| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210503122428.30ebfddbaf8f5184dc73e1a7@linux-foundation.org>
Date: Mon, 3 May 2021 12:24:28 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Alan Stern <stern@...land.harvard.edu>
Cc: syzbot <syzbot+882a85c0c8ec4a3e2281@...kaller.appspotmail.com>,
linux-kernel@...r.kernel.org, linux-mm@...ck.org,
syzkaller-bugs@...glegroups.com,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-usb@...r.kernel.org
Subject: Re: [syzbot] WARNING in do_proc_bulk
On Mon, 3 May 2021 14:56:14 -0400 Alan Stern <stern@...land.harvard.edu> wrote:
> >
> > do_proc_bulk() is asking kmalloc for more than MAX_ORDER bytes, in
> >
> > tbuf = kmalloc(len1, GFP_KERNEL);
>
> This doesn't seem to be a bug. do_proc_bulk is simply trying to
> allocate a kernel buffer for data passed to/from userspace. If a user
> wants too much space all at once, that's their problem.
>
> As far as I know, the kmalloc API doesn't require the caller to filter
> out requests for more the MAX_ORDER bytes. Only to be prepared to
> handle failures -- which do_proc_bulk is all set for.
>
> Am I wrong about this? Should we add __GFP_NOWARN to the gfp flags?
Yes, if the oversized request is a can-happen and the resulting error is handled
appropriately, __GFP_NOWARN is the way to go.
Powered by blists - more mailing lists