Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp337794pxf; Wed, 17 Mar 2021 06:36:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwNJoFcVE3OmVSMjfDsGlWDxRRG6WQH2/tAPW1L8PWtKKtrMvDc1vgP8Tdy1gJP0vIg5B1M X-Received: by 2002:a17:906:4747:: with SMTP id j7mr34843868ejs.221.1615988178136; Wed, 17 Mar 2021 06:36:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1615988178; cv=none; d=google.com; s=arc-20160816; b=ZHUfQ05biFGs38iQqVflcecTs5r8aHhhMTv1M1t8JrEBHKt+9NCXN3A2sSy9lzEELY VEu5NzRuio8gWpU2Doe2xJeyRYGJOqWsH+q3Mtm/axKmtdB/aBvI8RtzfeFxqT1T5xsQ +ZPGAQjMwFIA2meuOuJqIqYB2Lwc7viq53yXZcSi6M5iEhzhzIeG2tN6zkqpUoKPq/13 T1iyOlzwmhxkbtO/FKKSczgydqGEZMECU3pI4QUZcSvaqTUZ2Ned0tD59rcGaE5eleIX sOAUPKsw0EPk3iSbymioy26OslYg0lQnSIa7C+4uuMUs6LqhewvdJ3EErIlJQgJ6zDcV E6CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=b1Wmu6NacmvzAaIQccj3wl847kOp6Ke4u2YxFVDmYtQ=; b=RwVosh+/u+uALlcCrTECStOK6G+BuEoTvIQSZDKD9U3qx2vq5KJOOS6Diw1fUC6cVg vxl+8PSeZefrilkaR9jhXC6C/AAK4XGb/AIqirmfzcYuraIddx2quKv5fu5GwU76iUhL 9ZcAxTiWGyBMAn42EbpABh33F3hVWCDvnSFc7VyVs1rhv8yosaTlJjO7NRIaNVDSb8kR TpOknhlHddXl1J0BuwdZud6xBpK+opmkdmdBv/HrukNMbStHtlJP/mAiHotY/lIAkm4+ hawy/toPYzMb6s4RUxWAe+P61qkmUU0XvO7NtsbSiLxfnpUZaK2IEXh073dv6mX5A0mq 6mIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=w4TALWD8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a17si16033488edy.160.2021.03.17.06.35.54; Wed, 17 Mar 2021 06:36:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=w4TALWD8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231245AbhCQNer (ORCPT + 99 others); Wed, 17 Mar 2021 09:34:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:39618 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230044AbhCQNeb (ORCPT ); Wed, 17 Mar 2021 09:34:31 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2CD6E64F0F; Wed, 17 Mar 2021 13:34:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1615988070; bh=b1Wmu6NacmvzAaIQccj3wl847kOp6Ke4u2YxFVDmYtQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=w4TALWD8gi5n3EBzdhCVsCCc/3Y5Hzm92L0QoGpPCmhfOO1Ua8ox+uxczXUEj0CTJ MZU1uVkcQ/TtSm4h/KBe32KyGiBB9uN1zGk8P6QAPv0j/cw14mVkqR7Y4jpq2w5yZF H+rL1e6Pryimu5zbD1Nvh+/To4rj7xDq1VwyNpMU= Date: Wed, 17 Mar 2021 14:34:27 +0100 From: Greg Kroah-Hartman To: Michal Hocko Cc: Kees Cook , Andrew Morton , Alexey Dobriyan , Lee Duncan , Chris Leech , Adam Nichols , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-hardening@vger.kernel.org, Uladzislau Rezki Subject: Re: [PATCH v2] seq_file: Unconditionally use vmalloc for buffer Message-ID: References: <20210315174851.622228-1-keescook@chromium.org> <202103161205.B2181BDE38@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 17, 2021 at 01:08:21PM +0100, Michal Hocko wrote: > Btw. I still have problems with the approach. seq_file is intended to > provide safe way to dump values to the userspace. Sacrificing > performance just because of some abuser seems like a wrong way to go as > Al pointed out earlier. Can we simply stop the abuse and disallow to > manipulate the buffer directly? I do realize this might be more tricky > for reasons mentioned in other emails but this is definitely worth > doing. We have to provide a buffer to "write into" somehow, so what is the best way to stop "abuse" like this? Right now, we do have helper functions, sysfs_emit(), that know to stop the overflow of the buffer size, but porting the whole kernel to them is going to take a bunch of churn, for almost no real benefit except a potential random driver that might be doing bad things here that we have not noticed yet. Other than that, suggestions are welcome! thanks, greg k-h