On 2/10/21 4:54 PM, Josef Bacik wrote:
> Since
>
> sysctl: pass kernel pointers to ->proc_handler
>
> we have been pre-allocating a buffer to copy the data from the proc
> handlers into, and then copying that to userspace. The problem is this
> just blind kmalloc()'s the buffer size passed in from the read, which in
> the case of our 'cat' binary was 64kib. Order-4 allocations are not
> awesome, and since we can potentially allocate up to our maximum order,
> use vmalloc for these buffers.
>
> Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler")
> Signed-off-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
> Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Acked-by: Vlastimil Babka <vbabka@xxxxxxx>
> ---
> fs/proc/proc_sysctl.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index d2018f70d1fa..070d2df8ab9c 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -571,7 +571,7 @@ static ssize_t proc_sys_call_handler(struct kiocb *iocb, struct iov_iter *iter,
> error = -ENOMEM;
> if (count >= KMALLOC_MAX_SIZE)
> goto out;
> - kbuf = kzalloc(count + 1, GFP_KERNEL);
> + kbuf = kvzalloc(count + 1, GFP_KERNEL);
> if (!kbuf)
> goto out;
>
> @@ -600,7 +600,7 @@ static ssize_t proc_sys_call_handler(struct kiocb *iocb, struct iov_iter *iter,
>
> error = count;
> out_free_buf:
> - kfree(kbuf);
> + kvfree(kbuf);
> out:
> sysctl_head_finish(head);
>
>
