Re: [PATCH] drm/panfrost: Avoid user size passed to kvmalloc()

From: Rob Herring
Date: Thu Dec 16 2021 - 12:13:00 EST

Next message: Akhil R: "[PATCH v15 2/4] dmaengine: tegra: Add tegra gpcdma driver"
Previous message: Akhil R: "[PATCH v15 1/4] dt-bindings: dmaengine: Add doc for tegra gpcdma"
In reply to: Steven Price: "[PATCH] drm/panfrost: Avoid user size passed to kvmalloc()"
Next in thread: Steven Price: "Re: [PATCH] drm/panfrost: Avoid user size passed to kvmalloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 16, 2021 at 10:16 AM Steven Price <steven.price@xxxxxxx> wrote:
>
> panfrost_copy_in_sync() takes the number of fences from user space
> (in_sync_count) and used to kvmalloc() an array to hold that number of
> fences before processing them. This provides an easy method for user
> space to trigger the OOM killer (by temporarily allocating large amounts
> of kernel memory) or hit the WARN_ONCE() added by 7661809d493b ("mm:
> don't allow oversized kvmalloc() calls").
>
> Since we don't expect there to be a large number of fences we can
> instead iterate over the fences one-by-one and avoid the temporary
> allocation altogether. This also makes the code simpler.

Doesn't the BO lookup suffer from the same issue?

Rob

Next message: Akhil R: "[PATCH v15 2/4] dmaengine: tegra: Add tegra gpcdma driver"
Previous message: Akhil R: "[PATCH v15 1/4] dt-bindings: dmaengine: Add doc for tegra gpcdma"
In reply to: Steven Price: "[PATCH] drm/panfrost: Avoid user size passed to kvmalloc()"
Next in thread: Steven Price: "Re: [PATCH] drm/panfrost: Avoid user size passed to kvmalloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]