[PATCH 07/13] kexec: Implementation of new syscall kexec_file_load

H. Peter Anvin hpa at zytor.com
Mon Jun 16 15:49:44 PDT 2014


On 06/16/2014 02:43 PM, Vivek Goyal wrote:
>>
>> Borislav and I talked about this briefly over IRC.  A key part of that
>> is that if userspace could manipulate this system call to consume an
>> unreasonable amount of memory, we would have a problem, for example if
>> this code used vzalloc() instead of kzalloc().  However, since
>> kmalloc/kzalloc implies a relatively restrictive limit on the memory
>> allocation size anyway, well short of anything that could cause OOM
>> problems, that pretty much solves the problem.
> 
> Actually currently I am using vzalloc() for command line buffer
> allocation.
> 
> 	image->cmdline_buf = vzalloc(cmdline_len);
> 	if (!image->cmdline_buf)
> 		goto out;
> 
> Should I switch to using kzalloc() instead?
> 

Yes.  There is absolutely no valid reason to use vzalloc() for an object
that small, and if someone manipulates the header to allow for a crazily
large command line then you can trick the kernel into allocating
arbitrary amounts of memory.

	-hpa





More information about the kexec mailing list