From: Dan Rosenberg <dan.j.rosenberg-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Fam Zheng <famz-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>,
Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
Alexander Viro
<viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
David Herrmann
<dh.herrmann-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>,
Miklos Szeredi <mszeredi-AlSwsSmVLrQ@public.gmane.org>,
David Drysdale <drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
Vivek Goyal <vgoyal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Mike Frysinger <vapier-aBrp7R+bbdUdnm+yROfE0A@public.gmane.org>,
Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>,
Heiko Carstens
<heiko.carstens-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>,
Rasmus Villemoes
<linux-qQsb+v5E8BnlAoU/VqSP6n9LOBIZ5rWg@public.gmane.org>,
Rashika Kheria
<rashika.kheria-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Hugh Dickins <hughd-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Mathieu Desnoyers
<mathieu.desnoyers-vg+e7yoeK/dWk0Htik3J/w@public.gmane.org>,
Peter Zijlstra <peterz-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
linux-fsdevel
Subject: Re: [PATCH v4 4/9] epoll: Add implementation for epoll_ctl_batch
Date: Tue, 10 Mar 2015 09:59:35 -0400 [thread overview]
Message-ID: <54FEF8C7.7050906@gmail.com> (raw)
In-Reply-To: <1425952155-27603-5-git-send-email-famz-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
On 03/09/2015 09:49 PM, Fam Zheng wrote:
> + if (!cmds || ncmds <= 0 || ncmds > EP_MAX_BATCH)
> + return -EINVAL;
> + cmd_size = sizeof(struct epoll_ctl_cmd) * ncmds;
> + /* TODO: optimize for small arguments like select/poll with a stack
> + * allocated buffer */
> +
> + kcmds = kmalloc(cmd_size, GFP_KERNEL);
> + if (!kcmds)
> + return -ENOMEM;
You probably want to define EP_MAX_BATCH as some sane value much less
than INT_MAX/(sizeof(struct epoll_ctl_cmd)). While this avoids the
integer overflow from before, any user can cause the kernel to kmalloc
up to INT_MAX bytes. Probably not a huge deal because it's freed at the
end of the syscall, but generally not a great idea.
WARNING: multiple messages have this Message-ID (diff)
From: Dan Rosenberg <dan.j.rosenberg@gmail.com>
To: Fam Zheng <famz@redhat.com>, linux-kernel@vger.kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Alexander Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Andy Lutomirski <luto@amacapital.net>,
David Herrmann <dh.herrmann@gmail.com>,
Alexei Starovoitov <ast@plumgrid.com>,
Miklos Szeredi <mszeredi@suse.cz>,
David Drysdale <drysdale@google.com>,
Oleg Nesterov <oleg@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Vivek Goyal <vgoyal@redhat.com>,
Mike Frysinger <vapier@gentoo.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Rashika Kheria <rashika.kheria@gmail.com>,
Hugh Dickins <hughd@google.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Peter Zijlstra <peterz@infradead.org>,
linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org,
Josh Triplett <josh@joshtriplett.org>,
"Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Omar Sandoval <osandov@osandov.com>,
Jonathan Corbet <corbet@lwn.net>,
shane.seymour@hp.com
Subject: Re: [PATCH v4 4/9] epoll: Add implementation for epoll_ctl_batch
Date: Tue, 10 Mar 2015 09:59:35 -0400 [thread overview]
Message-ID: <54FEF8C7.7050906@gmail.com> (raw)
In-Reply-To: <1425952155-27603-5-git-send-email-famz@redhat.com>
On 03/09/2015 09:49 PM, Fam Zheng wrote:
> + if (!cmds || ncmds <= 0 || ncmds > EP_MAX_BATCH)
> + return -EINVAL;
> + cmd_size = sizeof(struct epoll_ctl_cmd) * ncmds;
> + /* TODO: optimize for small arguments like select/poll with a stack
> + * allocated buffer */
> +
> + kcmds = kmalloc(cmd_size, GFP_KERNEL);
> + if (!kcmds)
> + return -ENOMEM;
You probably want to define EP_MAX_BATCH as some sane value much less
than INT_MAX/(sizeof(struct epoll_ctl_cmd)). While this avoids the
integer overflow from before, any user can cause the kernel to kmalloc
up to INT_MAX bytes. Probably not a huge deal because it's freed at the
end of the syscall, but generally not a great idea.
next prev parent reply other threads:[~2015-03-10 13:59 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-10 1:49 [PATCH v4 0/9] epoll: Introduce new syscalls, epoll_ctl_batch and epoll_pwait1 Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` [PATCH v4 1/9] epoll: Extract epoll_wait_do and epoll_pwait_do Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` [PATCH v4 2/9] epoll: Specify clockid explicitly Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` [PATCH v4 3/9] epoll: Extract ep_ctl_do Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` [PATCH v4 4/9] epoll: Add implementation for epoll_ctl_batch Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
[not found] ` <1425952155-27603-5-git-send-email-famz-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-03-10 13:59 ` Dan Rosenberg [this message]
2015-03-10 13:59 ` Dan Rosenberg
2015-03-11 2:23 ` Fam Zheng
2015-03-10 1:49 ` [PATCH v4 5/9] x86: Hook up epoll_ctl_batch syscall Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` [PATCH v4 6/9] epoll: Add implementation for epoll_pwait1 Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` [PATCH v4 7/9] x86: Hook up epoll_pwait1 syscall Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
[not found] ` <1425952155-27603-1-git-send-email-famz-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-03-10 1:49 ` [PATCH v4 8/9] epoll: Add compat version implementation of epoll_pwait1 Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` [PATCH v4 9/9] x86: Hook up 32 bit compat epoll_pwait1 syscall Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-10 1:49 ` Fam Zheng
2015-03-12 15:02 ` [PATCH v4 0/9] epoll: Introduce new syscalls, epoll_ctl_batch and epoll_pwait1 Jason Baron
2015-03-12 15:02 ` Jason Baron
[not found] ` <5501AA6B.2020209-JqFfY2XvxFXQT0dZR+AlfA@public.gmane.org>
2015-03-13 11:31 ` Fam Zheng
2015-03-13 11:31 ` Fam Zheng
2015-03-13 11:31 ` Fam Zheng
[not found] ` <20150313113122.GA7427-ZfWej9ACyHUXGNroddHbYwC/G2K4zDHf@public.gmane.org>
2015-03-13 14:46 ` Jason Baron
2015-03-13 14:46 ` Jason Baron
2015-03-13 14:46 ` Jason Baron
[not found] ` <5502F857.6050505-JqFfY2XvxFXQT0dZR+AlfA@public.gmane.org>
2015-03-13 14:56 ` Paolo Bonzini
2015-03-13 14:56 ` Paolo Bonzini
2015-03-13 14:56 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54FEF8C7.7050906@gmail.com \
--to=dan.j.rosenberg-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=dh.herrmann-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=drysdale-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=famz-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=heiko.carstens-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=hughd-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-qQsb+v5E8BnlAoU/VqSP6n9LOBIZ5rWg@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mathieu.desnoyers-vg+e7yoeK/dWk0Htik3J/w@public.gmane.org \
--cc=mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=mszeredi-AlSwsSmVLrQ@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=peterz-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=rashika.kheria-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org \
--cc=tytso-3s7WtUTddSA@public.gmane.org \
--cc=vapier-aBrp7R+bbdUdnm+yROfE0A@public.gmane.org \
--cc=vgoyal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
--cc=x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.