On Wed, 3 Jan 2024 at 11:15, Mikulas Patocka <mpatocka@xxxxxxxxxx> wrote:
>
> Should we use __GFP_NOWARN? (but this would shut up also genuine
> warnings).
This can only be fixed in the *caller*, which need to either
(a) have saen limit checking that checks for an obviously safe limit
(please don't just make it INT_MAX to handle this one case - make it
something *reasonable*)
_or_
(b) the __GPF_NOWARN with a very obvious "I handle a failed return
gracefully" handling all the way out to user space (error returns
and/or things like "fall back to smaller sizes")./
because a caller that just passes in a random value to kmalloc()
should continue to warn if that random value is unreasonable.
Exactly *because* we want all those crazy random tester robots to
actually find cases where people just randomly take untrusted lengths
from user space.
Linus
