lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 16 Jul 2023 12:28:30 +0100
From: Matthew Wilcox <willy@...radead.org>
To: Bagas Sanjaya <bagasdotme@...il.com>
Cc: Vlastimil Babka <vbabka@...e.cz>, Christoph Lameter <cl@...ux.com>,
	Pekka Enberg <penberg@...nel.org>,
	David Rientjes <rientjes@...gle.com>,
	Joonsoo Kim <iamjoonsoo.kim@....com>,
	Roman Gushchin <roman.gushchin@...ux.dev>,
	Hyeonggon Yoo <42.hyeyoo@...il.com>,
	Rudi Heitbaum <rudi@...tbaum.com>,
	Johannes Berg <johannes@...solutions.net>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	Michael Ellerman <mpe@...erman.id.au>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Linux Regressions <regressions@...ts.linux.dev>,
	Linux Memory Management List <linux-mm@...ck.org>,
	Linux Networking <netdev@...r.kernel.org>,
	Linux Wireless <linux-wireless@...r.kernel.org>
Subject: Re: Fwd: mm/page_alloc.c:4453 with cfg80211_wiphy_work [cfg80211]

On Sun, Jul 16, 2023 at 06:10:44PM +0700, Bagas Sanjaya wrote:
> Hi,
> 
> I notice a regression report on Bugzilla [1]. Quoting from it:

Maybe you could try doing some work on this bug before just spamming
people with it?

        if (WARN_ON_ONCE_GFP(order > MAX_ORDER, gfp))
                return NULL;

This is the page allocator telling the caller that they've asked for an
unreasonably large allocation.

Now, this bug is actually interesting to the MM because the caller
called kmalloc() with a ridiculous size.  Arguable kmalloc should
protect callers from themselves (alloc_pages() is more low level
and can presume its users know what they're doing).

Vlastimil, what do you think?  Something like ...

+++ b/mm/slab_common.c
@@ -1119,6 +1119,8 @@ static void *__kmalloc_large_node(size_t size, gfp_t flags, int node)
        void *ptr = NULL;
        unsigned int order = get_order(size);

+       if (order > MAX_ORDER)
+               return NULL;
        if (unlikely(flags & GFP_SLAB_BUG_MASK))
                flags = kmalloc_fix_flags(flags);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ