From: David Howells <dhowells@redhat.com>
To: David Laight <david.laight.linux@gmail.com>
Cc: dhowells@redhat.com, netdev@vger.kernel.org,
Hyunwoo Kim <imv4bel@gmail.com>,
Marc Dionne <marc.dionne@auristor.com>,
Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org,
Jeffrey Altman <jaltman@auristor.com>,
Jiayuan Chen <jiayuan.chen@linux.dev>,
stable@vger.kernel.org
Subject: Re: [PATCH net 2/3] rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg
Date: Tue, 12 May 2026 17:52:03 +0100 [thread overview]
Message-ID: <1072349.1778604723@warthog.procyon.org.uk> (raw)
In-Reply-To: <20260512143835.13af8bc4@pumpkin>
David Laight <david.laight.linux@gmail.com> wrote:
> > Note also that I would generally prefer to replace the buffers of the
> > current sk_buff with a new kmalloc'd buffer of the right size, ditching the
> > old data and frags as this makes the handling of MSG_PEEK easier and
> > removes the double-decryption issue, but this looks like quite a
> > complicated thing to achieve. skb_morph() looks half way to what I want,
> > but I don't want to have to allocate a new sk_buff.
>
> Wouldn't you need to do that anyway when the kkb is shared - or can't
> that happen?
Hmmm... That may well be the case - but if it's shared, do I own the
->next/prev pointers and the ->cb area?
> > + unsigned short rx_dec_bsize; /* rx_dec_buffer size */
> > + unsigned short rx_dec_offset; /* Decrypted packet data offset */
> > + unsigned short rx_dec_len; /* Decrypted packet data len */
>
> Is it actually worth making those short rather than int?
> I doubt the extra 4 bytes will matter and the generated code might be better.
> (IIRC 32bit arm has a limited offset from 16 bit load/store, dunno about 64bit)
Well, the capacity of a UDP packet less the rxrpc header can't reach 65535, so
on that basis this should be fine. I'm a little worried about the rxrpc_call
struct's size - it's already ~1.3K. It's already got a lot of 8- and 16-bit
fields in it. Of course, it's nowhere near as bit-for-bit optimised as
sk_buff, but I guess there are a lot more of those in a system.
> > + if (call->rx_dec_bsize < sp->len) {
>
> IMHO That test is backwards; the 'more constant' value should be on the right.
Actually, the thing you're testing should be on the left and the thing you're
testing against on the right - but, yes, I should switch them around.
> > + size_t size = umin(round_up(sp->len, 32), 2048);
>
> Doesn't min() work?
Actually, it should be umax() as I want the largest of the values (as Jeff
pointed out). I prefer using umin/umax for values that are known to be
unsigned as you don't get casting errors (see the number of places we end up
using min/max_t(<unsigned-type>, ...) when we should use umin/umax() instead)
and the compiler may generate better code as we've told it that it doesn't
have to worry about negatives.
> That doesn't look right.
> If sp->len is bigger than 2048 the you keep allocating a new buffer
> and the call below overruns the allocated buffer.
Yep - see the aforementioned umax comment.
David
next prev parent reply other threads:[~2026-05-12 16:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260511160753.607296-1-dhowells@redhat.com>
2026-05-11 16:07 ` [PATCH net 1/3] rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present David Howells
2026-05-11 16:07 ` [PATCH net 2/3] rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg David Howells
2026-05-12 7:58 ` Jeffrey Altman
2026-05-13 8:01 ` David Howells
2026-05-13 8:13 ` David Howells
2026-05-13 8:38 ` David Laight
2026-05-13 9:48 ` Jeffrey Altman
2026-05-12 13:38 ` David Laight
2026-05-12 16:52 ` David Howells [this message]
2026-05-12 21:36 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1072349.1778604723@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=davem@davemloft.net \
--cc=david.laight.linux@gmail.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=imv4bel@gmail.com \
--cc=jaltman@auristor.com \
--cc=jiayuan.chen@linux.dev \
--cc=kuba@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox