Re: [PATCH 07/13] kexec: Implementation of new syscall kexec_file_load

From: H. Peter Anvin
Date: Mon Jun 16 2014 - 18:50:54 EST

Next message: laura wintour: "hi"
Previous message: Darren Hart: "Re: [patch 1/5] futex: Make unlock_pi more robust"
In reply to: Borislav Petkov: "Re: [PATCH 07/13] kexec: Implementation of new syscall kexec_file_load"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06/16/2014 02:43 PM, Vivek Goyal wrote:
>>
>> Borislav and I talked about this briefly over IRC. A key part of that
>> is that if userspace could manipulate this system call to consume an
>> unreasonable amount of memory, we would have a problem, for example if
>> this code used vzalloc() instead of kzalloc(). However, since
>> kmalloc/kzalloc implies a relatively restrictive limit on the memory
>> allocation size anyway, well short of anything that could cause OOM
>> problems, that pretty much solves the problem.
>
> Actually currently I am using vzalloc() for command line buffer
> allocation.
>
> image->cmdline_buf = vzalloc(cmdline_len);
> if (!image->cmdline_buf)
> goto out;
>
> Should I switch to using kzalloc() instead?
>

Yes. There is absolutely no valid reason to use vzalloc() for an object
that small, and if someone manipulates the header to allow for a crazily
large command line then you can trick the kernel into allocating
arbitrary amounts of memory.

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: laura wintour: "hi"
Previous message: Darren Hart: "Re: [patch 1/5] futex: Make unlock_pi more robust"
In reply to: Borislav Petkov: "Re: [PATCH 07/13] kexec: Implementation of new syscall kexec_file_load"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]