lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 20 Feb 2019 23:05:10 +0100
From:   Michal Hocko <mhocko@...nel.org>
To:     Daniel Vetter <daniel.vetter@...ll.ch>
Cc:     DRI Development <dri-devel@...ts.freedesktop.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Daniel Vetter <daniel.vetter@...el.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Mike Rapoport <rppt@...ux.vnet.ibm.com>,
        Roman Gushchin <guro@...com>, Vlastimil Babka <vbabka@...e.cz>,
        Jan Stancek <jstancek@...hat.com>,
        Kees Cook <keescook@...omium.org>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        "Michael S. Tsirkin" <mst@...hat.com>,
        Huang Ying <ying.huang@...el.com>,
        Bartosz Golaszewski <brgl@...ev.pl>, linux-mm@...ck.org
Subject: Re: [PATCH] mm: Don't let userspace spam allocations warnings

On Wed 20-02-19 21:40:58, Daniel Vetter wrote:
> memdump_user usually gets fed unchecked userspace input. Blasting a
> full backtrace into dmesg every time is a bit excessive - I'm not sure
> on the kernel rule in general, but at least in drm we're trying not to
> let unpriviledge userspace spam the logs freely. Definitely not entire
> warning backtraces.

Yes, this makes sense to me. This API sounds like an example where
returning ENOMEM to the userspace right away is much better than
spamming the log for large allocation requests. Smaller allocations
simply do not fail and the OOM killer report will be printed regardless
of __GFP_NOWARN.

> It also means more filtering for our CI, because our testsuite
> exercises these corner cases and so hits these a lot.
> 
> Signed-off-by: Daniel Vetter <daniel.vetter@...el.com>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: Mike Rapoport <rppt@...ux.vnet.ibm.com>
> Cc: Michal Hocko <mhocko@...e.com>
> Cc: Roman Gushchin <guro@...com>
> Cc: Vlastimil Babka <vbabka@...e.cz>
> Cc: Jan Stancek <jstancek@...hat.com>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
> Cc: "Michael S. Tsirkin" <mst@...hat.com>
> Cc: Huang Ying <ying.huang@...el.com>
> Cc: Bartosz Golaszewski <brgl@...ev.pl>
> Cc: linux-mm@...ck.org

Acked-by: Michal Hocko <mhocko@...e.com>

> ---
>  mm/util.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/util.c b/mm/util.c
> index 1ea055138043..379319b1bcfd 100644
> --- a/mm/util.c
> +++ b/mm/util.c
> @@ -150,7 +150,7 @@ void *memdup_user(const void __user *src, size_t len)
>  {
>  	void *p;
>  
> -	p = kmalloc_track_caller(len, GFP_USER);
> +	p = kmalloc_track_caller(len, GFP_USER | __GFP_NOWARN);
>  	if (!p)
>  		return ERR_PTR(-ENOMEM);
>  
> -- 
> 2.20.1
> 

-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists