Andrew, On Tue, Nov 23, 2010 at 12:46 -0800, Andrew Morton wrote: > What I'm suggesting is that we simply do > > kbuf = strndup_user(buf, count); > > and make strndup_user() do the right thing if `count' turned out to be > crazy large. THis way we don't have to sprinkle decisions about "crazy > largeness" all over the kernel. > > And the way in which I suggest that strndup_user() decides whether the > length is too great is to try to kmalloc that amount of memory. > If it succeeds then fine, proceed. I don't think that it is a good idea - the process would have an ability to allocate too much system memory bypassing any limits. Assuming that the kernel would only double the memory is not right - even if the process is limited in physical memory it may pass address of e.g. mapped file. Also this specific driver is happy with very low limit of copied string. > If it fails then return an error, > probably ENOMEM. It is already done in strndup_user(). > And that attempt to invoke kmalloc() shouldn't spew a > warning. It is not obvious for me to change strndup_user's behaviour, I'm not familiar with this code. -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
