lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 30 Mar 2012 20:15:00 +0300
From:	Sasha Levin <levinsasha928@...il.com>
To:	Greg KH <gregkh@...uxfoundation.org>
Cc:	arnd@...db.de, viro@...iv.linux.org.uk, davej@...hat.com,
	tglx@...utronix.de, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kmsg: Use vmalloc instead of kmalloc when writing

On Fri, Mar 30, 2012 at 7:49 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
> On Fri, Mar 30, 2012 at 07:37:37PM +0300, Sasha Levin wrote:
>> On Fri, Mar 30, 2012 at 6:30 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
>> > On Fri, Mar 30, 2012 at 01:04:27PM -0400, Sasha Levin wrote:
>> >> There are no size checks in kmsg_write(), and we try allocating enough
>> >> memory to store everything userspace gave us, which may be too much for
>> >> kmalloc to allocate.
>> >
>> > Really?  Have you seen this fail?  As only root can do this, is this
>> > really a problem?
>>
>> Only root, and a whole bunch of management software that dumps data
>> into /dev/kmsg (systemd and friends).
>
> Running as root, do any of these cause problems by asking for too much
> memory here?  Is this something that needs to be addressed now, and in
> stable kernels, or can it wait for 3.5?

The only harm there is a kernel warning and the failure to write that
specific message to kmsg, combined with the fact that no one
complained about it before me I think it can probably wait for 3.5.

>> >> One option would be to limit it to something, but we can't come up with
>> >> a number that would make sense.
>> >>
>> >> Instead, just use vmalloc so that nothing would break with large amounts
>> >> of data.
>> >
>> > Are you sure this will work properly?  Have you tested it with large
>> > amounts of data?
>>
>> My test was dumping 800mb of data into it, if there's anything else I
>> should try please let me know.
>
> Did that fail before and now it works properly?

That's correct.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ