On Thu 18-08-16 10:21:58, Rik van Riel wrote: > On Wed, 2016-08-17 at 15:29 -0700, Kees Cook wrote: > > When an allocator does not mark all allocations as PageSlab, or does > > not > > mark multipage allocations with __GFP_COMP, hardened usercopy cannot > > correctly validate the allocation. SLOB lacks this, so short-circuit > > the checking for the allocators that aren't marked with > > CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR. This also updates the config > > help and corrects a typo in the usercopy comments. > > > > Reported-by: xiaolong...@intel.com > > Signed-off-by: Kees Cook <keesc...@chromium.org> > > There may still be some subsystems that do not > go through kmalloc for multi-page allocations, > and also do not use __GFP_COMP > > I do not know whether there are, but if they exist > those would still trip up the same way SLOB got > tripped up before your patch. > > One big question I have for Linus is, do we want > to allow code that does a higher order allocation, > and then frees part of it in smaller orders, or > individual pages, and keeps using the remainder?
We even have an API for that alloc_pages_exact. I do not think anybody uses that for copying from/to userspace but this pattern is not all that rare. -- Michal Hocko SUSE Labs
