Re: [PATCH] sctp: use GFP_USER for user-controlled kmalloc

From: Daniel Borkmann
Date: Tue Dec 01 2015 - 06:29:51 EST

Next message: Arnd Bergmann: "Re: [Question] DT-Bindings for run-time configurable bus?"
Previous message: Vladimir Davydov: "Re: [PATCH] MAINTAINERS: make Vladimir co-maintainer of the memory controller"
In reply to: David Laight: "RE: [PATCH] sctp: use GFP_USER for user-controlled kmalloc"
Next in thread: David Miller: "Re: [PATCH] sctp: use GFP_USER for user-controlled kmalloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/01/2015 11:46 AM, David Laight wrote:

From: Marcelo Ricardo Leitner

Sent: 30 November 2015 16:33
Dmitry Vyukov reported that the user could trigger a kernel warning by
using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that
value directly affects the value used as a kmalloc() parameter.

This patch thus switches the allocation flags from all user-controllable
kmalloc size to GFP_USER to put some more restrictions on it and also
disables the warn, as they are not necessary.

ISTM that the code should put some 'sanity limit' on that
size before allocating the kernel buffer.

One could do that in addition, but this buffer has just a short lifetime
and by using GFP_USER hardwall restrictions apply already.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnd Bergmann: "Re: [Question] DT-Bindings for run-time configurable bus?"
Previous message: Vladimir Davydov: "Re: [PATCH] MAINTAINERS: make Vladimir co-maintainer of the memory controller"
In reply to: David Laight: "RE: [PATCH] sctp: use GFP_USER for user-controlled kmalloc"
Next in thread: David Miller: "Re: [PATCH] sctp: use GFP_USER for user-controlled kmalloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]