From: Thomas Gleixner <tglx@linutronix.de>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Sasha Levin <levinsasha928@gmail.com>,
arnd@arndb.de, viro@zeniv.linux.org.uk, davej@redhat.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] kmsg: Use vmalloc instead of kmalloc when writing
Date: Fri, 30 Mar 2012 22:49:11 +0200 (CEST) [thread overview]
Message-ID: <alpine.LFD.2.02.1203302247130.2542@ionos> (raw)
In-Reply-To: <20120330204235.GA883@kroah.com>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2044 bytes --]
On Fri, 30 Mar 2012, Greg KH wrote:
> On Fri, Mar 30, 2012 at 10:35:46PM +0200, Thomas Gleixner wrote:
> > On Fri, 30 Mar 2012, Greg KH wrote:
> > > On Fri, Mar 30, 2012 at 07:37:37PM +0300, Sasha Levin wrote:
> > > > On Fri, Mar 30, 2012 at 6:30 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> > > > > On Fri, Mar 30, 2012 at 01:04:27PM -0400, Sasha Levin wrote:
> > > > >> There are no size checks in kmsg_write(), and we try allocating enough
> > > > >> memory to store everything userspace gave us, which may be too much for
> > > > >> kmalloc to allocate.
> > > > >
> > > > > Really? Have you seen this fail? As only root can do this, is this
> > > > > really a problem?
> > > >
> > > > Only root, and a whole bunch of management software that dumps data
> > > > into /dev/kmsg (systemd and friends).
> > >
> > > Running as root, do any of these cause problems by asking for too much
> > > memory here?
> >
> > Running as root is not a guarantee for correctness. So the syscall
> > should cope with bogus requests from user space and not rely on the
> > sanity of anything. Looking at the main users which polute dmesg I'm
> > inclined to assume insanity in the first place.
> >
> > As Sasha pointed out there is either the variant to use vmalloc and
> > grant any write size or limit the size to something sensible. Though
> > given the users of this, coming up with something sensible might be a
> > problem.
> >
> > > Is this something that needs to be addressed now, and in
> > > stable kernels, or can it wait for 3.5?
> >
> > Yes, it want's to be addressed now and it want's to be in stable as
> > well. syscalls which have no bound checking are evil, no matter what.
>
> So, should we cap the size at something "super large" then as well?
I think so. This is an interface to inject stuff into dmesg. Limiting
that to a reasonable size makes sense. We can probably limit it to
something small like 1024, but I don't know about the "ideas" of those
folks who think that it's a great idea to do it at all.
Thanks,
tglx
next prev parent reply other threads:[~2012-03-30 20:49 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-30 17:04 [PATCH] kmsg: Use vmalloc instead of kmalloc when writing Sasha Levin
2012-03-30 15:30 ` Greg KH
2012-03-30 16:37 ` Sasha Levin
2012-03-30 16:49 ` Greg KH
2012-03-30 17:15 ` Sasha Levin
2012-03-30 20:35 ` Thomas Gleixner
2012-03-30 20:42 ` Greg KH
2012-03-30 20:49 ` Thomas Gleixner [this message]
2012-03-30 21:05 ` Arnd Bergmann
2012-03-30 21:17 ` Greg KH
2012-03-30 22:02 ` Sasha Levin
2012-03-30 23:43 ` Greg KH
2012-03-31 0:02 ` Kay Sievers
2012-03-31 8:57 ` Sasha Levin
2012-04-23 9:54 ` Sasha Levin
2012-03-30 21:18 ` Thomas Gleixner
2012-03-31 1:43 ` Joe Perches
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.02.1203302247130.2542@ionos \
--to=tglx@linutronix.de \
--cc=arnd@arndb.de \
--cc=davej@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=levinsasha928@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox