> > Hmm, Sabyrzhan already proposed a patch that adds size check to the caller, but it seems > > that that patch missed smk_write_ambient()/smk_write_onlycap()/smk_write_unconfined() etc. > > Oh, bug-prone approach. Why not handle at memdup_user_nul() side? > I am sorry I do not follow. Tetsuo refers to this smackfs patch [1], where I've added a length check before memdup_user_nul(). There are currently 39 references to this function, where length > PAGE_SIZE - 1 or similar sanity check already presents. So I can't comment on handling it without __GFP_NOWARN at memdup_user_nul() side. > > Hmm, Sabyrzhan already proposed a patch that adds size check to the caller, but it seems > > that that patch missed smk_write_ambient()/smk_write_onlycap()/smk_write_unconfined() etc. Thanks, I will prepare PATCH v2 with a length check for smk_write_* smackfs functions in [1] patch set. [1] https://lore.kernel.org/linux-security-module/20210124143627.582115-1-snovitoll@xxxxxxxxx/