Re: [RFC] memdup_user() and friends - Marcelo Ricardo Leitner

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	netdev@vger.kernel.org
Subject: Re: [RFC] memdup_user() and friends
Date: Mon, 8 Jan 2018 12:57:20 -0200	[thread overview]
Message-ID: <20180108145720.GI725@localhost.localdomain> (raw)
In-Reply-To: <20180107021651.GB13338@ZenIV.linux.org.uk>

On Sun, Jan 07, 2018 at 02:16:56AM +0000, Al Viro wrote:
...
> 
> Everything else is definitely fine with GFP_USER - it's stuff like "copy of ioctl
> arguments in an ioctl never issued by the kernel code, must have come straight from
> ioctl(2)" and things like that.  IMO we should simply switch memdup_user() to
> GFP_USER and be done with that.  Limiting the size ought to be done by callers and
> IMO there's no point in __GFP_NOWARN there.

I don't really follow the __GFP_NOWARN part here. You mean that there
is no point on using __GFP_NOWARN there?

I would think pretty much otherwise. There is no point in logging the
trace as it is always a totally recoverable fault.

> 
> What I propose is
> 	* switch memdup_user() to GFP_USER
> 	* add vmemdup_user(), using kvmalloc() instead of kmalloc() (also with
> GFP_USER)
> 	* switch open-coded instances of the latter to calling it
> 	* switch some of the memdup_user() callers to vmemdup_user() - the ones that
> don't need physically contiguous copy and might be larger than a couple of pages.
> 	* add apriori bounds on size in the call sites that do not have those yet -
> that'll require comments from maintainers of the code in question in some cases.
> 
> Objections?

None. Good timing, btw. I also got reports about such open size
allocations and I'm finishing a patchset for SCTP to limit those.
Will migrate sctp code to vmemdup_user() when available.

Thanks,
Marcelo

next prev parent reply	other threads:[~2018-01-08 14:57 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-07  2:16 [RFC] memdup_user() and friends Al Viro
2018-01-08 14:57 ` Marcelo Ricardo Leitner [this message]
2018-01-08 17:26 ` Andy Shevchenko
  -- strict thread matches above, loose matches on Subject: below --
2018-01-07  8:48 Alexey Dobriyan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180108145720.GI725@localhost.localdomain \
    --to=marcelo.leitner@gmail.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@ZenIV.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.