[PATCH 07/13] kexec: Implementation of new syscall kexec_file_load
H. Peter Anvin
hpa at zytor.com
Mon Jun 16 15:49:44 PDT 2014
On 06/16/2014 02:43 PM, Vivek Goyal wrote:
>> Borislav and I talked about this briefly over IRC. A key part of that
>> is that if userspace could manipulate this system call to consume an
>> unreasonable amount of memory, we would have a problem, for example if
>> this code used vzalloc() instead of kzalloc(). However, since
>> kmalloc/kzalloc implies a relatively restrictive limit on the memory
>> allocation size anyway, well short of anything that could cause OOM
>> problems, that pretty much solves the problem.
> Actually currently I am using vzalloc() for command line buffer
> image->cmdline_buf = vzalloc(cmdline_len);
> if (!image->cmdline_buf)
> goto out;
> Should I switch to using kzalloc() instead?
Yes. There is absolutely no valid reason to use vzalloc() for an object
that small, and if someone manipulates the header to allow for a crazily
large command line then you can trick the kernel into allocating
arbitrary amounts of memory.
More information about the kexec