[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAEjxPJ4YLoOG42QOdzHY=w_dExq9-et7su_WPOqzyDZDfGKJxA@mail.gmail.com>
Date: Tue, 2 Sep 2025 09:19:53 -0400
From: Stephen Smalley <stephen.smalley.work@...il.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: Matthew Wilcox <willy@...radead.org>, "Vishal Moola (Oracle)" <vishal.moola@...il.com>,
David Hildenbrand <david@...hat.com>, linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>, Paul Moore <paul@...l-moore.com>,
Ondrej Mosnacek <omosnace@...hat.com>, selinux@...r.kernel.org
Subject: Re: [PATCH v2 7/7] virtio_balloon: Stop calling page_address() in free_pages()
On Sat, Aug 30, 2025 at 7:48 AM Michael S. Tsirkin <mst@...hat.com> wrote:
>
> On Thu, Aug 28, 2025 at 03:53:56PM +0100, Matthew Wilcox wrote:
> > On Wed, Aug 27, 2025 at 11:29:22AM -0700, Vishal Moola (Oracle) wrote:
> > > I imagine theres more of these lingering in the kernel, but theres so
> > > many callers and I only looked for the ones that were calling
> > > page_address() inline :(.
> >
> > There's only 841 callers of free_page() and free_pages()!
> >
> > It's a bit of a disease we have, to be honest, Almost all of
> > them should be using kmalloc() instead. To pick on one at random,
> > sel_read_bool() in security/selinux/selinuxfs.c is the implementation
> > of read() for some file in selinux. All it's trying to do is output two
> > numbers, so it allocates an entire page of memory, prints two numbers
> > to it (while being VERY CAREFUL not to overflow the buffer!) and copies
> > the buffer to userspace.
> >
> > It should just use kmalloc.
>
> Why even kmalloc? Why not have a small array on stack?
Patch posted at
https://lore.kernel.org/selinux/20250902131107.13509-2-stephen.smalley.work@gmail.com/T/#u
>
> > Oh, and it should avoid leaking the buffer
> > if security_get_bool_value() returns an error.
Powered by blists - more mailing lists