Re: [PATCH 07/13] kexec: Implementation of new syscall kexec_file_load

From: H. Peter Anvin
Date: Mon Jun 16 2014 - 18:50:54 EST


On 06/16/2014 02:43 PM, Vivek Goyal wrote:
>>
>> Borislav and I talked about this briefly over IRC. A key part of that
>> is that if userspace could manipulate this system call to consume an
>> unreasonable amount of memory, we would have a problem, for example if
>> this code used vzalloc() instead of kzalloc(). However, since
>> kmalloc/kzalloc implies a relatively restrictive limit on the memory
>> allocation size anyway, well short of anything that could cause OOM
>> problems, that pretty much solves the problem.
>
> Actually currently I am using vzalloc() for command line buffer
> allocation.
>
> image->cmdline_buf = vzalloc(cmdline_len);
> if (!image->cmdline_buf)
> goto out;
>
> Should I switch to using kzalloc() instead?
>

Yes. There is absolutely no valid reason to use vzalloc() for an object
that small, and if someone manipulates the header to allow for a crazily
large command line then you can trick the kernel into allocating
arbitrary amounts of memory.

-hpa


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/