On Tue, Dec 12, 2017 at 10:22 PM, Eric Biggers wrote:
> On Mon, Dec 04, 2017 at 12:26:32PM +0300, Dan Carpenter wrote:
>> On Mon, Dec 04, 2017 at 09:18:05AM +0100, Dmitry Vyukov wrote:
>> > On Mon, Dec 4, 2017 at 9:14 AM, Dan Carpenter
>> > wrote:
>> > > On Sun, Dec 03, 2017 at 12:16:08PM -0800,
On Mon, Dec 04, 2017 at 12:26:32PM +0300, Dan Carpenter wrote:
> On Mon, Dec 04, 2017 at 09:18:05AM +0100, Dmitry Vyukov wrote:
> > On Mon, Dec 4, 2017 at 9:14 AM, Dan Carpenter
> > wrote:
> > > On Sun, Dec 03, 2017 at 12:16:08PM -0800, Eric Biggers wrote:
> > >> Looks like BLKTRACESETUP doesn't
On Mon, Dec 4, 2017 at 10:26 AM, Dan Carpenter wrote:
> On Mon, Dec 04, 2017 at 09:18:05AM +0100, Dmitry Vyukov wrote:
>> On Mon, Dec 4, 2017 at 9:14 AM, Dan Carpenter
>> wrote:
>> > On Sun, Dec 03, 2017 at 12:16:08PM -0800, Eric Biggers wrote:
>> >> Looks like BLKTRACESETUP doesn't limit the '.
On Sun, Dec 03, 2017 at 12:16:08PM -0800, Eric Biggers wrote:
> Looks like BLKTRACESETUP doesn't limit the '.buf_nr' parameter, allowing
> anyone
> who can open a block device to cause an extremely large kmalloc. Here's a
> simplified reproducer:
>
There are lots of places which allow people to
On Mon, Dec 04, 2017 at 09:18:05AM +0100, Dmitry Vyukov wrote:
> On Mon, Dec 4, 2017 at 9:14 AM, Dan Carpenter
> wrote:
> > On Sun, Dec 03, 2017 at 12:16:08PM -0800, Eric Biggers wrote:
> >> Looks like BLKTRACESETUP doesn't limit the '.buf_nr' parameter, allowing
> >> anyone
> >> who can open a
On Mon, Dec 4, 2017 at 9:14 AM, Dan Carpenter wrote:
> On Sun, Dec 03, 2017 at 12:16:08PM -0800, Eric Biggers wrote:
>> Looks like BLKTRACESETUP doesn't limit the '.buf_nr' parameter, allowing
>> anyone
>> who can open a block device to cause an extremely large kmalloc. Here's a
>> simplified re
+Cc linux-block
On Sun, Dec 03, 2017 at 06:25:01AM -0800, syzbot wrote:
> WARNING: CPU: 0 PID: 3081 at mm/slab_common.c:971 kmalloc_slab+0x5d/0x70
> mm/slab_common.c:971
> Kernel panic - not syncing: panic_on_warn set ...
>
[...]
> __do_kmalloc mm/slab.c:3706 [inline]
> __kmalloc+0x25/0x760 mm/