Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755039AbbLAL3t (ORCPT <rfc822;w@1wt.eu>);
	Tue, 1 Dec 2015 06:29:49 -0500
Received: from www62.your-server.de ([213.133.104.62]:39020 "EHLO
	www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751000AbbLAL3r (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 1 Dec 2015 06:29:47 -0500
Message-ID: <565D84A4.3080408@iogearbox.net>
Date: Tue, 01 Dec 2015 12:29:40 +0100
From: Daniel Borkmann <daniel@iogearbox.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: David Laight <David.Laight@ACULAB.COM>,
        "'Marcelo Ricardo Leitner'" <marcelo.leitner@gmail.com>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>
CC: "linux-sctp@vger.kernel.org" <linux-sctp@vger.kernel.org>,
        Vlad Yasevich <vyasevich@gmail.com>,
        Neil Horman <nhorman@tuxdriver.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "davem@davemloft.net" <davem@davemloft.net>,
        "syzkaller@googlegroups.com" <syzkaller@googlegroups.com>,
        "dvyukov@google.com" <dvyukov@google.com>,
        "kcc@google.com" <kcc@google.com>,
        "glider@google.com" <glider@google.com>,
        "sasha.levin@oracle.com" <sasha.levin@oracle.com>,
        "edumazet@google.com" <edumazet@google.com>
Subject: Re: [PATCH] sctp: use GFP_USER for user-controlled kmalloc
References: <CACT4Y+a_V5WQZNEnYkuA3Xc5qCWmLV3oScNeNiATZm-wW5eg3Q@mail.gmail.comc> <db23659cdf84bc80aff45e906cbfb67581e7a125.1448901154.git.marcelo.leitner@gmail.com> <063D6719AE5E284EB5DD2968C1650D6D1CBDF85D@AcuExch.aculab.com>
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D1CBDF85D@AcuExch.aculab.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: daniel@iogearbox.net
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1006
Lines: 21

On 12/01/2015 11:46 AM, David Laight wrote:
> From: Marcelo Ricardo Leitner
>> Sent: 30 November 2015 16:33
>> Dmitry Vyukov reported that the user could trigger a kernel warning by
>> using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that
>> value directly affects the value used as a kmalloc() parameter.
>>
>> This patch thus switches the allocation flags from all user-controllable
>> kmalloc size to GFP_USER to put some more restrictions on it and also
>> disables the warn, as they are not necessary.
>
> ISTM that the code should put some 'sanity limit' on that
> size before allocating the kernel buffer.

One could do that in addition, but this buffer has just a short lifetime
and by using GFP_USER hardwall restrictions apply already.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/