lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160205103524.2a35ffff@lxorguk.ukuu.org.uk>
Date:	Fri, 5 Feb 2016 10:35:24 +0000
From:	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>
To:	Dmitry Vyukov <dvyukov@...gle.com>
Cc:	David Rientjes <rientjes@...gle.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Jiri Slaby <jslaby@...e.com>,
	Peter Hurley <peter@...leysoftware.com>,
	LKML <linux-kernel@...r.kernel.org>,
	syzkaller <syzkaller@...glegroups.com>,
	Kostya Serebryany <kcc@...gle.com>,
	Alexander Potapenko <glider@...gle.com>
Subject: Re: [PATCH] tty: use __GFP_NOWARN for user-controlled kmalloc

On Fri, 5 Feb 2016 08:06:12 +0100
Dmitry Vyukov <dvyukov@...gle.com> wrote:

> On Thu, Feb 4, 2016 at 11:11 PM, David Rientjes <rientjes@...gle.com> wrote:
> > On Thu, 4 Feb 2016, Dmitry Vyukov wrote:
> >  
> >> Size of kmalloc() in vc_do_resize() is controlled by user.
> >> Too large kmalloc() size triggers WARNING message on console.
> >>
> >> Use __GFP_NOWARN for this kmalloc() to not scare admins.
> >>  
> >
> > Hmm, this is hitting the WARN_ON_ONCE(!(gfp_mask & __GFP_NOWARN)) for
> > order >= MAX_ORDER.
> >
> > vc_do_resize() has
> >
> >         if (cols > VC_RESIZE_MAXCOL || lines > VC_RESIZE_MAXROW)
> >                 return -EINVAL;
> >
> > so the appropriate fix would seem to be to reject sizes that would exceed
> > the page allocator's ability to return contiguous memory (MAX_ORDER)
> > rather than ever trying the allocation in the first place.  
> 
> Hi David,
> 
> Please see Alan response to original report here:
> https://groups.google.com/d/msg/syzkaller/ufjvr5j0URo/lTlpYP0DBQAJ
> I can't say that I fully understand it.

I think we can go down to something like cols * lines < 4MB with complete
safety.

Alan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ