On Thu, 12 Jan 2012 13:19:54 -0800 (PST) David Rientjes <rientjes@xxxxxxxxxx> wrote: > On Thu, 12 Jan 2012, Pekka Enberg wrote: > > > I think you missed Andrew's point. We absolutely want to issue a > > kernel warning here because ecryptfs is misusing the memdup_user() > > API. We must not let userspace processes allocate large amounts of > > memory arbitrarily. > > > > I think it's good to fix ecryptfs like Tyler is doing and, at the same > time, ensure that the len passed to memdup_user() makes sense prior to > kmallocing memory with GFP_KERNEL. Perhaps something like > > if (WARN_ON(len > PAGE_SIZE << PAGE_ALLOC_COSTLY_ORDER)) > return ERR_PTR(-ENOMEM); > > in which case __GFP_NOWARN is irrelevant. If someone is passing huge size_t's into kmalloc() and getting failures then that's probably a bug. So perhaps we should add a warning to kmalloc itself if the size_t is out of bounds, and !__GFP_NOWARN. That might cause problems with those callers who like to call kmalloc() in a probing loop with decreasing size_t. But none of this will be very effective. If someone is passing an unchecked size_t into kmalloc then normal testing will not reveal the problem because the testers won't pass stupid numbers into their syscalls. -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
