RE: [PATCH] sctp: use GFP_USER for user-controlled kmalloc

From: David Laight
Date: Tue Dec 01 2015 - 05:47:42 EST

Next message: Arnd Bergmann: "Re: [PATCH 0/3] introduce new evdev interface type"
Previous message: Qais Yousef: "Re: [PATCH v2 09/19] genirq: Add a new function to get IPI reverse mapping"
Next in thread: Daniel Borkmann: "Re: [PATCH] sctp: use GFP_USER for user-controlled kmalloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Marcelo Ricardo Leitner
> Sent: 30 November 2015 16:33
> Dmitry Vyukov reported that the user could trigger a kernel warning by
> using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that
> value directly affects the value used as a kmalloc() parameter.
>
> This patch thus switches the allocation flags from all user-controllable
> kmalloc size to GFP_USER to put some more restrictions on it and also
> disables the warn, as they are not necessary.

ISTM that the code should put some 'sanity limit' on that
size before allocating the kernel buffer.

David

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnd Bergmann: "Re: [PATCH 0/3] introduce new evdev interface type"
Previous message: Qais Yousef: "Re: [PATCH v2 09/19] genirq: Add a new function to get IPI reverse mapping"
Next in thread: Daniel Borkmann: "Re: [PATCH] sctp: use GFP_USER for user-controlled kmalloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]