From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754924AbcIGT0G (ORCPT <rfc822;w@1wt.eu>);
        Wed, 7 Sep 2016 15:26:06 -0400
Received: from mx1.redhat.com ([209.132.183.28]:40920 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751147AbcIGT0D (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 7 Sep 2016 15:26:03 -0400
Date: Wed, 7 Sep 2016 21:25:59 +0200
From: Jiri Olsa <jolsa@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andi Kleen <andi@firstfloor.org>, Kees Cook <keescook@chromium.org>,
        Jiri Olsa <jolsa@kernel.org>, lkml <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        Adrian Hunter <adrian.hunter@intel.com>,
        KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Subject: Re: [PATCH] fs/proc/kcore.c: Omit kernel text area for hardened
 usercopy feature
Message-ID: <20160907192559.GB2422@krava>
References: <1472819145-27260-1-git-send-email-jolsa@kernel.org>
 <20160902151713.GM5871@two.firstfloor.org>
 <20160905084722.GA3134@krava>
 <CAGXu5jLfvx0w+uVbrcVky7hS-6VsSRStOjEyCt6TUqgA7s6OVg@mail.gmail.com>
 <20160907073257.GB8619@krava>
 <20160907163852.GQ5871@two.firstfloor.org>
 <CA+55aFzpVnhpfG6p9Y8JGo1+__mcBtX5H2ZFv5kmtacMtK5BiQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+55aFzpVnhpfG6p9Y8JGo1+__mcBtX5H2ZFv5kmtacMtK5BiQ@mail.gmail.com>
User-Agent: Mutt/1.7.0 (2016-08-17)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 07 Sep 2016 19:26:03 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Sep 07, 2016 at 09:58:01AM -0700, Linus Torvalds wrote:
> On Wed, Sep 7, 2016 at 9:38 AM, Andi Kleen <andi@firstfloor.org> wrote:
> >>
> >> -                             n = copy_to_user(buffer, (char *)start, tsz);
> >> +                             buf = kzalloc(tsz, GFP_KERNEL);
> >
> > You have to add some limit and a loop, otherwise a user can eat all kernel memory,
> > or copies > KMALLOC_MAX wouldn't work. Probably only get a single page.
> 
> 'start' and 'tsz' is already chunked to be aligned pages (well, as
> aligned as they can be: the beginning and end obviously won't be).
> Above the loop:
> 
>         if ((tsz = (PAGE_SIZE - (start & ~PAGE_MASK))) > buflen)
>                 tsz = buflen;
> 
> and then inside the loop:
> 
>                 tsz = (buflen > PAGE_SIZE ? PAGE_SIZE : buflen);
> 
> so it's already limited to one page.
> 
> That said, it *might* be worth moving the temporary allocation to the
> top, or even to move it to open_kcore(). It used to be a special case
> for just the vmalloc region, now it's always done.
> 
> So instead of having two different copies of the same special case for
> the two different cases, why not try to unify them and just have one
> common (page-sized) buffer allocation?

ook, sounds good.. will repost soon

jirka