| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241216-sock-kmalloc-warn-v1-1-9cb7fdee5b32@rbox.co>
Date: Mon, 16 Dec 2024 12:50:19 +0100
From: Michal Luczaj <mhal@...x.co>
To: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>
Cc: netdev@...r.kernel.org, Michal Luczaj <mhal@...x.co>
Subject: [PATCH net] net: Check for oversized requests in sock_kmalloc()
Allocator explicitly rejects requests of order > MAX_PAGE_ORDER, triggering
a WARN_ON_ONCE_GFP().
Put a size limit in sock_kmalloc().
WARNING: CPU: 6 PID: 1676 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x32e/0x3a0
Call Trace:
___kmalloc_large_node+0x71/0xf0
__kmalloc_large_node_noprof+0x1b/0xf0
__kmalloc_noprof+0x436/0x560
sock_kmalloc+0x44/0x60
____sys_sendmsg+0x208/0x3a0
___sys_sendmsg+0x84/0xd0
__sys_sendmsg+0x56/0xa0
do_syscall_64+0x93/0x180
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Michal Luczaj <mhal@...x.co>
---
$ cat test.py
from socket import *
import os
n = 4096 << 10 # PAGE_SIZE << MAX_PAGE_ORDER
n += 1
data = bytes([0] * n)
os.system("sudo sysctl net.core.optmem_max=%d" % (n + 100))
s = socket(AF_INET, SOCK_STREAM)
cm = [(0, 0, data)]
s.sendmsg([b'x'], cm)
'''
s = socket(AF_ALG, SOCK_SEQPACKET)
s.bind(('hash', 'sha256'))
s.setsockopt(SOL_ALG, ALG_SET_KEY, data)
'''
---
net/core/sock.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core/sock.c b/net/core/sock.c
index 74729d20cd0099e748f4c4fe0be42a2d2d47e77a..1a81c5c09c9f8eb6f8a47624fe08b678b2ab19b0 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2773,7 +2773,8 @@ void *sock_kmalloc(struct sock *sk, int size, gfp_t priority)
int optmem_max = READ_ONCE(sock_net(sk)->core.sysctl_optmem_max);
if ((unsigned int)size <= optmem_max &&
- atomic_read(&sk->sk_omem_alloc) + size < optmem_max) {
+ atomic_read(&sk->sk_omem_alloc) + size < optmem_max &&
+ size <= PAGE_SIZE << MAX_PAGE_ORDER) {
void *mem;
/* First do the add, to avoid the race if kmalloc
* might sleep.
---
base-commit: 922b4b955a03d19fea98938f33ef0e62d01f5159
change-id: 20241213-sock-kmalloc-warn-0166205c25b2
Best regards,
--
Michal Luczaj <mhal@...x.co>
Powered by blists - more mailing lists