On Thu, Jan 12, 2012 at 01:58:03PM -0800, Andrew Morton wrote: > On Thu, 12 Jan 2012 13:19:54 -0800 (PST) > David Rientjes <rientjes@xxxxxxxxxx> wrote: > > > On Thu, 12 Jan 2012, Pekka Enberg wrote: > > > > > I think you missed Andrew's point. We absolutely want to issue a > > > kernel warning here because ecryptfs is misusing the memdup_user() > > > API. We must not let userspace processes allocate large amounts of > > > memory arbitrarily. > > > > > > > I think it's good to fix ecryptfs like Tyler is doing and, at the same > > time, ensure that the len passed to memdup_user() makes sense prior to > > kmallocing memory with GFP_KERNEL. Perhaps something like > > > > if (WARN_ON(len > PAGE_SIZE << PAGE_ALLOC_COSTLY_ORDER)) > > return ERR_PTR(-ENOMEM); > > > > in which case __GFP_NOWARN is irrelevant. > > If someone is passing huge size_t's into kmalloc() and getting failures > then that's probably a bug. It's pretty common to pass high values to kmalloc(). We've added a bunch of integer overflow checks recently where we do: if (n > ULONG_MAX / size) return -EINVAL; The problem is that we didn't set a maximum bound before and we can't know which maximum will break compatibility. Probably we shouldn't do that, I guess. regards, dan carpenter
Attachment:
signature.asc
Description: Digital signature
