| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150311022310.GB1437@ad.nay.redhat.com> Date: Wed, 11 Mar 2015 10:23:10 +0800 From: Fam Zheng <famz@...hat.com> To: Dan Rosenberg <dan.j.rosenberg@...il.com> Cc: linux-kernel@...r.kernel.org, famz@...hat.com Subject: Re: [PATCH v4 4/9] epoll: Add implementation for epoll_ctl_batch On Tue, 03/10 09:59, Dan Rosenberg wrote: > On 03/09/2015 09:49 PM, Fam Zheng wrote: > > + if (!cmds || ncmds <= 0 || ncmds > EP_MAX_BATCH) > > + return -EINVAL; > > + cmd_size = sizeof(struct epoll_ctl_cmd) * ncmds; > > + /* TODO: optimize for small arguments like select/poll with a stack > > + * allocated buffer */ > > + > > + kcmds = kmalloc(cmd_size, GFP_KERNEL); > > + if (!kcmds) > > + return -ENOMEM; > You probably want to define EP_MAX_BATCH as some sane value much less > than INT_MAX/(sizeof(struct epoll_ctl_cmd)). While this avoids the > integer overflow from before, any user can cause the kernel to kmalloc > up to INT_MAX bytes. Probably not a huge deal because it's freed at the > end of the syscall, but generally not a great idea. > Yeah, makes sense, any suggested value? Thanks, Fam -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists