lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20160615135611.21037-1-jslaby@suse.cz>
Date:	Wed, 15 Jun 2016 15:56:11 +0200
From:	Jiri Slaby <jslaby@...e.cz>
To:	gregkh@...uxfoundation.org
Cc:	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
	Jiri Slaby <jslaby@...e.cz>,
	Alan Stern <stern@...land.harvard.edu>,
	"Steinar H . Gunderson" <sesse@...gle.com>,
	Markus Rechberger <mrechberger@...il.com>,
	"4 . 6+" <stable@...r.kernel.org>
Subject: [PATCH] usb: devio, do not warn when allocation fails

usbdev_mmap allocates a buffer. The size of the buffer is determined
by a user. So with this code (no need to be root):

	int fd = open("/dev/bus/usb/001/001", O_RDONLY);
	mmap(NULL, 0x800000, PROT_READ, MAP_SHARED, fd, 0);

we can see a warning:

WARNING: CPU: 0 PID: 21771 at ../mm/page_alloc.c:3563 __alloc_pages_slowpath+0x1036/0x16e0()
...
Call Trace:
 [<ffffffff8117a3ae>] ? warn_slowpath_null+0x2e/0x40
 [<ffffffff815178b6>] ? __alloc_pages_slowpath+0x1036/0x16e0
 [<ffffffff81516880>] ? warn_alloc_failed+0x250/0x250
 [<ffffffff8151226b>] ? get_page_from_freelist+0x75b/0x28b0
 [<ffffffff815184e3>] ? __alloc_pages_nodemask+0x583/0x6b0
 [<ffffffff81517f60>] ? __alloc_pages_slowpath+0x16e0/0x16e0
 [<ffffffff810565d4>] ? dma_generic_alloc_coherent+0x104/0x220
 [<ffffffffa0269e56>] ? hcd_buffer_alloc+0x1d6/0x3e0 [usbcore]
 [<ffffffffa0269c80>] ? hcd_buffer_destroy+0xa0/0xa0 [usbcore]
 [<ffffffffa0228f05>] ? usb_alloc_coherent+0x65/0x90 [usbcore]
 [<ffffffffa0275c05>] ? usbdev_mmap+0x1a5/0x770 [usbcore]
...

Allocations like this one should be marked as __GFP_NOWARN. So do so.

The size could be also clipped by something like:
	if (size >= (1 << (MAX_ORDER + PAGE_SHIFT - 1)))
		return -ENOMEM;
But I think the overall limit of 16M (by usbfs_increase_memory_usage)
is enough, so that we only silence the warning here.

Signed-off-by: Jiri Slaby <jslaby@...e.cz>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Alan Stern <stern@...land.harvard.edu>
Cc: Steinar H. Gunderson <sesse@...gle.com>
Cc: Markus Rechberger <mrechberger@...il.com>
Fixes: f7d34b445a (USB: Add support for usbfs zerocopy.)
Cc: 4.6+ <stable@...r.kernel.org>
---
 drivers/usb/core/devio.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index e9f5043a2167..472cbcdf7456 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -241,7 +241,8 @@ static int usbdev_mmap(struct file *file, struct vm_area_struct *vma)
 		goto error_decrease_mem;
 	}
 
-	mem = usb_alloc_coherent(ps->dev, size, GFP_USER, &dma_handle);
+	mem = usb_alloc_coherent(ps->dev, size, GFP_USER | __GFP_NOWARN,
+			&dma_handle);
 	if (!mem) {
 		ret = -ENOMEM;
 		goto error_free_usbm;
-- 
2.9.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ