Commit dd2a5b55 authored Dec 21, 2024 by Tetsuo Handa Committed by Andrew Morton Dec 30, 2024

mm/util: make memdup_user_nul() similar to memdup_user()

Since the string data to copy from userspace is likely less than PAGE_SIZE
bytes, replace GFP_KERNEL with GFP_USER like commit 6c2c97a2
("memdup_user(): switch to GFP_USER") does and add __GFP_NOWARN like
commit 6c8fcc09 ("mm: don't let userspace spam allocations warnings")
does.  Also, use dedicated slab buckets like commit d73778e4
("mm/util: Use dedicated slab buckets for memdup_user()") does.

Link: https://lkml.kernel.org/r/014cd694-cc27-4a07-a34a-2ae95d744515@I-love.SAKURA.ne.jp


Reported-by:  <syzbot+7e12e97b36154c54414b@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=7e12e97b36154c54414b


Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

parent 62e72d2c

mm/util.c

+1 −6

Original line number	Diff line number	Diff line
		@@ -297,12 +297,7 @@ void memdup_user_nul(const void __user src, size_t len)
		{
		char *p;

		/*
		* Always use GFP_KERNEL, since copy_from_user() can sleep and
		* cause pagefault, which makes it pointless to use GFP_NOFS
		* or GFP_ATOMIC.
		*/
		p = kmalloc_track_caller(len + 1, GFP_KERNEL);
		p = kmem_buckets_alloc_track_caller(user_buckets, len + 1, GFP_USER \| __GFP_NOWARN);
		if (!p)
		return ERR_PTR(-ENOMEM);