From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752007AbcBEHGf (ORCPT <rfc822;w@1wt.eu>);
	Fri, 5 Feb 2016 02:06:35 -0500
Received: from mail-wm0-f53.google.com ([74.125.82.53]:34435 "EHLO
	mail-wm0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750750AbcBEHGd (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 5 Feb 2016 02:06:33 -0500
MIME-Version: 1.0
In-Reply-To: <alpine.DEB.2.10.1602041409020.29117@chino.kir.corp.google.com>
References: <56B38F3F.40706@hurleysoftware.com> <1454610480-87854-1-git-send-email-dvyukov@google.com>
 <alpine.DEB.2.10.1602041409020.29117@chino.kir.corp.google.com>
From: Dmitry Vyukov <dvyukov@google.com>
Date: Fri, 5 Feb 2016 08:06:12 +0100
Message-ID: <CACT4Y+Zj29ZmsUZCR7FhkxMz_kdV51qhp3SwJ31Sj40y=A7W0w@mail.gmail.com>
Subject: Re: [PATCH] tty: use __GFP_NOWARN for user-controlled kmalloc
To: David Rientjes <rientjes@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Jiri Slaby <jslaby@suse.com>, Peter Hurley <peter@hurleysoftware.com>,
        One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller <syzkaller@googlegroups.com>,
        Kostya Serebryany <kcc@google.com>,
        Alexander Potapenko <glider@google.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Feb 4, 2016 at 11:11 PM, David Rientjes <rientjes@google.com> wrote:
> On Thu, 4 Feb 2016, Dmitry Vyukov wrote:
>
>> Size of kmalloc() in vc_do_resize() is controlled by user.
>> Too large kmalloc() size triggers WARNING message on console.
>>
>> Use __GFP_NOWARN for this kmalloc() to not scare admins.
>>
>
> Hmm, this is hitting the WARN_ON_ONCE(!(gfp_mask & __GFP_NOWARN)) for
> order >= MAX_ORDER.
>
> vc_do_resize() has
>
>         if (cols > VC_RESIZE_MAXCOL || lines > VC_RESIZE_MAXROW)
>                 return -EINVAL;
>
> so the appropriate fix would seem to be to reject sizes that would exceed
> the page allocator's ability to return contiguous memory (MAX_ORDER)
> rather than ever trying the allocation in the first place.

Hi David,

Please see Alan response to original report here:
https://groups.google.com/d/msg/syzkaller/ufjvr5j0URo/lTlpYP0DBQAJ
I can't say that I fully understand it.