From: Christoph Hellwig <hch@lst.de>
To: Kees Cook <keescook@chromium.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Christoph Hellwig <hch@lst.de>,
Nathan Chancellor <natechancellor@gmail.com>,
Arnd Bergmann <arnd@arndb.de>, Tejun Heo <tj@kernel.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Shuah Khan <shuah@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kselftest@vger.kernel.org,
clang-built-linux@googlegroups.com,
Michal Hocko <mhocko@suse.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Lee Duncan <lduncan@suse.com>, Chris Leech <cleech@redhat.com>,
Adam Nichols <adam@grimm-co.com>,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH v4 3/3] sysfs: Unconditionally use vmalloc for buffer
Date: Fri, 2 Apr 2021 08:32:21 +0200 [thread overview]
Message-ID: <20210402063221.GA5260@lst.de> (raw)
In-Reply-To: <20210401221320.2717732-4-keescook@chromium.org>
On Thu, Apr 01, 2021 at 03:13:20PM -0700, Kees Cook wrote:
> The sysfs interface to seq_file continues to be rather fragile
> (seq_get_buf() should not be used outside of seq_file), as seen with
> some recent exploits[1]. Move the seq_file buffer to the vmap area
> (while retaining the accounting flag), since it has guard pages that will
> catch and stop linear overflows. This seems justified given that sysfs's
> use of seq_file almost always already uses PAGE_SIZE allocations, has
> normally short-lived allocations, and is not normally on a performance
> critical path.
This looks completely weird to me. In the end sysfs uses nothing
of the seq_file infrastructure, so why do we even pretend to use it?
Just switch sysfs_file_kfops_ro and sysfs_file_kfops_rw from using
->seq_show to ->read and do the vmalloc there instead of pretending
this is a seq_file.
> Once seq_get_buf() has been removed (and all sysfs callbacks using
> seq_file directly), this change can also be removed.
And with sysfs out of the way I think kiling off the other few users
should be pretty easy as well.
next prev parent reply other threads:[~2021-04-02 6:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-01 22:13 [PATCH v4 0/3] sysfs: Unconditionally use vmalloc for buffer Kees Cook
2021-04-01 22:13 ` [PATCH v4 1/3] lkdtm/heap: Add vmalloc linear overflow test Kees Cook
2021-04-01 22:13 ` [PATCH v4 2/3] seq_file: Fix clang warning for NULL pointer arithmetic Kees Cook
2021-04-01 22:13 ` [PATCH v4 3/3] sysfs: Unconditionally use vmalloc for buffer Kees Cook
2021-04-02 6:32 ` Christoph Hellwig [this message]
2021-04-02 21:23 ` Kees Cook
2021-04-05 14:05 ` [sysfs] 5f65c1f63b: WARNING:at_fs/sysfs/file.c:#sysfs_kf_seq_start kernel test robot
2021-04-05 14:05 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210402063221.GA5260@lst.de \
--to=hch@lst.de \
--cc=adam@grimm-co.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=clang-built-linux@googlegroups.com \
--cc=cleech@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=lduncan@suse.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mhocko@suse.com \
--cc=natechancellor@gmail.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=rafael@kernel.org \
--cc=shuah@kernel.org \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=wangkefeng.wang@huawei.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.