From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: Christoph Hellwig <hch@lst.de>, Stanislav Fomichev <sdf@google.com>
Cc: Vegard Nossum <vegard.nossum@oracle.com>,
Kees Cook <keescook@chromium.org>,
Iurii Zaikin <yzaikin@google.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
LKML <linux-kernel@vger.kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>, bpf <bpf@vger.kernel.org>,
Andrey Ignatov <rdna@fb.com>
Subject: Re: WARNING: CPU: 1 PID: 52 at mm/page_alloc.c:4826 __alloc_pages_nodemask (Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler)
Date: Mon, 8 Jun 2020 09:40:17 -0700 [thread overview]
Message-ID: <CAADnVQL3iBoem4T6CxYeZRCJwS7qRwjjbW+8ip5r3-LCt_eRXQ@mail.gmail.com> (raw)
In-Reply-To: <20200608130503.GA22898@lst.de>
On Mon, Jun 8, 2020 at 6:05 AM Christoph Hellwig <hch@lst.de> wrote:
>
> On Mon, Jun 08, 2020 at 09:45:49AM +0200, Vegard Nossum wrote:
> > Just a test case.
> >
> > Allowing the kernel to allocate an unbounded amount of memory on behalf
> > of userspace is an easy DOS.
> >
> > All the length checks were already in there, e.g.
> >
> > static int cmm_timeout_handler(struct ctl_table *ctl, int write,
> > void __user *buffer, size_t *lenp, loff_t
> > *ppos)
> > {
> > char buf[64], *p;
> > [...]
> > len = min(*lenp, sizeof(buf));
> > if (copy_from_user(buf, buffer, len))
> > return -EFAULT;
>
> Doesn't help if we don't know the exact limit yet. But we can put
> some arbitrary but reasonable limit like KMALLOC_MAX_SIZE on the
> sysctls and see if this sticks.
adding Stanislav. I think he's looking into this already.
next prev parent reply other threads:[~2020-06-08 16:40 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-24 6:43 pass kernel pointers to the sysctl ->proc_handler method v3 Christoph Hellwig
2020-04-24 6:43 ` [PATCH 1/5] bpf-cgroup: remove unused exports Christoph Hellwig
2020-04-27 21:23 ` Daniel Borkmann
2020-04-24 6:43 ` [PATCH 2/5] mm: remove watermark_boost_factor_sysctl_handler Christoph Hellwig
2020-05-04 18:41 ` Kees Cook
2020-04-24 6:43 ` [PATCH 3/5] sysctl: remove all extern declaration from sysctl.c Christoph Hellwig
2020-05-04 1:25 ` Stephen Rothwell
2020-05-04 18:42 ` Kees Cook
2020-04-24 6:43 ` [PATCH 4/5] sysctl: avoid forward declarations Christoph Hellwig
2020-05-04 18:44 ` Kees Cook
2020-04-24 6:43 ` [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler Christoph Hellwig
2020-04-24 19:06 ` Andrey Ignatov
2020-04-27 5:34 ` Christoph Hellwig
2020-05-04 19:01 ` Kees Cook
2020-05-05 5:57 ` Christoph Hellwig
2020-06-04 20:22 ` WARNING: CPU: 1 PID: 52 at mm/page_alloc.c:4826 __alloc_pages_nodemask (Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler) Vegard Nossum
2020-06-08 6:51 ` Christoph Hellwig
2020-06-08 7:45 ` Vegard Nossum
2020-06-08 13:05 ` Christoph Hellwig
2020-06-08 16:40 ` Alexei Starovoitov [this message]
2020-06-08 16:49 ` sdf
2020-04-26 15:51 ` pass kernel pointers to the sysctl ->proc_handler method v3 Alexei Starovoitov
2020-04-27 5:35 ` Christoph Hellwig
2020-04-26 15:59 ` Al Viro
2020-04-27 5:36 ` Christoph Hellwig
2020-04-27 7:15 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAADnVQL3iBoem4T6CxYeZRCJwS7qRwjjbW+8ip5r3-LCt_eRXQ@mail.gmail.com \
--to=alexei.starovoitov@gmail.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=hch@lst.de \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rdna@fb.com \
--cc=sdf@google.com \
--cc=vegard.nossum@oracle.com \
--cc=viro@zeniv.linux.org.uk \
--cc=yzaikin@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.