On 06/16/2014 02:43 PM, Vivek Goyal wrote:
>>
>> Borislav and I talked about this briefly over IRC. A key part of that
>> is that if userspace could manipulate this system call to consume an
>> unreasonable amount of memory, we would have a problem, for example if
>> this code used vzalloc() instead of kzalloc(). However, since
>> kmalloc/kzalloc implies a relatively restrictive limit on the memory
>> allocation size anyway, well short of anything that could cause OOM
>> problems, that pretty much solves the problem.
>
> Actually currently I am using vzalloc() for command line buffer
> allocation.
>
> image->cmdline_buf = vzalloc(cmdline_len);
> if (!image->cmdline_buf)
> goto out;
>
> Should I switch to using kzalloc() instead?
>
Yes. There is absolutely no valid reason to use vzalloc() for an object
that small, and if someone manipulates the header to allow for a crazily
large command line then you can trick the kernel into allocating
arbitrary amounts of memory.
-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
