From: Cyrill Gorcunov <gorcunov@gmail.com>
To: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: "Michał Mirosław" <emmir@google.com>,
"Andrei Vagin" <avagin@gmail.com>,
"Danylo Mocherniuk" <mdanylo@google.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Suren Baghdasaryan" <surenb@google.com>,
"Greg KH" <gregkh@linuxfoundation.org>,
"Christian Brauner" <brauner@kernel.org>,
"Peter Xu" <peterx@redhat.com>, "Yang Shi" <shy828301@gmail.com>,
"Vlastimil Babka" <vbabka@suse.cz>,
"Zach O'Keefe" <zokeefe@google.com>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
"Dan Williams" <dan.j.williams@intel.com>,
kernel@collabora.com,
"Gabriel Krisman Bertazi" <krisman@collabora.com>,
"David Hildenbrand" <david@redhat.com>,
"Peter Enderborg" <peter.enderborg@sony.com>,
"open list : KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>,
"Shuah Khan" <shuah@kernel.org>,
"open list" <linux-kernel@vger.kernel.org>,
"open list : PROC FILESYSTEM" <linux-fsdevel@vger.kernel.org>,
"open list : MEMORY MANAGEMENT" <linux-mm@kvack.org>,
"Paul Gofman" <pgofman@codeweavers.com>
Subject: Re: [PATCH v6 2/3] fs/proc/task_mmu: Implement IOCTL to get and/or the clear info about PTEs
Date: Mon, 12 Dec 2022 23:42:16 +0300 [thread overview]
Message-ID: <Y5eSKBJ9hTtw9cbK@grain> (raw)
In-Reply-To: <20221109102303.851281-3-usama.anjum@collabora.com>
On Wed, Nov 09, 2022 at 03:23:02PM +0500, Muhammad Usama Anjum wrote:
...
> +
> +static long do_pagemap_sd_cmd(struct mm_struct *mm, struct pagemap_scan_arg *arg)
> +{
> + struct mmu_notifier_range range;
> + unsigned long __user start, end;
> + struct pagemap_scan_private p;
> + int ret;
> +
> + start = (unsigned long)untagged_addr(arg->start);
> + if ((!IS_ALIGNED(start, PAGE_SIZE)) || (!access_ok((void __user *)start, arg->len)))
> + return -EINVAL;
> +
> + if (IS_GET_OP(arg) &&
> + ((arg->vec_len == 0) || (!access_ok((struct page_region *)arg->vec, arg->vec_len))))
> + return -ENOMEM;
> +
> + if (IS_SD_OP(arg) && ((arg->required_mask & PAGEMAP_NONSD_OP_MASK) ||
> + (arg->anyof_mask & PAGEMAP_NONSD_OP_MASK)))
> + return -EINVAL;
> +
> + end = start + arg->len;
> + p.max_pages = arg->max_pages;
> + p.found_pages = 0;
> + p.flags = arg->flags;
> + p.required_mask = arg->required_mask;
> + p.anyof_mask = arg->anyof_mask;
> + p.excluded_mask = arg->excluded_mask;
> + p.return_mask = arg->return_mask;
> + p.vec_index = 0;
> + p.vec_len = arg->vec_len;
> +
> + if (IS_GET_OP(arg)) {
> + p.vec = vzalloc(arg->vec_len * sizeof(struct page_region));
> + if (!p.vec)
> + return -ENOMEM;
> + } else {
> + p.vec = NULL;
> + }
Hi Muhammad! I'm really sorry for diving in such late (unfortunatelly too busy to
step in yet). Anyway, while in general such interface looks reasonable here are
few moments which really bothers me: as far as I undertstand you don't need
vzalloc here, plain vmalloc should works as well since you copy only filled
results back to userspace. Next -- there is no restriction on vec_len parameter,
is not here a door for DoS from userspace? Say I could start a number of ioctl
on same pagemap and try to allocate very big amount of vec_len in summay causing
big pressure on kernel's memory. Or I miss something obvious here?
next prev parent reply other threads:[~2022-12-12 20:42 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-09 10:23 [PATCH v6 0/3] Implement IOCTL to get and/or the clear info about PTEs Muhammad Usama Anjum
2022-11-09 10:23 ` [PATCH v6 1/3] fs/proc/task_mmu: update functions to clear the soft-dirty PTE bit Muhammad Usama Anjum
2022-11-09 10:23 ` [PATCH v6 2/3] fs/proc/task_mmu: Implement IOCTL to get and/or the clear info about PTEs Muhammad Usama Anjum
2022-11-09 23:54 ` Andrei Vagin
2022-11-11 10:10 ` Muhammad Usama Anjum
[not found] ` <202211120107.cYLiq2cH-lkp@intel.com>
2022-11-11 17:53 ` Muhammad Usama Anjum
2022-12-12 20:42 ` Cyrill Gorcunov [this message]
2022-12-13 13:04 ` Muhammad Usama Anjum
2022-12-13 22:22 ` Cyrill Gorcunov
2022-11-09 10:23 ` [PATCH v6 3/3] selftests: vm: add pagemap ioctl tests Muhammad Usama Anjum
2022-11-09 10:34 ` [PATCH v6 0/3] Implement IOCTL to get and/or the clear info about PTEs David Hildenbrand
2022-11-11 7:08 ` Muhammad Usama Anjum
2022-11-14 15:46 ` David Hildenbrand
2022-11-21 15:00 ` Muhammad Usama Anjum
2022-11-21 15:55 ` David Hildenbrand
2022-11-30 11:42 ` Muhammad Usama Anjum
2022-11-30 12:10 ` David Hildenbrand
2022-12-05 15:29 ` Muhammad Usama Anjum
2022-12-05 15:39 ` David Hildenbrand
2022-11-23 14:11 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y5eSKBJ9hTtw9cbK@grain \
--to=gorcunov@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=avagin@gmail.com \
--cc=brauner@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=david@redhat.com \
--cc=emmir@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=gustavoars@kernel.org \
--cc=kernel@collabora.com \
--cc=krisman@collabora.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mdanylo@google.com \
--cc=peter.enderborg@sony.com \
--cc=peterx@redhat.com \
--cc=pgofman@codeweavers.com \
--cc=shuah@kernel.org \
--cc=shy828301@gmail.com \
--cc=surenb@google.com \
--cc=usama.anjum@collabora.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=zokeefe@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).