Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp663891imm; Thu, 13 Sep 2018 06:02:28 -0700 (PDT) X-Google-Smtp-Source: ANB0Vda7HJyi6cDD8boCp04NLnba0S1DjQB7SUNoZRhhedUQhqOtGkUgBFibl6fJOA2xgMlzmPcw X-Received: by 2002:a63:c44a:: with SMTP id m10-v6mr7137510pgg.416.1536843748229; Thu, 13 Sep 2018 06:02:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536843748; cv=none; d=google.com; s=arc-20160816; b=h/LbhlN3n+zfIBCPv9GSx/6M3ijgl+Ng1AQRW46TCINsN1fNyBL3vUNHYg73GZmdzP 5U/vn+2rrio38R+5V+5cAcagtqHwEm96/P12eW6h0qtwbKLEHyGYuIQ2X3N+RyGX6p83 hjmXx3vq1MDgNmzOvfZWt+EFnWhLZys2hIFZ6QjjRZt+akGhcIQAqKOURg/BFnKylgRZ akjbxfRi5y0Fh4C+qtXjOQB/8HKwToCa2ZwHuPJBc3vQZHGHjxXMVDwkVc0qw3UT8uWO C7mugnLvKpx/sLtkTEYQv9dSkNGtZoeLX0wrU90Vaf4Sz1ogZpxP4c1i9I/VQ7qw84xw PxTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=GTn/vXOVTceTBiARH9pTuIRo1NGFFNwJPICXiIyeULo=; b=tg9DnQjY/zXtXPQIbXWhxXcTt8JOHRO8gLXkvcPxyZAB9rP4fuC1UByjelvt27hqst sqUCq3wOnAP/G8dvMmXdUbjWGfXc9D1q0wlbi7xeCKpYXsoBByzCIics5RgrQh1aN0x0 ZxoM9x0OTYtdxQ+Br+oMXzgzl08huMNnirMAE//GAIf4o0+z0ysgDYGijIZcfHJg1Q1E zJuPb+U12HTK+fSfoh5iNGb6qTQtgqdqyimFbfaqIhyy2AxY5moA2+6+RTdlPnVFzIyj tASCCXWiYFVSm9wZool/rvPCcglp0hMAdPVpyQAyBo6CZBLXRjg3GJNsrirBrNX9Anqh qynw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c17-v6si3771983pgp.299.2018.09.13.06.02.11; Thu, 13 Sep 2018 06:02:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728490AbeIMSIr convert rfc822-to-8bit (ORCPT + 99 others); Thu, 13 Sep 2018 14:08:47 -0400 Received: from seldsegrel01.sonyericsson.com ([37.139.156.29]:9182 "EHLO SELDSEGREL01.sonyericsson.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727002AbeIMSEe (ORCPT ); Thu, 13 Sep 2018 14:04:34 -0400 Subject: Re: [PATCH] selinux: Add __GFP_NOWARN to allocation at str_read() To: Michal Hocko CC: Tetsuo Handa , Paul Moore , , , Eric Paris , , Stephen Smalley , , linux-mm References: <000000000000038dab0575476b73@google.com> <9d685700-bc5c-9c2f-7795-56f488d2ea38@sony.com> <20180913111135.GA21006@dhcp22.suse.cz> From: peter enderborg Message-ID: Date: Thu, 13 Sep 2018 14:55:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180913111135.GA21006@dhcp22.suse.cz> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8BIT Content-Language: en-GB Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/13/2018 01:11 PM, Michal Hocko wrote: > On Thu 13-09-18 09:12:04, peter enderborg wrote: >> On 09/13/2018 08:26 AM, Tetsuo Handa wrote: >>> On 2018/09/13 12:02, Paul Moore wrote: >>>> On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa >>>> wrote: >>>>> syzbot is hitting warning at str_read() [1] because len parameter can >>>>> become larger than KMALLOC_MAX_SIZE. We don't need to emit warning for >>>>> this case. >>>>> >>>>> [1] https://syzkaller.appspot.com/bug?id=7f2f5aad79ea8663c296a2eedb81978401a908f0 >>>>> >>>>> Signed-off-by: Tetsuo Handa >>>>> Reported-by: syzbot >>>>> --- >>>>> security/selinux/ss/policydb.c | 2 +- >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>> >>>>> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c >>>>> index e9394e7..f4eadd3 100644 >>>>> --- a/security/selinux/ss/policydb.c >>>>> +++ b/security/selinux/ss/policydb.c >>>>> @@ -1101,7 +1101,7 @@ static int str_read(char **strp, gfp_t flags, void *fp, u32 len) >>>>> if ((len == 0) || (len == (u32)-1)) >>>>> return -EINVAL; >>>>> >>>>> - str = kmalloc(len + 1, flags); >>>>> + str = kmalloc(len + 1, flags | __GFP_NOWARN); >>>>> if (!str) >>>>> return -ENOMEM; >>>> Thanks for the patch. >>>> >>>> My eyes are starting to glaze over a bit chasing down all of the >>>> different kmalloc() code paths trying to ensure that this always does >>>> the right thing based on size of the allocation and the different slab >>>> allocators ... are we sure that this will always return NULL when (len >>>> + 1) is greater than KMALLOC_MAX_SIZE for the different slab allocator >>>> configurations? >>>> >>> Yes, for (len + 1) cannot become 0 (which causes kmalloc() to return >>> ZERO_SIZE_PTR) due to (len == (u32)-1) check above. >>> >>> The only concern would be whether you want allocation failure messages. >>> I assumed you don't need it because we are returning -ENOMEM to the caller. >>> >> Would it not be better with >> >>     char *str; >> >>     if ((len == 0) || (len == (u32)-1) || (len >= KMALLOC_MAX_SIZE)) >>         return -EINVAL; >> >>     str = kmalloc(len + 1, flags); >>     if (!str) >>         return -ENOMEM; > I strongly suspect that you want kvmalloc rather than kmalloc here. The > larger the request the more likely is the allocation to fail. > > I am not familiar with the code but I assume this is a root only > interface so we don't have to worry about nasty users scenario. > I don't think we get any big data there at all. Usually less than 32 bytes. However this data can be in fast path so a vmalloc is not an option. And some of the calls are GFP_ATOMC.