From: Keith Busch <keith.busch@intel.com>
To: Ming Lei <tom.leiming@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>, linux-block <linux-block@vger.kernel.org>
Subject: Re: [PATCH] block: Clear kernel memory before copying to user
Date: Wed, 7 Nov 2018 08:15:38 -0700 [thread overview]
Message-ID: <20181107151538.GA11941@localhost.localdomain> (raw)
In-Reply-To: <CACVXFVO8pcZpK0MBud8oebdZWhKB0Gzr14MPbzMtoHBUkN4Rbg@mail.gmail.com>
On Wed, Nov 07, 2018 at 11:09:27PM +0800, Ming Lei wrote:
> On Wed, Nov 7, 2018 at 10:42 PM Keith Busch <keith.busch@intel.com> wrote:
> >
> > If the kernel allocates a bounce buffer for user read data, this memory
> > needs to be cleared before copying it to the user, otherwise it may leak
> > kernel memory to user space.
> >
> > Signed-off-by: Keith Busch <keith.busch@intel.com>
> > ---
> > block/bio.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/block/bio.c b/block/bio.c
> > index d5368a445561..a50d59236b19 100644
> > --- a/block/bio.c
> > +++ b/block/bio.c
> > @@ -1260,6 +1260,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
> > if (ret)
> > goto cleanup;
> > } else {
> > + zero_fill_bio(bio);
> > iov_iter_advance(iter, bio->bi_iter.bi_size);
> > }
>
> This way looks inefficient because zero fill should only be required
> for short READ.
Sure, but how do you know that happened before copying the bounce buffer
to user space?
We could zero the pages on allocation if that's better (and doesn't zero
twice if __GFP_ZERO was already provided):
---
diff --git a/block/bio.c b/block/bio.c
index d5368a445561..a1b6383294f4 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -1212,6 +1212,9 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
nr_pages = 1 << map_data->page_order;
i = map_data->offset / PAGE_SIZE;
}
+
+ if (iov_iter_rw(iter) == READ)
+ gfp_mask |= __GFP_ZERO;
while (len) {
unsigned int bytes = PAGE_SIZE;
--
next prev parent reply other threads:[~2018-11-07 15:15 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-07 14:37 [PATCH] block: Clear kernel memory before copying to user Keith Busch
2018-11-07 14:46 ` Laurence Oberman
2018-11-07 15:09 ` Ming Lei
2018-11-07 15:15 ` Keith Busch [this message]
2018-11-07 15:44 ` Ming Lei
2018-11-07 15:44 ` Keith Busch
2018-11-07 16:03 ` Ming Lei
2018-11-07 16:09 ` Keith Busch
2018-11-08 1:12 ` Ming Lei
2018-11-08 1:22 ` Keith Busch
2018-11-08 10:07 ` Johannes Thumshirn
2018-11-08 11:10 ` Ming Lei
2018-11-08 15:37 ` Keith Busch
2018-11-08 1:31 ` Jens Axboe
2018-11-07 22:41 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181107151538.GA11941@localhost.localdomain \
--to=keith.busch@intel.com \
--cc=axboe@kernel.dk \
--cc=linux-block@vger.kernel.org \
--cc=tom.leiming@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox