On Mon, Jun 16, 2014 at 02:25:07PM -0700, H. Peter Anvin wrote: > On 06/16/2014 02:09 PM, Borislav Petkov wrote: > > > > Nah, I don't feel strongly about it - I just don't trust userspace and > > think that every value we get from it should be "sanitized". > > > > Borislav and I talked about this briefly over IRC. A key part of that > is that if userspace could manipulate this system call to consume an > unreasonable amount of memory, we would have a problem, for example if > this code used vzalloc() instead of kzalloc(). However, since > kmalloc/kzalloc implies a relatively restrictive limit on the memory > allocation size anyway, well short of anything that could cause OOM > problems, that pretty much solves the problem. Actually currently I am using vzalloc() for command line buffer allocation. image->cmdline_buf = vzalloc(cmdline_len); if (!image->cmdline_buf) goto out; Should I switch to using kzalloc() instead? Thanks Vivek
