From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67671C433DB for ; Wed, 27 Jan 2021 23:27:13 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id D526D64DD1 for ; Wed, 27 Jan 2021 23:27:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D526D64DD1 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 4B20F6B0005; Wed, 27 Jan 2021 18:27:10 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4634A6B006C; Wed, 27 Jan 2021 18:27:10 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 351AD6B006E; Wed, 27 Jan 2021 18:27:10 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0076.hostedemail.com [216.40.44.76]) by kanga.kvack.org (Postfix) with ESMTP id 19C2C6B0005 for ; Wed, 27 Jan 2021 18:27:10 -0500 (EST) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id D86A6180AD80F for ; Wed, 27 Jan 2021 23:27:09 +0000 (UTC) X-FDA: 77753142978.22.fifth97_5c023a62759b Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin22.hostedemail.com (Postfix) with ESMTP id B02481803AA81 for ; Wed, 27 Jan 2021 23:27:09 +0000 (UTC) X-HE-Tag: fifth97_5c023a62759b X-Filterd-Recvd-Size: 7848 Received: from sonic314-27.consmr.mail.ne1.yahoo.com (sonic314-27.consmr.mail.ne1.yahoo.com [66.163.189.153]) by imf46.hostedemail.com (Postfix) with ESMTP for ; Wed, 27 Jan 2021 23:27:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1611790028; bh=GcHDJ868cObbyuzRYzZLg5U1FXZxeOHN+k1eA5WCv/Y=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject:Reply-To; b=JFJkU1NQxLZfoxO42EJzYncP1C1PnqZ3OY4vHDktgj6WZHMEkyx5B2VbQ/gXlSHJPbo1PWNx5I2ERQl5H3KyagTFfjOnRTOmdyU9gd0FrVX6CARRMbozligSKDbZoe6Ssfo/Z+wWCp4wBXRRKjjwXuGVzQkZPXvTFLS19gdR/QRzq5jVR2221bq8FrxD2HOqHrjWVGCfSSYnE5/j8IHfDcKlR0inck9VspaElb/kk07wK3Kmqz3AMJK9nJIAYZOM6Eeb5BNl7xAOnSUoOEG9DLgiPRzaxy2siPUaMj1LJczHGVlo2g2Ztgsyy42OLJXXVK8FZ8MBejLty3ZvdOG6ig== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1611790028; bh=b894sq0urTPwVSvMm6CH5u1diJgxD2UOu5kR9wGtD44=; h=Subject:To:From:Date:From:Subject:Reply-To; b=ligO5vA6ibQQQQQdg8J2N9JfQ8i1tPuV6HW7d87i7i4uu/krnc783frcot8j+tsWVPL/VtT/GKXGR3kABYIjg+xWaBuTh88CWJYak/H/bORZCBj7KRNhka2A20iGPIfbFs4ZAhVe3l2h0YhNyqSYSOtUH2eTzB8y0W+hSpby4vPK4DyKZZgzr/BUPanRCp5zpTeZil2GVE/VY8QBUTZNcYilaQaJLx+TOG3YEX55tHe0ihBWZfHyce3BVNMZtmnO28iZQKejsG2W95MuM147e6TIdvkhpWYomIwIUo9MKVOFjQD2TyLvwk7IxD0ejwH1Vaj36MAZtbIpAUd2xPRdWw== X-YMail-OSG: DLOzikYVM1kMoAKuO8H6wKxi_LydEJN7E8jkY74ngPUkSq.WgXBRgB_Xegwt3Vs xV77kEQ379OQKe_w0dR0o3o.6fG9.2G7RDFMHJV7z6FbLm1a9QwlPBKQNJXymbpzR0qc6RWd1JGE tD1YFuayHFo7.mzW_.cFIklmrFkGO4LG1K9sjvlN5yC1PF_PCJotbdFrSFiTTDZuIumgfOCexC9D z.7.yJvHzK0oxBYvZXy.coIydV4BBbHiOe3JwWCUBbghcTLhSI4A7wOGj1sdh237n4L7c4O95Fld 4_XmvcembZhYJkVLblbM4pQfftGceXEt4LBL9CjBxpkwx56DSfIgkT5NFbcDiJ3.sEUzLgI419P5 OZ17UOruJhWtsm.mFT16RbnufmlIkPovO8IjnARc.uD4k3egbqF9oIKKA3tI59fUwEdH9p5IuMnc o5_InUtdHFmYt9ohmDdD2sekxSULnhWIFzy5FwGX3.DibXY4h2m.q5_yowpTFkMMFEd2kO3pyfWp m6M7syFURU6IZxeO.sKvM5jcphBTS6AtC1UHcamkBlzlv8zg8J6ilbq.FWPpfA4CFdI9LhKhKYKx wCawdB0QVH6sBM.5eIqduOT7zGBKTOSEpOstWxZxDNiRQKOvS86GIVirp5Qhi_x549AfxShqYlpf GEMitcg3NtS4L7tvVCsKdMJcD40M8B1QM1l8bfGnfFz9TzZgD6qPaJdYN0trh5pbGdwnVCo7VfBu StHUXo2JR6yYxjAoUbhGQxcvkrPXeBV82p_mPbWYc8DJSKhn2MN..hg6NKwaZn7PCCubdUNRiYng 0R1Y0H1t0s5q7TckxnXFNjUTf57VgW8e.QVAbEYKqiwZOdOW49bJ3fybwi911cBtgYu65DE531KF mXdbFmi.zBPK.JTWmZsqBXJDOwEdxhU_Ft_HSLYeJAQcD6UUTFE8peHVv.etUjmIcQ5zs9AdivZZ MKQL60QxQxPyratTMPun0TfWbfD2XICscaViKOkUHcY6bhdJGwBw.JlZlWmNUO2J6D5WHh25VUxK nj.HCRZgldtlwQQv8YsH.roXfAzQpDQuXmIFC1HBxVCs7HEZ_KZewtP8br4J1Qw2l7Fq.k6kKYBi XKpv3NFXqsXip6MlF8k5KLlniQ5ATnT4fggvmqk6RnfnYzcg1OSbRPX53_5K5ctJnRrEHjiahNQk OL06IP0oYFf093WUV0brz17c.YLLkYRAwAQEAs0gsNdxntZUAf5B9VBOH.Rc.R9M7enVqpmmnmjw S1D4QmBJ2avvNpn_BNBjSMd7INYz0VEeglsbJeVb_F21XvGgh2QpJD_BVNsv6L2vM.b0Z1EQHcwX NPI5.5eEdFQyS2iZX5wQK1B4mTHpAcObx8aKEBWLYCMWNW_nEmbM7QxPC3GUWdYmesGzghSy.YEl nzByTgDOPSDKtKNa2US6DdNPNpYERQHm2CEM_Aevha9FuBb5GJ4mHqA5JTVbzymcDOKOZYYL29oD EsAwqv6RLbt.FBRSpUWWVCcZNSwCzqVaeXljx4ZU77uibWcrYPQrOZfFGd7qmIWLSvWT4l2zaeBk SEgU07vReLIPgWR7eQ3c5TrVxI2dSMjMTjNmwJs6Ur02ikya6ls5hlugyx1qmwlsyisPIGMoFev_ WoYGYT6l0VyEEv8zC6__J2bTp2uDGDWhxcyp_ZNQ2Mnz6dxRCSNy.bykQyF6fJzIp4ZkHYHBmT5Y XVVRp6czZ5YaS8o1g2Na0u.e6Hgit7jlS6OpllkJaJzFRfsBmktCDLGKmR5zKu3EdjaERI4XdCmZ 1ns2gvXli6KvF31tpKQvZaKMQh4cypXX1V_8xxo2a0JyPhN8oEbspMyAMk6JfXrGFzFQn3RiNCJq eqnQMv.6DKKJnIIcY_vVUIoPJWHhNIgxUZ9Q2.fRpkkqq9X6ZQt9N3iXA1R7HBZ8ZItp4zlN2vXs 0vKA_fzoG8hg.0EmoRVzFUG3ycPIT6wFMXz5KzP3pifCjWa9P6Qqod9Zboa3Uhja0G7EFq2KYTT4 YnORWYnR_ENXbeEj9p4imf94XLxZ6s9sB2veM_G9068d6sKiO0rO4i.GL0k3HCJ2Tje.gVi2GFbg Wr5s4NrGKu8ZAaXkshhzeeB_VgolzlKD7r_Au8.lyOqNPrgjXPquR7MCXoHK8KC848IPWYgbRK3Y lkFNqPzQIl1vsmMcdJDZi.T7Ay5BTPbKzfnQbXOKTFjxfNBgm5c9HF5oV9eCcW8c6xBP9ekw53se E4vGvkiDvjGyEJ36HU1P4QPz6dUOXkt6eQ_IdMm0q26ajS7YS79J.gtlqr2FYdd39l6.0N9fdjYM G0bEoMcHOKi7QAytDYiQc9Zr0hRQ2Ms3kOpVD5pnN9fSEQZ7PJUf4P8SvPaEOVHwN3KPXyUAyOvX xj4Jtqt_zTwQX4_y7ouxUAIr7iWfALNGuYZBs53_kLqy2rDsHoNAluLm4bwNZnrD70eDgWghZMa0 k.LAcKPIYDIwh1GnZs.PKRyUQwbmHA1IOd5.rHkInlI3zYsetFX.hhx1DLQrTApnie.Wc1D2NOaI t29_BdRhsg9C..Tu1DdxQyX6phI7vOQ_QDofSd1ktqHsNCI2gT1PCSgiL_ZaTbZZTHXpKaWgp9V9 Z1fc7dkuYXSZVu0sg3Rdpp02ctJjdnd7GTK3u2TCwFAtthNMw9zvqKBZJ3j0q48.7umIjp0vtNH2 TulHy0TxC9MliyhXzdnMC4D.i8h4unR17IMRk5.2w_yheZlmm1s6IV1FBdMT1GiQYHR3kT1CM4sB Pu2j4KE5tKot.Je68osrvdw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Wed, 27 Jan 2021 23:27:08 +0000 Received: by smtp414.mail.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID fe89f46fe07d34f6cf84d0ecf0255bca; Wed, 27 Jan 2021 23:27:04 +0000 (UTC) Subject: Re: [PATCH v3] mm: memdup_user*() should use same gfp flags To: Andrew Morton , Tetsuo Handa Cc: Michal Hocko , linux-mm@kvack.org, Sabyrzhan Tasbolatov , Casey Schaufler References: <20210126111315.858994-1-snovitoll@gmail.com> <20210127105538.4919-1-penguin-kernel@I-love.SAKURA.ne.jp> <3e01b180-0a5b-f2aa-6247-1c3bbcabe1ed@i-love.sakura.ne.jp> <20210127151940.a9fbbafb890fc769da1525ea@linux-foundation.org> From: Casey Schaufler Message-ID: <847543f8-491c-f5a5-39b6-561fefbc1219@schaufler-ca.com> Date: Wed, 27 Jan 2021 15:27:01 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <20210127151940.a9fbbafb890fc769da1525ea@linux-foundation.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US X-Mailer: WebService/1.1.17648 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Apache-HttpAsyncClient/4.1.4 (Java/11.0.8) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 1/27/2021 3:19 PM, Andrew Morton wrote: > On Wed, 27 Jan 2021 23:03:33 +0900 Tetsuo Handa wrote: > >> On 2021/01/27 21:17, Michal Hocko wrote: >>> On Wed 27-01-21 12:59:28, Michal Hocko wrote: >>>> On Wed 27-01-21 19:55:38, Tetsuo Handa wrote: >>>>> syzbot is reporting that memdup_user_nul() which receives user-controlled >>>>> size (which can be up to (INT_MAX & PAGE_MASK)) via vfs_write() will hit >>>>> order >= MAX_ORDER path [1]. >>>>> >>>>> Making costly allocations (order > PAGE_ALLOC_COSTLY_ORDER) naturally fail >>>>> should be better than trying to enforce PAGE_SIZE upper limit, for some of >>>>> callers accept space-delimited list arguments. >>>>> >>>>> Therefore, let's add __GFP_NOWARN to memdup_user_nul() as with >>>>> commit 6c8fcc096be9d02f ("mm: don't let userspace spam allocations >>>>> warnings"). Also use GFP_USER as with other userspace-controllable >>>>> allocations like memdup_user(). >>>> I absolutely detest hiding this behind __GFP_NOWARN. There should be no >>>> reason to even try hard for memdup_user_nul. Can you explain why this >>> this should have been "try hard to get a physicaly contiguous memory for memdup_user_nul" >>> >>>> cannot use kvmalloc instead? >> There is no point with allowing userspace to allocate 2GB of physically non-contiguous >> memory using kvmalloc(). Size is controlled by userspace, and memdup_user_nul() is used >> for allocating temporary memory which will be released before returning to userspace. >> >> Sane userspace processes should allocate only one or a few pages using memdup_user_nul(). >> Just making insane user processes (like fuzzer) fail memory allocation requests is a >> reasonable decision. > (cc Casey) > > I'd say that the immediate problem is in smk_write_syslog(). Obviously > it was implemented expecting small writes, but the fuzzer is passing it a > huge write and things fall apart. Yes, Smack should be checking that. Patch is in the works. I hates fuzzers.