syzbot is reporting that memdup_user_nul() which receives user-controlled
size (which can be up to (INT_MAX & PAGE_MASK)) via vfs_write() will hit
order >= MAX_ORDER path [1].
Let's add __GFP_NOWARN to memdup_user_nul() as with commit 6c8fcc096be9d02f
("mm: don't let userspace spam allocations warnings").
[1] https://syzkaller.appspot.com/bug?id=8bf7efb3db19101b4008dc9198522ef977d098a6
Reported-by: syzbot <syzbot+a71a442385a0b2815497@xxxxxxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
---
mm/util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/util.c b/mm/util.c
index 8c9b7d1e7c49..d3c9637f46bf 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -257,7 +257,7 @@ void *memdup_user_nul(const void __user *src, size_t len)
* cause pagefault, which makes it pointless to use GFP_NOFS
* or GFP_ATOMIC.
*/
- p = kmalloc_track_caller(len + 1, GFP_KERNEL);
+ p = kmalloc_track_caller(len + 1, GFP_KERNEL | __GFP_NOWARN);
if (!p)
return ERR_PTR(-ENOMEM);
--
2.18.4
