| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <34a4e8db-b0b8-4ad8-b8a2-bdfd69cc8b00@lunn.ch> Date: Sat, 20 Sep 2025 17:38:37 +0200 From: Andrew Lunn <andrew@...n.ch> To: Kriish Sharma <kriish.sharma2006@...il.com> Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, willemb@...gle.com, kerneljasonxing@...il.com, martin.lau@...nel.org, mhal@...x.co, almasrymina@...gle.com, ebiggers@...gle.com, aleksander.lobakin@...el.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, skhan@...uxfoundation.org, syzbot+5a2250fd91b28106c37b@...kaller.appspotmail.com Subject: Re: [PATCH] net: skb: guard kmalloc_reserve() against oversized allocations On Sat, Sep 20, 2025 at 11:37:23AM +0000, Kriish Sharma wrote: > Add an explicit size check in kmalloc_reserve() to reject requests > larger than KMALLOC_MAX_SIZE before they reach the allocator. > > syzbot reported warnings triggered by attempts to allocate buffers > with an object size exceeding KMALLOC_MAX_SIZE. While the existing > code relies on kmalloc() failure and a comment states that truncation > is "harmless", in practice this causes high-order allocation warnings > and noisy kernel logs that interfere with testing. > > This patch introduces an early guard in kmalloc_reserve() that returns > NULL if obj_size exceeds KMALLOC_MAX_SIZE. This ensures impossible > requests fail fast and silently, avoiding allocator warnings while > keeping the intended semantics unchanged. What is the value of KMALLOC_MAX_SIZE? Do we actually want a warn_once() here because it indicates a driver bug, or missing validation of user space parameters? Andrew
Powered by blists - more mailing lists