Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 6, 2018, at 6:22 PM, Eric W. Biederman wrote: > > Ilya Matveychikov writes: > >>> On Jun 5, 2018, at 11:56 PM, Eric W. Biederman >>> wrote: >>> >>> Ilya Matveychikov writes: >>> >>>> Just CC’ed to some of m

Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 6, 2018, at 6:22 PM, Eric W. Biederman wrote: > > Ilya Matveychikov writes: > >>> On Jun 5, 2018, at 11:56 PM, Eric W. Biederman >>> wrote: >>> >>> Ilya Matveychikov writes: >>> >>>> Just CC’ed to some of m

Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 5, 2018, at 11:56 PM, Eric W. Biederman wrote: > > Ilya Matveychikov writes: > >> Just CC’ed to some of maintainers. >> >> $ perl scripts/get_maintainer.pl >> fs/0001-ksys_mount-check-for-permissions-before-resource-all.patch >> Al

Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 5, 2018, at 11:56 PM, Eric W. Biederman wrote: > > Ilya Matveychikov writes: > >> Just CC’ed to some of maintainers. >> >> $ perl scripts/get_maintainer.pl >> fs/0001-ksys_mount-check-for-permissions-before-resource-all.patch >> Al

Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 5, 2018, at 4:28 PM, David Sterba wrote: > >> BTW, sys_umount() has this check in the right place - before doing anything. >> So, why not to have the same logic for mount/umount? > > What if the check is not equivalent to the one done later? may_mount > needs namespace, it will be

Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 5, 2018, at 4:28 PM, David Sterba wrote: > >> BTW, sys_umount() has this check in the right place - before doing anything. >> So, why not to have the same logic for mount/umount? > > What if the check is not equivalent to the one done later? may_mount > needs namespace, it will be

Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 5, 2018, at 3:53 PM, Al Viro wrote: > > On Tue, Jun 05, 2018 at 03:35:55PM +0400, Ilya Matveychikov wrote: >> >>> On Jun 5, 2018, at 3:26 PM, Al Viro wrote: >>>> >>>>> On Jun 5, 2018, at 6:00 AM, Ilya Matveychikov >>

Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 5, 2018, at 3:53 PM, Al Viro wrote: > > On Tue, Jun 05, 2018 at 03:35:55PM +0400, Ilya Matveychikov wrote: >> >>> On Jun 5, 2018, at 3:26 PM, Al Viro wrote: >>>> >>>>> On Jun 5, 2018, at 6:00 AM, Ilya Matveychikov >>

Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 5, 2018, at 3:26 PM, Al Viro wrote: >> >>> On Jun 5, 2018, at 6:00 AM, Ilya Matveychikov >>> wrote: >>> >>> Early check for mount permissions prevents possible allocation of 3 >>> pages from kmalloc() pool by unpriveledged u

Re: [PATCH] ksys_mount: check for permissions before resource allocation

> On Jun 5, 2018, at 3:26 PM, Al Viro wrote: >> >>> On Jun 5, 2018, at 6:00 AM, Ilya Matveychikov >>> wrote: >>> >>> Early check for mount permissions prevents possible allocation of 3 >>> pages from kmalloc() pool by unpriveledged u

Re: [PATCH] ksys_mount: check for permissions before resource allocation

@vger.kernel.org (open list) > On Jun 5, 2018, at 6:00 AM, Ilya Matveychikov wrote: > > Early check for mount permissions prevents possible allocation of 3 > pages from kmalloc() pool by unpriveledged user which can be used for > spraying the kernel heap. > > Signed-off-by:

Re: [PATCH] ksys_mount: check for permissions before resource allocation

@vger.kernel.org (open list) > On Jun 5, 2018, at 6:00 AM, Ilya Matveychikov wrote: > > Early check for mount permissions prevents possible allocation of 3 > pages from kmalloc() pool by unpriveledged user which can be used for > spraying the kernel heap. > > Signed-off-by:

[PATCH] ksys_mount: check for permissions before resource allocation

Early check for mount permissions prevents possible allocation of 3 pages from kmalloc() pool by unpriveledged user which can be used for spraying the kernel heap. Signed-off-by: Ilya V. Matveychikov --- fs/namespace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/namespace.c

[PATCH] ksys_mount: check for permissions before resource allocation

Early check for mount permissions prevents possible allocation of 3 pages from kmalloc() pool by unpriveledged user which can be used for spraying the kernel heap. Signed-off-by: Ilya V. Matveychikov --- fs/namespace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/namespace.c

Re: [RFC PATCH 0/3] Introduce kernel small arrays (KSA)

> On Oct 4, 2017, at 7:22 PM, Ben Hutchings <ben.hutchi...@codethink.co.uk> > wrote: > > On Tue, 2017-09-19 at 12:30 +0400, Ilya Matveychikov wrote: >> Hi guys, >> >> Please review the approach of using small fixed-sized arrays to improve >>

Re: [RFC PATCH 0/3] Introduce kernel small arrays (KSA)

> On Oct 4, 2017, at 7:22 PM, Ben Hutchings > wrote: > > On Tue, 2017-09-19 at 12:30 +0400, Ilya Matveychikov wrote: >> Hi guys, >> >> Please review the approach of using small fixed-sized arrays to improve >> parsing of values like get_options() does.

Re: [PATCH 4.4 03/26] lib/cmdline.c: fix get_options() overflow while parsing ranges

> On Jun 29, 2017, at 7:24 PM, Ben Hutchings <ben.hutchi...@codethink.co.uk> > wrote: > > On Tue, 2017-06-27 at 14:49 +0200, Greg Kroah-Hartman wrote: >> 4.4-stable review patch. If anyone has any objections, please let me know. >> >> -

Re: [PATCH 4.4 03/26] lib/cmdline.c: fix get_options() overflow while parsing ranges

> On Jun 29, 2017, at 7:24 PM, Ben Hutchings > wrote: > > On Tue, 2017-06-27 at 14:49 +0200, Greg Kroah-Hartman wrote: >> 4.4-stable review patch. If anyone has any objections, please let me know. >> >> ------ >> >&

[RFC PATCH 2/3] net/dev/core.c: use ksa_parse_ints instead of get_options

Signed-off-by: Ilya V. Matveychikov --- net/core/dev.c | 20 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 8515f8f..acda9ac 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -144,6 +144,7 @@

[RFC PATCH 2/3] net/dev/core.c: use ksa_parse_ints instead of get_options

Signed-off-by: Ilya V. Matveychikov --- net/core/dev.c | 20 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 8515f8f..acda9ac 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -144,6 +144,7 @@ #include #include

[RFC PATCH 1/3] ksmall_array: introduce kernel small arrays

Signed-off-by: Ilya V. Matveychikov --- include/linux/small_array.h | 35 +++ lib/Makefile| 2 +- lib/cmdline.c | 4 +++- lib/ksmall_array.c | 26 ++ 4 files changed, 65

[RFC PATCH 1/3] ksmall_array: introduce kernel small arrays

Signed-off-by: Ilya V. Matveychikov --- include/linux/small_array.h | 35 +++ lib/Makefile| 2 +- lib/cmdline.c | 4 +++- lib/ksmall_array.c | 26 ++ 4 files changed, 65 insertions(+), 2 deletions(-)

[RFC PATCH 0/3] Introduce kernel small arrays (KSA)

Hi guys, Please review the approach of using small fixed-sized arrays to improve parsing of values like get_options() does. This comes to me after fixing an overflow in get_options(). See the thread for details: https://lkml.org/lkml/2017/5/22/581 If the approach is OK I’ll suggest to replace

[RFC PATCH 0/3] Introduce kernel small arrays (KSA)

Hi guys, Please review the approach of using small fixed-sized arrays to improve parsing of values like get_options() does. This comes to me after fixing an overflow in get_options(). See the thread for details: https://lkml.org/lkml/2017/5/22/581 If the approach is OK I’ll suggest to replace

Re: [PATCH] lib/cmdline.c: add to the get_options() documentation

> On Aug 21, 2017, at 1:46 PM, Dan Carpenter wrote: > > I wasn't sure how get_options() worked, so I looked at examples. And by > sheer chance the first example I picked the only example which uses it > incorrectly... I've added some comments that hopefully help. >

Re: [PATCH] lib/cmdline.c: add to the get_options() documentation

> On Aug 21, 2017, at 1:46 PM, Dan Carpenter wrote: > > I wasn't sure how get_options() worked, so I looked at examples. And by > sheer chance the first example I picked the only example which uses it > incorrectly... I've added some comments that hopefully help. > See also comments on my

[PATCH] cmdline: fix get_options() overflow while parsing ranges

When using get_options() it's possible to specify a range of numbers, like 1-100500. The problem is that it doesn't track array size while calling internally to get_range() which iterates over the range and fills the memory with numbers. Signed-off-by: Ilya V. Matveychikov

[PATCH] cmdline: fix get_options() overflow while parsing ranges

When using get_options() it's possible to specify a range of numbers, like 1-100500. The problem is that it doesn't track array size while calling internally to get_range() which iterates over the range and fills the memory with numbers. Signed-off-by: Ilya V. Matveychikov --- lib/cmdline.c | 6