On Fri, Jan 29, 2016 at 11:24 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > These two functions are called in sendmsg path, and the > 'len' is passed from user-space, so we should not allow > malicious users to OOM kernel on purpose. > > Reported-by: Dmitry Vyukov <dvyu...@google.com> > Cc: Lauro Ramos Venancio <lauro.venan...@openbossa.org> > Cc: Aloisio Almeida Jr <aloisio.alme...@openbossa.org> > Cc: Samuel Ortiz <sa...@linux.intel.com> > Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com>
Ping... David, this patch seems still not applied, I guess you expect NFC maintainer to take it, but this doesn't happen. Could you take it? (I can resend it if you need.) Thanks! > --- > net/nfc/llcp_commands.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c > index 3621a90..3425532 100644 > --- a/net/nfc/llcp_commands.c > +++ b/net/nfc/llcp_commands.c > @@ -663,7 +663,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, > return -ENOBUFS; > } > > - msg_data = kzalloc(len, GFP_KERNEL); > + msg_data = kmalloc(len, GFP_USER | __GFP_NOWARN); > if (msg_data == NULL) > return -ENOMEM; > > @@ -729,7 +729,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 > ssap, u8 dsap, > if (local == NULL) > return -ENODEV; > > - msg_data = kzalloc(len, GFP_KERNEL); > + msg_data = kmalloc(len, GFP_USER | __GFP_NOWARN); > if (msg_data == NULL) > return -ENOMEM; > > -- > 1.8.3.1 >
