| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aLBthEcK1rDPQLrE@casper.infradead.org> Date: Thu, 28 Aug 2025 15:53:56 +0100 From: Matthew Wilcox <willy@...radead.org> To: "Vishal Moola (Oracle)" <vishal.moola@...il.com> Cc: David Hildenbrand <david@...hat.com>, linux-mm@...ck.org, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, "Michael S. Tsirkin" <mst@...hat.com>, Paul Moore <paul@...l-moore.com>, Stephen Smalley <stephen.smalley.work@...il.com>, Ondrej Mosnacek <omosnace@...hat.com>, selinux@...r.kernel.org Subject: Re: [PATCH v2 7/7] virtio_balloon: Stop calling page_address() in free_pages() On Wed, Aug 27, 2025 at 11:29:22AM -0700, Vishal Moola (Oracle) wrote: > I imagine theres more of these lingering in the kernel, but theres so > many callers and I only looked for the ones that were calling > page_address() inline :(. There's only 841 callers of free_page() and free_pages()! It's a bit of a disease we have, to be honest, Almost all of them should be using kmalloc() instead. To pick on one at random, sel_read_bool() in security/selinux/selinuxfs.c is the implementation of read() for some file in selinux. All it's trying to do is output two numbers, so it allocates an entire page of memory, prints two numbers to it (while being VERY CAREFUL not to overflow the buffer!) and copies the buffer to userspace. It should just use kmalloc. Oh, and it should avoid leaking the buffer if security_get_bool_value() returns an error.
Powered by blists - more mailing lists