| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Feb 2016 10:35:24 +0000 From: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> To: Dmitry Vyukov <dvyukov@...gle.com> Cc: David Rientjes <rientjes@...gle.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jiri Slaby <jslaby@...e.com>, Peter Hurley <peter@...leysoftware.com>, LKML <linux-kernel@...r.kernel.org>, syzkaller <syzkaller@...glegroups.com>, Kostya Serebryany <kcc@...gle.com>, Alexander Potapenko <glider@...gle.com> Subject: Re: [PATCH] tty: use __GFP_NOWARN for user-controlled kmalloc On Fri, 5 Feb 2016 08:06:12 +0100 Dmitry Vyukov <dvyukov@...gle.com> wrote: > On Thu, Feb 4, 2016 at 11:11 PM, David Rientjes <rientjes@...gle.com> wrote: > > On Thu, 4 Feb 2016, Dmitry Vyukov wrote: > > > >> Size of kmalloc() in vc_do_resize() is controlled by user. > >> Too large kmalloc() size triggers WARNING message on console. > >> > >> Use __GFP_NOWARN for this kmalloc() to not scare admins. > >> > > > > Hmm, this is hitting the WARN_ON_ONCE(!(gfp_mask & __GFP_NOWARN)) for > > order >= MAX_ORDER. > > > > vc_do_resize() has > > > > if (cols > VC_RESIZE_MAXCOL || lines > VC_RESIZE_MAXROW) > > return -EINVAL; > > > > so the appropriate fix would seem to be to reject sizes that would exceed > > the page allocator's ability to return contiguous memory (MAX_ORDER) > > rather than ever trying the allocation in the first place. > > Hi David, > > Please see Alan response to original report here: > https://groups.google.com/d/msg/syzkaller/ufjvr5j0URo/lTlpYP0DBQAJ > I can't say that I fully understand it. I think we can go down to something like cols * lines < 4MB with complete safety. Alan
Powered by blists - more mailing lists