From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751701AbbCKCXP (ORCPT ); Tue, 10 Mar 2015 22:23:15 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54060 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751024AbbCKCXO (ORCPT ); Tue, 10 Mar 2015 22:23:14 -0400 Date: Wed, 11 Mar 2015 10:23:10 +0800 From: Fam Zheng To: Dan Rosenberg Cc: linux-kernel@vger.kernel.org, famz@redhat.com Subject: Re: [PATCH v4 4/9] epoll: Add implementation for epoll_ctl_batch Message-ID: <20150311022310.GB1437@ad.nay.redhat.com> References: <1425952155-27603-1-git-send-email-famz@redhat.com> <1425952155-27603-5-git-send-email-famz@redhat.com> <54FEF8C7.7050906@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <54FEF8C7.7050906@gmail.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 03/10 09:59, Dan Rosenberg wrote: > On 03/09/2015 09:49 PM, Fam Zheng wrote: > > + if (!cmds || ncmds <= 0 || ncmds > EP_MAX_BATCH) > > + return -EINVAL; > > + cmd_size = sizeof(struct epoll_ctl_cmd) * ncmds; > > + /* TODO: optimize for small arguments like select/poll with a stack > > + * allocated buffer */ > > + > > + kcmds = kmalloc(cmd_size, GFP_KERNEL); > > + if (!kcmds) > > + return -ENOMEM; > You probably want to define EP_MAX_BATCH as some sane value much less > than INT_MAX/(sizeof(struct epoll_ctl_cmd)). While this avoids the > integer overflow from before, any user can cause the kernel to kmalloc > up to INT_MAX bytes. Probably not a huge deal because it's freed at the > end of the syscall, but generally not a great idea. > Yeah, makes sense, any suggested value? Thanks, Fam