On 06/16/2014 02:43 PM, Vivek Goyal wrote: >> >> Borislav and I talked about this briefly over IRC. A key part of that >> is that if userspace could manipulate this system call to consume an >> unreasonable amount of memory, we would have a problem, for example if >> this code used vzalloc() instead of kzalloc(). However, since >> kmalloc/kzalloc implies a relatively restrictive limit on the memory >> allocation size anyway, well short of anything that could cause OOM >> problems, that pretty much solves the problem. > > Actually currently I am using vzalloc() for command line buffer > allocation. > > image->cmdline_buf = vzalloc(cmdline_len); > if (!image->cmdline_buf) > goto out; > > Should I switch to using kzalloc() instead? > Yes. There is absolutely no valid reason to use vzalloc() for an object that small, and if someone manipulates the header to allow for a crazily large command line then you can trick the kernel into allocating arbitrary amounts of memory. -hpa
