On Wed 27-01-21 12:59:28, Michal Hocko wrote: > On Wed 27-01-21 19:55:38, Tetsuo Handa wrote: > > syzbot is reporting that memdup_user_nul() which receives user-controlled > > size (which can be up to (INT_MAX & PAGE_MASK)) via vfs_write() will hit > > order >= MAX_ORDER path [1]. > > > > Making costly allocations (order > PAGE_ALLOC_COSTLY_ORDER) naturally fail > > should be better than trying to enforce PAGE_SIZE upper limit, for some of > > callers accept space-delimited list arguments. > > > > Therefore, let's add __GFP_NOWARN to memdup_user_nul() as with > > commit 6c8fcc096be9d02f ("mm: don't let userspace spam allocations > > warnings"). Also use GFP_USER as with other userspace-controllable > > allocations like memdup_user(). > > I absolutely detest hiding this behind __GFP_NOWARN. There should be no > reason to even try hard for memdup_user_nul. Can you explain why this this should have been "try hard to get a physicaly contiguous memory for memdup_user_nul" > cannot use kvmalloc instead? -- Michal Hocko SUSE Labs