lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 04 Aug 2014 15:39:33 -0400
From:	Sasha Levin <sasha.levin@...cle.com>
To:	Sasha Levin <sasha.levin@...cle.com>, lauro.venancio@...nbossa.org,
	aloisio.almeida@...nbossa.org, sameo@...ux.intel.com,
	davem@...emloft.net
CC:	linux-wireless@...r.kernel.org, linux-nfc@...1.01.org,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] NFC: Read frag at a time when sending packets

Ping?

On 06/19/2014 11:23 PM, Sasha Levin wrote:
> Right now userspace can pass a large chunk of data and the kernel
> will attempt to allocate all of it to copy it in from userspace.
> 
> The problem is that there is no upper limit on the size userspace
> can pass. Right now userspace can even force a machine to run out
> of memory by forcing the kernel to allocate large chunks of memory.
> 
> To avoid imposing a limit, instead of allocating the entire block,
> we can allocate just the size of the biggest frag possible and read
> it from userspace one frag at a time.
> 
> Signed-off-by: Sasha Levin <sasha.levin@...cle.com>
> ---
> 
>  ** WARNING: COMPLETELY UNTESTED ** (I don't have the hardware).
> 
>  net/nfc/llcp_commands.c |   18 +++++++++---------
>  1 file changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
> index a3ad69a..da68924 100644
> --- a/net/nfc/llcp_commands.c
> +++ b/net/nfc/llcp_commands.c
> @@ -727,27 +727,27 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
>  	if (local == NULL)
>  		return -ENODEV;
>  
> -	msg_data = kzalloc(len, GFP_KERNEL);
> +	remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
> +			local->remote_miu : sock->remote_miu;
> +
> +	msg_data = kzalloc(remote_miu, GFP_KERNEL);
>  	if (msg_data == NULL)
>  		return -ENOMEM;
>  
> -	if (memcpy_fromiovec(msg_data, msg->msg_iov, len)) {
> -		kfree(msg_data);
> -		return -EFAULT;
> -	}
> -
>  	remaining_len = len;
>  	msg_ptr = msg_data;
>  
>  	do {
> -		remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
> -				local->remote_miu : sock->remote_miu;
> -
>  		frag_len = min_t(size_t, remote_miu, remaining_len);
>  
>  		pr_debug("Fragment %zd bytes remaining %zd",
>  			 frag_len, remaining_len);
>  
> +		if (memcpy_fromiovec(msg_data, msg->msg_iov, frag_len)) {
> +			kfree(msg_data);
> +			return -EFAULT;
> +		}
> +
>  		pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, MSG_DONTWAIT,
>  					 frag_len + LLCP_HEADER_SIZE, &err);
>  		if (pdu == NULL) {
> 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ