Re: [PATCH][v2] proc: use vmalloc for our kernel buffer

[Al Viro]

On Thu, Aug 13, 2020 at 05:41:17PM +0200, Christoph Hellwig wrote:
> On Thu, Aug 13, 2020 at 11:40:00AM -0400, Josef Bacik wrote:
> > On 8/13/20 11:37 AM, Christoph Hellwig wrote:
> >> On Thu, Aug 13, 2020 at 11:33:56AM -0400, Josef Bacik wrote:
> >>> Since
> >>>
> >>>    sysctl: pass kernel pointers to ->proc_handler
> >>>
> >>> we have been pre-allocating a buffer to copy the data from the proc
> >>> handlers into, and then copying that to userspace.  The problem is this
> >>> just blind kmalloc()'s the buffer size passed in from the read, which in
> >>> the case of our 'cat' binary was 64kib.  Order-4 allocations are not
> >>> awesome, and since we can potentially allocate up to our maximum order,
> >>> use vmalloc for these buffers.
> >>>
> >>> Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler")
> >>> Signed-off-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
> >>> ---
> >>> v1->v2:
> >>> - Make vmemdup_user_nul actually do the right thing...sorry about that.
> >>>
> >>>   fs/proc/proc_sysctl.c  |  6 +++---
> >>>   include/linux/string.h |  1 +
> >>>   mm/util.c              | 27 +++++++++++++++++++++++++++
> >>>   3 files changed, 31 insertions(+), 3 deletions(-)
> >>>
> >>> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> >>> index 6c1166ccdaea..207ac6e6e028 100644
> >>> --- a/fs/proc/proc_sysctl.c
> >>> +++ b/fs/proc/proc_sysctl.c
> >>> @@ -571,13 +571,13 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf,
> >>>   		goto out;
> >>>     	if (write) {
> >>> -		kbuf = memdup_user_nul(ubuf, count);
> >>> +		kbuf = vmemdup_user_nul(ubuf, count);
> >>
> >> Given that this can also do a kmalloc and thus needs to be paired
> >> with kvfree shouldn't it be kvmemdup_user_nul?
> >>
> >
> > There's an existing vmemdup_user that does kvmalloc, so I followed the 
> > existing naming convention.  Do you want me to change them both?  Thanks,
> 
> I personally would, and given that it only has a few users it might
> even be feasible.

FWIW, how about following or combining that with "allocate count + 1 bytes on
the read side"?  Allows some nice cleanups - e.g.
                len = sprintf(tmpbuf, "0x%04x", *(unsigned int *) table->data);
                if (len > left)
                        len = left;
                memcpy(buffer, tmpbuf, len);
                if ((left -= len) > 0) {
                        *((char *)buffer + len) = '\n';
                        left--;
                }
in sunrpc proc_dodebug() turns into
		left -= snprintf(buffer, left, "0x%04x\n",
				 *(unsigned int *) table->data);
and that's not the only example.