From: Michal Hocko <mhocko@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>,
David Rientjes <rientjes@google.com>,
Mel Gorman <mgorman@suse.de>,
Johannes Weiner <hannes@cmpxchg.org>,
Al Viro <viro@zeniv.linux.org.uk>, Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Anton Vorontsov <anton@enomsg.org>,
Colin Cross <ccross@android.com>, Tony Luck <tony.luck@intel.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Ben Skeggs <bskeggs@redhat.com>,
Kent Overstreet <kent.overstreet@gmail.com>,
Santosh Raspatur <santosh@chelsio.com>,
Hariprasad S <hariprasad@chelsio.com>,
Tariq Toukan <tariqt@mellanox.com>,
Yishai Hadas <yishaih@mellanox.com>,
Dan Williams <dan.j.williams@intel.com>,
Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
David Sterba <dsterba@suse.com>, "Yan, Zheng" <zyan@redhat.com>,
Ilya Dryomov <idryomov@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Eric Dumazet <eric.dumazet@gmail.com>,
Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH 5/6] treewide: use kv[mz]alloc* rather than opencoded variants
Date: Thu, 12 Jan 2017 18:37:46 +0100 [thread overview]
Message-ID: <20170112173745.GC31509@dhcp22.suse.cz> (raw)
In-Reply-To: <CAGXu5jKhYP=5YNuntzmG64WL92F59VKhByOh9nqaGP7-LBEnng@mail.gmail.com>
On Thu 12-01-17 09:26:09, Kees Cook wrote:
> On Thu, Jan 12, 2017 at 7:37 AM, Michal Hocko <mhocko@kernel.org> wrote:
[...]
> > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> > index 4f74511015b8..e6bbb33d2956 100644
> > --- a/arch/s390/kvm/kvm-s390.c
> > +++ b/arch/s390/kvm/kvm-s390.c
> > @@ -1126,10 +1126,7 @@ static long kvm_s390_get_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
> > if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
> > return -EINVAL;
> >
> > - keys = kmalloc_array(args->count, sizeof(uint8_t),
> > - GFP_KERNEL | __GFP_NOWARN);
> > - if (!keys)
> > - keys = vmalloc(sizeof(uint8_t) * args->count);
> > + keys = kvmalloc(args->count * sizeof(uint8_t), GFP_KERNEL);
>
> Before doing this conversion, can we add a kvmalloc_array() API? This
> conversion could allow for the reintroduction of integer overflow
> flaws. (This particular situation isn't at risk since ->count is
> checked, but I'd prefer we not create a risky set of examples for
> using kvmalloc.)
Well, I am not opposed to kvmalloc_array but I would argue that this
conversion cannot introduce new overflow issues. The code would have
to be broken already because even though kmalloc_array checks for the
overflow but vmalloc fallback doesn't...
If there is a general interest for this API I can add it.
--
Michal Hocko
SUSE Labs
WARNING: multiple messages have this Message-ID (diff)
From: Michal Hocko <mhocko@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>,
David Rientjes <rientjes@google.com>,
Mel Gorman <mgorman@suse.de>,
Johannes Weiner <hannes@cmpxchg.org>,
Al Viro <viro@zeniv.linux.org.uk>, Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Anton Vorontsov <anton@enomsg.org>,
Colin Cross <ccross@android.com>, Tony Luck <tony.luck@intel.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Ben Skeggs <bskeggs@redhat.com>,
Kent Overstreet <kent.overstreet@gmail.com>,
Santosh Raspatur <santosh@chelsio.com>,
Hariprasad S <hariprasad@chelsio.com>,
Tariq Toukan <tariqt@mellanox.com>,
Yishai Hadas <yishaih@mellanox.com>,
Dan Williams <dan.j.williams@intel.com>,
Oleg Drokin <oleg.drokin@intel.com>,
Andreas
Subject: Re: [PATCH 5/6] treewide: use kv[mz]alloc* rather than opencoded variants
Date: Thu, 12 Jan 2017 18:37:46 +0100 [thread overview]
Message-ID: <20170112173745.GC31509@dhcp22.suse.cz> (raw)
In-Reply-To: <CAGXu5jKhYP=5YNuntzmG64WL92F59VKhByOh9nqaGP7-LBEnng@mail.gmail.com>
On Thu 12-01-17 09:26:09, Kees Cook wrote:
> On Thu, Jan 12, 2017 at 7:37 AM, Michal Hocko <mhocko@kernel.org> wrote:
[...]
> > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> > index 4f74511015b8..e6bbb33d2956 100644
> > --- a/arch/s390/kvm/kvm-s390.c
> > +++ b/arch/s390/kvm/kvm-s390.c
> > @@ -1126,10 +1126,7 @@ static long kvm_s390_get_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
> > if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
> > return -EINVAL;
> >
> > - keys = kmalloc_array(args->count, sizeof(uint8_t),
> > - GFP_KERNEL | __GFP_NOWARN);
> > - if (!keys)
> > - keys = vmalloc(sizeof(uint8_t) * args->count);
> > + keys = kvmalloc(args->count * sizeof(uint8_t), GFP_KERNEL);
>
> Before doing this conversion, can we add a kvmalloc_array() API? This
> conversion could allow for the reintroduction of integer overflow
> flaws. (This particular situation isn't at risk since ->count is
> checked, but I'd prefer we not create a risky set of examples for
> using kvmalloc.)
Well, I am not opposed to kvmalloc_array but I would argue that this
conversion cannot introduce new overflow issues. The code would have
to be broken already because even though kmalloc_array checks for the
overflow but vmalloc fallback doesn't...
If there is a general interest for this API I can add it.
--
Michal Hocko
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Michal Hocko <mhocko@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>,
David Rientjes <rientjes@google.com>,
Mel Gorman <mgorman@suse.de>,
Johannes Weiner <hannes@cmpxchg.org>,
Al Viro <viro@zeniv.linux.org.uk>, Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Anton Vorontsov <anton@enomsg.org>,
Colin Cross <ccross@android.com>, Tony Luck <tony.luck@intel.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Ben Skeggs <bskeggs@redhat.com>,
Kent Overstreet <kent.overstreet@gmail.com>,
Santosh Raspatur <santosh@chelsio.com>,
Hariprasad S <hariprasad@chelsio.com>,
Tariq Toukan <tariqt@mellanox.com>,
Yishai Hadas <yishaih@mellanox.com>,
Dan Williams <dan.j.williams@intel.com>,
Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
David Sterba <dsterba@suse.com>, "Yan, Zheng" <zyan@redhat.com>,
Ilya Dryomov <idryomov@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Eric Dumazet <eric.dumazet@gmail.com>,
Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH 5/6] treewide: use kv[mz]alloc* rather than opencoded variants
Date: Thu, 12 Jan 2017 18:37:46 +0100 [thread overview]
Message-ID: <20170112173745.GC31509@dhcp22.suse.cz> (raw)
In-Reply-To: <CAGXu5jKhYP=5YNuntzmG64WL92F59VKhByOh9nqaGP7-LBEnng@mail.gmail.com>
On Thu 12-01-17 09:26:09, Kees Cook wrote:
> On Thu, Jan 12, 2017 at 7:37 AM, Michal Hocko <mhocko@kernel.org> wrote:
[...]
> > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> > index 4f74511015b8..e6bbb33d2956 100644
> > --- a/arch/s390/kvm/kvm-s390.c
> > +++ b/arch/s390/kvm/kvm-s390.c
> > @@ -1126,10 +1126,7 @@ static long kvm_s390_get_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
> > if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
> > return -EINVAL;
> >
> > - keys = kmalloc_array(args->count, sizeof(uint8_t),
> > - GFP_KERNEL | __GFP_NOWARN);
> > - if (!keys)
> > - keys = vmalloc(sizeof(uint8_t) * args->count);
> > + keys = kvmalloc(args->count * sizeof(uint8_t), GFP_KERNEL);
>
> Before doing this conversion, can we add a kvmalloc_array() API? This
> conversion could allow for the reintroduction of integer overflow
> flaws. (This particular situation isn't at risk since ->count is
> checked, but I'd prefer we not create a risky set of examples for
> using kvmalloc.)
Well, I am not opposed to kvmalloc_array but I would argue that this
conversion cannot introduce new overflow issues. The code would have
to be broken already because even though kmalloc_array checks for the
overflow but vmalloc fallback doesn't...
If there is a general interest for this API I can add it.
--
Michal Hocko
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-01-12 17:38 UTC|newest]
Thread overview: 129+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-12 15:37 [PATCH 0/6 v3] kvmalloc Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` [PATCH 1/6] mm: introduce kv[mz]alloc helpers Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-16 4:34 ` John Hubbard
2017-01-16 4:34 ` John Hubbard
2017-01-16 8:47 ` Michal Hocko
2017-01-16 8:47 ` Michal Hocko
2017-01-16 19:09 ` John Hubbard
2017-01-16 19:09 ` John Hubbard
2017-01-16 19:40 ` Michal Hocko
2017-01-16 19:40 ` Michal Hocko
2017-01-16 21:15 ` John Hubbard
2017-01-16 21:15 ` John Hubbard
2017-01-16 21:48 ` Michal Hocko
2017-01-16 21:48 ` Michal Hocko
2017-01-16 21:57 ` John Hubbard
2017-01-16 21:57 ` John Hubbard
2017-01-17 7:51 ` Michal Hocko
2017-01-17 7:51 ` Michal Hocko
2017-01-18 5:59 ` John Hubbard
2017-01-18 5:59 ` John Hubbard
2017-01-18 8:21 ` Michal Hocko
2017-01-18 8:21 ` Michal Hocko
2017-01-19 8:37 ` John Hubbard
2017-01-19 8:37 ` John Hubbard
2017-01-19 8:45 ` Michal Hocko
2017-01-19 8:45 ` Michal Hocko
2017-01-19 9:09 ` John Hubbard
2017-01-19 9:09 ` John Hubbard
2017-01-19 9:56 ` Michal Hocko
2017-01-19 9:56 ` Michal Hocko
2017-01-19 21:28 ` John Hubbard
2017-01-19 21:28 ` John Hubbard
2017-01-26 12:09 ` Michal Hocko
2017-01-26 12:09 ` Michal Hocko
2017-01-30 8:42 ` Vlastimil Babka
2017-01-30 8:42 ` Vlastimil Babka
2017-01-12 15:37 ` [PATCH 2/6] mm: support __GFP_REPEAT in kvmalloc_node for >=64kB Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 16:12 ` Michael S. Tsirkin
2017-01-12 16:12 ` Michael S. Tsirkin
2017-01-14 2:42 ` Tetsuo Handa
2017-01-14 2:42 ` Tetsuo Handa
2017-01-14 8:45 ` Michal Hocko
2017-01-14 8:45 ` Michal Hocko
2017-01-24 15:40 ` Michael S. Tsirkin
2017-01-24 15:40 ` Michael S. Tsirkin
2017-01-12 15:37 ` [PATCH 3/6] rhashtable: simplify a strange allocation pattern Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` [PATCH 4/6] ila: " Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` [PATCH 5/6] treewide: use kv[mz]alloc* rather than opencoded variants Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:57 ` David Sterba
2017-01-12 15:57 ` David Sterba
2017-01-12 15:57 ` David Sterba
2017-01-12 16:05 ` Christian Borntraeger
2017-01-12 16:05 ` Christian Borntraeger
2017-01-12 16:05 ` Christian Borntraeger
2017-01-12 16:54 ` Ilya Dryomov
2017-01-12 16:54 ` Ilya Dryomov
2017-01-12 16:54 ` Ilya Dryomov
2017-01-12 17:18 ` Michal Hocko
2017-01-12 17:18 ` Michal Hocko
2017-01-12 17:18 ` Michal Hocko
2017-01-12 17:00 ` Dan Williams
2017-01-12 17:00 ` Dan Williams
2017-01-12 17:00 ` Dan Williams
2017-01-12 17:26 ` Kees Cook
2017-01-12 17:26 ` Kees Cook
2017-01-12 17:26 ` Kees Cook
2017-01-12 17:37 ` Michal Hocko [this message]
2017-01-12 17:37 ` Michal Hocko
2017-01-12 17:37 ` Michal Hocko
2017-01-20 13:41 ` Vlastimil Babka
2017-01-20 13:41 ` Vlastimil Babka
2017-01-20 13:41 ` Vlastimil Babka
2017-01-24 15:00 ` Michal Hocko
2017-01-24 15:00 ` Michal Hocko
2017-01-24 15:00 ` Michal Hocko
2017-01-25 11:15 ` Vlastimil Babka
2017-01-25 11:15 ` Vlastimil Babka
2017-01-25 11:15 ` Vlastimil Babka
2017-01-25 13:09 ` Michal Hocko
2017-01-25 13:09 ` Michal Hocko
2017-01-25 13:09 ` Michal Hocko
2017-01-25 13:40 ` Ilya Dryomov
2017-01-25 13:40 ` Ilya Dryomov
2017-01-25 13:40 ` Ilya Dryomov
2017-01-12 17:29 ` Michal Hocko
2017-01-12 17:29 ` Michal Hocko
2017-01-12 17:29 ` Michal Hocko
2017-01-14 3:01 ` Tetsuo Handa
2017-01-14 3:01 ` Tetsuo Handa
2017-01-14 8:49 ` Michal Hocko
2017-01-14 8:49 ` Michal Hocko
2017-01-12 20:14 ` Boris Ostrovsky
2017-01-12 20:14 ` Boris Ostrovsky
2017-01-12 20:14 ` Boris Ostrovsky
2017-01-13 1:11 ` Dilger, Andreas
2017-01-13 1:11 ` Dilger, Andreas
2017-01-13 1:11 ` Dilger, Andreas
2017-01-14 10:56 ` Leon Romanovsky
2017-01-14 10:56 ` Leon Romanovsky
2017-01-16 7:33 ` Michal Hocko
2017-01-16 7:33 ` Michal Hocko
2017-01-16 7:33 ` Michal Hocko
2017-01-16 8:28 ` Leon Romanovsky
2017-01-16 8:28 ` Leon Romanovsky
2017-01-16 8:18 ` Tariq Toukan
2017-01-16 8:18 ` Tariq Toukan
2017-01-16 8:18 ` Tariq Toukan
2017-01-12 15:37 ` [RFC PATCH 6/6] net: use kvmalloc with __GFP_REPEAT rather than open coded variant Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-24 15:17 ` [PATCH 0/6 v3] kvmalloc Michal Hocko
2017-01-24 15:17 ` Michal Hocko
2017-01-24 16:00 ` Eric Dumazet
2017-01-24 16:00 ` Eric Dumazet
2017-01-25 13:10 ` Michal Hocko
2017-01-25 13:10 ` Michal Hocko
2017-01-24 19:17 ` Alexei Starovoitov
2017-01-24 19:17 ` Alexei Starovoitov
2017-01-25 13:10 ` Michal Hocko
2017-01-25 13:10 ` Michal Hocko
2017-01-25 13:21 ` Michal Hocko
2017-01-25 13:21 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170112173745.GC31509@dhcp22.suse.cz \
--to=mhocko@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=andreas.dilger@intel.com \
--cc=anton@enomsg.org \
--cc=ast@kernel.org \
--cc=boris.ostrovsky@oracle.com \
--cc=bskeggs@redhat.com \
--cc=ccross@android.com \
--cc=dan.j.williams@intel.com \
--cc=dsterba@suse.com \
--cc=eric.dumazet@gmail.com \
--cc=hannes@cmpxchg.org \
--cc=hariprasad@chelsio.com \
--cc=heiko.carstens@de.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=idryomov@gmail.com \
--cc=keescook@chromium.org \
--cc=kent.overstreet@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@suse.de \
--cc=netdev@vger.kernel.org \
--cc=oleg.drokin@intel.com \
--cc=rientjes@google.com \
--cc=rjw@rjwysocki.net \
--cc=santosh@chelsio.com \
--cc=schwidefsky@de.ibm.com \
--cc=tariqt@mellanox.com \
--cc=tony.luck@intel.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=yishaih@mellanox.com \
--cc=zyan@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.