memdump_user usually gets fed unchecked userspace input. Blasting a
full backtrace into dmesg every time is a bit excessive - I'm not sure
on the kernel rule in general, but at least in drm we're trying not to
let unpriviledge userspace spam the logs freely. Definitely not entire
warning backtraces.
It also means more filtering for our CI, because our testsuite
exercises these corner cases and so hits these a lot.
Signed-off-by: Daniel Vetter <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Mike Rapoport <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Roman Gushchin <[email protected]>
Cc: Vlastimil Babka <[email protected]>
Cc: Jan Stancek <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: "Michael S. Tsirkin" <[email protected]>
Cc: Huang Ying <[email protected]>
Cc: Bartosz Golaszewski <[email protected]>
Cc: [email protected]
---
mm/util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/util.c b/mm/util.c
index 1ea055138043..379319b1bcfd 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -150,7 +150,7 @@ void *memdup_user(const void __user *src, size_t len)
{
void *p;
- p = kmalloc_track_caller(len, GFP_USER);
+ p = kmalloc_track_caller(len, GFP_USER | __GFP_NOWARN);
if (!p)
return ERR_PTR(-ENOMEM);
--
2.20.1
On Wed, Feb 20, 2019 at 12:41 PM Daniel Vetter <[email protected]> wrote:
>
> memdump_user usually gets fed unchecked userspace input. Blasting a
> full backtrace into dmesg every time is a bit excessive - I'm not sure
> on the kernel rule in general, but at least in drm we're trying not to
> let unpriviledge userspace spam the logs freely. Definitely not entire
> warning backtraces.
>
> It also means more filtering for our CI, because our testsuite
> exercises these corner cases and so hits these a lot.
>
> Signed-off-by: Daniel Vetter <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
-Kees
> Cc: Andrew Morton <[email protected]>
> Cc: Mike Rapoport <[email protected]>
> Cc: Michal Hocko <[email protected]>
> Cc: Roman Gushchin <[email protected]>
> Cc: Vlastimil Babka <[email protected]>
> Cc: Jan Stancek <[email protected]>
> Cc: Kees Cook <[email protected]>
> Cc: Andrey Ryabinin <[email protected]>
> Cc: "Michael S. Tsirkin" <[email protected]>
> Cc: Huang Ying <[email protected]>
> Cc: Bartosz Golaszewski <[email protected]>
> Cc: [email protected]
> ---
> mm/util.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/util.c b/mm/util.c
> index 1ea055138043..379319b1bcfd 100644
> --- a/mm/util.c
> +++ b/mm/util.c
> @@ -150,7 +150,7 @@ void *memdup_user(const void __user *src, size_t len)
> {
> void *p;
>
> - p = kmalloc_track_caller(len, GFP_USER);
> + p = kmalloc_track_caller(len, GFP_USER | __GFP_NOWARN);
> if (!p)
> return ERR_PTR(-ENOMEM);
>
> --
> 2.20.1
>
--
Kees Cook
On Wed 20-02-19 21:40:58, Daniel Vetter wrote:
> memdump_user usually gets fed unchecked userspace input. Blasting a
> full backtrace into dmesg every time is a bit excessive - I'm not sure
> on the kernel rule in general, but at least in drm we're trying not to
> let unpriviledge userspace spam the logs freely. Definitely not entire
> warning backtraces.
Yes, this makes sense to me. This API sounds like an example where
returning ENOMEM to the userspace right away is much better than
spamming the log for large allocation requests. Smaller allocations
simply do not fail and the OOM killer report will be printed regardless
of __GFP_NOWARN.
> It also means more filtering for our CI, because our testsuite
> exercises these corner cases and so hits these a lot.
>
> Signed-off-by: Daniel Vetter <[email protected]>
> Cc: Andrew Morton <[email protected]>
> Cc: Mike Rapoport <[email protected]>
> Cc: Michal Hocko <[email protected]>
> Cc: Roman Gushchin <[email protected]>
> Cc: Vlastimil Babka <[email protected]>
> Cc: Jan Stancek <[email protected]>
> Cc: Kees Cook <[email protected]>
> Cc: Andrey Ryabinin <[email protected]>
> Cc: "Michael S. Tsirkin" <[email protected]>
> Cc: Huang Ying <[email protected]>
> Cc: Bartosz Golaszewski <[email protected]>
> Cc: [email protected]
Acked-by: Michal Hocko <[email protected]>
> ---
> mm/util.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/util.c b/mm/util.c
> index 1ea055138043..379319b1bcfd 100644
> --- a/mm/util.c
> +++ b/mm/util.c
> @@ -150,7 +150,7 @@ void *memdup_user(const void __user *src, size_t len)
> {
> void *p;
>
> - p = kmalloc_track_caller(len, GFP_USER);
> + p = kmalloc_track_caller(len, GFP_USER | __GFP_NOWARN);
> if (!p)
> return ERR_PTR(-ENOMEM);
>
> --
> 2.20.1
>
--
Michal Hocko
SUSE Labs