Re: [PATCH][v2] proc: use vmalloc for our kernel buffer

From: Christoph Hellwig
Date: Thu Aug 13 2020 - 11:37:27 EST


On Thu, Aug 13, 2020 at 11:33:56AM -0400, Josef Bacik wrote:
> Since
>
> sysctl: pass kernel pointers to ->proc_handler
>
> we have been pre-allocating a buffer to copy the data from the proc
> handlers into, and then copying that to userspace. The problem is this
> just blind kmalloc()'s the buffer size passed in from the read, which in
> the case of our 'cat' binary was 64kib. Order-4 allocations are not
> awesome, and since we can potentially allocate up to our maximum order,
> use vmalloc for these buffers.
>
> Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler")
> Signed-off-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
> ---
> v1->v2:
> - Make vmemdup_user_nul actually do the right thing...sorry about that.
>
> fs/proc/proc_sysctl.c | 6 +++---
> include/linux/string.h | 1 +
> mm/util.c | 27 +++++++++++++++++++++++++++
> 3 files changed, 31 insertions(+), 3 deletions(-)
>
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index 6c1166ccdaea..207ac6e6e028 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -571,13 +571,13 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf,
> goto out;
>
> if (write) {
> - kbuf = memdup_user_nul(ubuf, count);
> + kbuf = vmemdup_user_nul(ubuf, count);

Given that this can also do a kmalloc and thus needs to be paired
with kvfree shouldn't it be kvmemdup_user_nul?