Altman
2026-05-12 13:38 ` David Laight
2026-05-12 16:52 ` David Howells [this message]
2026-05-12 21:36 ` David Laight
2026-05-11 16:07 ` [PATCH net 3/3] rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer David Howells
2026-05-12 8:22 ` Jeffrey Altman
2026-05-13 0:06 ` Jakub Kicinski
2026-05-13 7:35 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1072349.1778604723@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=davem@davemloft.net \
--cc=david.laight.linux@gmail.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=imv4bel@gmail.com \
--cc=jaltman@auristor.com \
--cc=jiayuan.chen@linux.dev \
--cc=kuba@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.