Discussion:
[PATCH] avoid excessive use of socket buffer in skcipher
Ondrej Kozina
2014-08-25 09:48:05 UTC
Permalink
On archs with PAGE_SIZE >= 64 KiB the function skcipher_alloc_sgl()
fails with -ENOMEM no matter what user space actually requested.
This is caused by the fact sock_kmalloc call inside the function tried
to allocate more memory than allowed by the default kernel socket buffer
size (kernel param net.core.optmem_max).

Signed-off-by: Ondrej Kozina <***@redhat.com>
---
crypto/algif_skcipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index a19c027..83187f4 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -49,7 +49,7 @@ struct skcipher_ctx {
struct ablkcipher_request req;
};

-#define MAX_SGL_ENTS ((PAGE_SIZE - sizeof(struct skcipher_sg_list)) / \
+#define MAX_SGL_ENTS ((4096 - sizeof(struct skcipher_sg_list)) / \
sizeof(struct scatterlist) - 1)

static inline int skcipher_sndbuf(struct sock *sk)
--
1.9.3
Ondrej Kozina
2014-08-25 09:49:53 UTC
Permalink
Hello all,

I found this bug when I ran cryptsetup testsuite on ppc64 arch. I don't have deep
insight into networking, but it seemed to me the MAX_SGL_ENTS define doesn't have
to be tied to PAGE_SIZE. Please take this patch as base for discussion, if it's
fundamentally wrong.

The 'easy' way is to increase net.core.optmem_max, but this way we would blow up
the memory overhead for every socket in kernel. Not to mention that for user space,
without not insignificant debugging effort, it's not clear what really happened.

Kind regards
Ondrej

Ondrej Kozina (1):
avoid excessive use of socket buffer in skcipher

crypto/algif_skcipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
1.9.3
Ondrej Kozina
2014-08-25 09:49:54 UTC
Permalink
On archs with PAGE_SIZE >= 64 KiB the function skcipher_alloc_sgl()
fails with -ENOMEM no matter what user space actually requested.
This is caused by the fact sock_kmalloc call inside the function tried
to allocate more memory than allowed by the default kernel socket buffer
size (kernel param net.core.optmem_max).

Signed-off-by: Ondrej Kozina <***@redhat.com>
---
crypto/algif_skcipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index a19c027..83187f4 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -49,7 +49,7 @@ struct skcipher_ctx {
struct ablkcipher_request req;
};

-#define MAX_SGL_ENTS ((PAGE_SIZE - sizeof(struct skcipher_sg_list)) / \
+#define MAX_SGL_ENTS ((4096 - sizeof(struct skcipher_sg_list)) / \
sizeof(struct scatterlist) - 1)

static inline int skcipher_sndbuf(struct sock *sk)
--
1.9.3
Ondrej Kozina
2014-09-01 15:22:43 UTC
Permalink
Attaching simple reproducer.

Kind regards
Ondrej
Ondrej Kozina
2014-09-01 15:42:08 UTC
Permalink
Post by Ondrej Kozina
Attaching simple reproducer.
Sigh. Mondays... Sending fixed reproducer. Excuse my mistake.

Kind regards
Ondrej
Herbert Xu
2014-09-04 07:08:52 UTC
Permalink
Post by Ondrej Kozina
On archs with PAGE_SIZE >= 64 KiB the function skcipher_alloc_sgl()
fails with -ENOMEM no matter what user space actually requested.
This is caused by the fact sock_kmalloc call inside the function tried
to allocate more memory than allowed by the default kernel socket buffer
size (kernel param net.core.optmem_max).
Patch applied. Thanks!
--
Email: Herbert Xu <***@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Loading...