lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 29 Mar 2012 14:09:34 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Dave Jones <davej@...hat.com>
Cc:	Joe Perches <joe@...ches.com>, Dave Chinner <david@...morbit.com>,
	viro@...iv.linux.org.uk,
	Linux Kernel <linux-kernel@...r.kernel.org>,
	David Rientjes <rientjes@...gle.com>
Subject: Re: suppress page allocation failure warnings from sys_listxattr

On Wed, 28 Mar 2012 23:00:00 -0400
Dave Jones <davej@...hat.com> wrote:

> On Wed, Mar 28, 2012 at 07:28:04PM -0700, Andrew Morton wrote:
>  > > But it looks like
>  > > key_add (see other thread from this evening) and probably others can be
>  > > called as a user and gobble up vmalloc space. omnomnom.
>  > 
>  > hm, the keys code appears to prevent the user from reserving more than
>  > 20000 bytes of memory total (key_payload_reserve()), so it doesn't look
>  > very useful for screwing up vmalloc().
> 
> Then how did I trick it into trying an order 8 allocation ?
> 
> trinity: page allocation failure: order:8, mode:0x40d0
> Pid: 27119, comm: trinity Not tainted 3.3.0+ #31
> Call Trace:
>  [<ffffffff8115dd66>] warn_alloc_failed+0xf6/0x160
>  [<ffffffff816ad436>] ? __alloc_pages_direct_compact+0x1d0/0x1e2
>  [<ffffffff81162492>] __alloc_pages_nodemask+0x8b2/0xb10
>  [<ffffffff8119dae6>] alloc_pages_current+0xb6/0x120
>  [<ffffffff8115d3b4>] __get_free_pages+0x14/0x50
>  [<ffffffff811ac64f>] kmalloc_order_trace+0x3f/0x1a0
>  [<ffffffff811aca0a>] __kmalloc+0x25a/0x280
>  [<ffffffff812c034a>] sys_add_key+0x9a/0x210
>  [<ffffffff813386be>] ? trace_hardirqs_on_thunk+0x3a/0x3f
>  [<ffffffff816c04e9>] system_call_fastpath+0x16/0x1b

Ah, that's different.  The memory at *payload doesn't live beyond the
syscall so it can't be used to cause vmalloc fragmentation.

We should squish the warning:


From: Andrew Morton <akpm@...ux-foundation.org>
Subject: security/keys/keyctl.c: suppress memory allocation failure warning	

This allocation may be large.  The code is probing to see if it will
succeed and if not, it falls back to vmalloc().  We should suppress any
page-allocation failure messages when the fallback happens.

Reported-by: Dave Jones <davej@...hat.com>
Cc: David Howells <dhowells@...hat.com>
Cc: James Morris <jmorris@...ei.org>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
---

 security/keys/keyctl.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -puN security/keys/keyctl.c~security-keys-keyctlc-suppress-memory-allocation-failure-warning security/keys/keyctl.c
--- a/security/keys/keyctl.c~security-keys-keyctlc-suppress-memory-allocation-failure-warning
+++ a/security/keys/keyctl.c
@@ -84,7 +84,7 @@ SYSCALL_DEFINE5(add_key, const char __us
 	vm = false;
 	if (_payload) {
 		ret = -ENOMEM;
-		payload = kmalloc(plen, GFP_KERNEL);
+		payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN);
 		if (!payload) {
 			if (plen <= PAGE_SIZE)
 				goto error2;
_

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ