Revision b71dbf1032f546bf3efd60fb5d9d0cefd200a508 authored by Darrick J. Wong on 15 September 2016, 03:20:44 UTC, committed by Linus Torvalds on 15 September 2016, 20:29:52 UTC
Kirill A Shutemov reports that the kernel doesn't try to cap dest_count in any way, and uses the number to allocate kernel memory. This causes high order allocation warnings in the kernel log if someone passes in a big enough value. We should clamp the allocation at PAGE_SIZE to avoid stressing the VM. The two existing users of the dedupe ioctl never send more than 120 requests, so we can safely clamp dest_range at PAGE_SIZE, because with 4k pages we can handle up to 127 dedupe candidates. Given the max extent length of 16MB, we can end up doing 2GB of IO which is plenty. [ Note: the "offsetof()" can't overflow, because 'count' is just a 16-bit integer. That's not obvious in the limited context of the patch, so I'm noting it here because it made me go look. - Linus ] Reported-by: "Kirill A. Shutemov" <kirill@shutemov.name> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 5297e0f
File | Mode | Size |
---|---|---|
3com | ||
acenic | ||
adaptec | ||
advansys | ||
av7110 | ||
bnx2 | ||
bnx2x | ||
cis | ||
cpia2 | ||
cxgb3 | ||
dsp56k | ||
e100 | ||
edgeport | ||
emi26 | ||
emi62 | ||
ess | ||
kaweth | ||
keyspan | ||
keyspan_pda | ||
korg | ||
matrox | ||
myricom | ||
ositech | ||
qlogic | ||
r128 | ||
radeon | ||
sb16 | ||
sun | ||
tehuti | ||
tigon | ||
ttusb-budget | ||
vicam | ||
yam | ||
yamaha | ||
.gitignore | -rw-r--r-- | 39 bytes |
Makefile | -rw-r--r-- | 10.9 KB |
README.AddingFirmware | -rw-r--r-- | 1.7 KB |
WHENCE | -rw-r--r-- | 26.3 KB |
atmsar11.HEX | -rw-r--r-- | 18.7 KB |
ihex2fw.c | -rw-r--r-- | 6.6 KB |
mts_cdma.fw.ihex | -rw-r--r-- | 37.2 KB |
mts_edge.fw.ihex | -rw-r--r-- | 37.8 KB |
mts_gsm.fw.ihex | -rw-r--r-- | 37.2 KB |
ti_3410.fw.ihex | -rw-r--r-- | 37.0 KB |
ti_5052.fw.ihex | -rw-r--r-- | 37.0 KB |
whiteheat.HEX | -rw-r--r-- | 43.9 KB |
whiteheat_loader.HEX | -rw-r--r-- | 11.8 KB |
whiteheat_loader_debug.HEX | -rw-r--r-- | 17.2 KB |
Computing file changes ...