[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+1xoqdDoKxU4L6u4XRXVMCSiMG174_y9kwoEO6i9rXS2AfUig@mail.gmail.com>
Date: Mon, 4 Feb 2013 15:19:44 -0500
From: Sasha Levin <levinsasha928@...il.com>
To: David Teigland <teigland@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] Revert "dlm: check the maximum size of a request from user"
Hi David,
This opens up a hole for userspace to force the kernel to allocate
huge chunks of memory, triggering oom killing spree and such.
It should probably be fixed instead of just reverted.
I'll look into it.
Thanks,
Sasha
On Mon, Feb 4, 2013 at 12:06 PM, David Teigland <teigland@...hat.com> wrote:
> Hi Linus,
>
> Please pull the following fix from branch:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm.git for-linus
>
> This reverts commit 2b75bc9121e54e22537207b47b71373bcb0be41c.
>
> There is something wrong with the CONFIG_COMPAT max size
> check in ioctl write. There is a report of a case where
> this breaks userland (clvmd) when maximum resource name
> lengths are used. I am still sorting out exactly which
> combinations of kernel and userland libs are a problem.
>
> Reported-by: Jana Saout <jana@...ut.de>
> CC: Sasha Levin <levinsasha928@...il.com>
> Signed-off-by: David Teigland <teigland@...hat.com>
> ---
> fs/dlm/user.c | 7 -------
> 1 file changed, 7 deletions(-)
>
> diff --git a/fs/dlm/user.c b/fs/dlm/user.c
> index 7ff4985..eb4ed9b 100644
> --- a/fs/dlm/user.c
> +++ b/fs/dlm/user.c
> @@ -503,13 +503,6 @@ static ssize_t device_write(struct file *file, const char __user *buf,
> #endif
> return -EINVAL;
>
> -#ifdef CONFIG_COMPAT
> - if (count > sizeof(struct dlm_write_request32) + DLM_RESNAME_MAXLEN)
> -#else
> - if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN)
> -#endif
> - return -EINVAL;
> -
> kbuf = kzalloc(count + 1, GFP_NOFS);
> if (!kbuf)
> return -ENOMEM;
> --
> 1.8.1.rc1.5.g7e0651a
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists