Re: WARNING: CPU: 1 PID: 52 at mm/page_alloc.c:4826 __alloc_pages_nodemask (Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler)

2020-06-08 Thread sdf
On 06/08, Alexei Starovoitov wrote: On Mon, Jun 8, 2020 at 6:05 AM Christoph Hellwig wrote: > > On Mon, Jun 08, 2020 at 09:45:49AM +0200, Vegard Nossum wrote: > > Just a test case. > > > > Allowing the kernel to allocate an unbounded amount of memory on behalf > > of userspace is an easy

Re: WARNING: CPU: 1 PID: 52 at mm/page_alloc.c:4826 __alloc_pages_nodemask (Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler)

2020-06-08 Thread Alexei Starovoitov
On Mon, Jun 8, 2020 at 6:05 AM Christoph Hellwig wrote: > > On Mon, Jun 08, 2020 at 09:45:49AM +0200, Vegard Nossum wrote: > > Just a test case. > > > > Allowing the kernel to allocate an unbounded amount of memory on behalf > > of userspace is an easy DOS. > > > > All the length checks were

Re: WARNING: CPU: 1 PID: 52 at mm/page_alloc.c:4826 __alloc_pages_nodemask (Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler)

2020-06-08 Thread Christoph Hellwig
On Mon, Jun 08, 2020 at 09:45:49AM +0200, Vegard Nossum wrote: > Just a test case. > > Allowing the kernel to allocate an unbounded amount of memory on behalf > of userspace is an easy DOS. > > All the length checks were already in there, e.g. > > static int cmm_timeout_handler(struct ctl_table

Re: WARNING: CPU: 1 PID: 52 at mm/page_alloc.c:4826 __alloc_pages_nodemask (Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler)

2020-06-08 Thread Vegard Nossum
On 2020-06-08 08:51, Christoph Hellwig wrote: On Thu, Jun 04, 2020 at 10:22:21PM +0200, Vegard Nossum wrote: It's easy to reproduce by just doing read(open("/proc/sys/vm/swappiness", O_RDONLY), 0, 512UL * 1024 * 1024 * 1024); or so. Reverting the commit fixes the issue for me. Yes,

Re: WARNING: CPU: 1 PID: 52 at mm/page_alloc.c:4826 __alloc_pages_nodemask (Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler)

2020-06-08 Thread Christoph Hellwig
On Thu, Jun 04, 2020 at 10:22:21PM +0200, Vegard Nossum wrote: > It's easy to reproduce by just doing > > read(open("/proc/sys/vm/swappiness", O_RDONLY), 0, 512UL * 1024 * 1024 > * 1024); > > or so. Reverting the commit fixes the issue for me. Yes, doing giant allocations will fail and

WARNING: CPU: 1 PID: 52 at mm/page_alloc.c:4826 __alloc_pages_nodemask (Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler)

2020-06-04 Thread Vegard Nossum
(Trimmed original Ccs due to outgoing email policy.) Hi, On 2020-04-24 08:43, Christoph Hellwig wrote: Instead of having all the sysctl handlers deal with user pointers, which is rather hairy in terms of the BPF interaction, copy the input to and from userspace in common code. This also

Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler

2020-05-04 Thread Christoph Hellwig
On Mon, May 04, 2020 at 12:01:11PM -0700, Kees Cook wrote: > > if (error) > > - goto out; > > + goto out_free_buf; > > > > /* careful: calling conventions are nasty here */ > > Is this comment still valid after doing these cleanups? The comment is pretty old so I

Re: [PATCH 5/5] sysctl: pass kernel pointers to ->proc_handler

2020-05-04 Thread Kees Cook
On Fri, Apr 24, 2020 at 08:43:38AM +0200, Christoph Hellwig wrote: > Instead of having all the sysctl handlers deal with user pointers, which > is rather hairy in terms of the BPF interaction, copy the input to and > from userspace in common code. This also means that the strings are > always