alloc_struct()? Re: [RFC/PATCH] lvm sanitation in 2.5

Pavel Machek (pavel@ucw.cz)
Sun, 26 May 2002 18:43:27 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pavel Machek: "checkpoint/restart [was Re: [ANNOUNCE] fastboot mailing list at OSDL: fastboot@lists.osdl.org]"
Previous message: Pavel Machek: "Re: [RFC] possible fix for broken floppy driver since 2.5.13"

Hi!
> > I have started cleaning up lvm. The following patch contains the first
> > steps. It disables a lot of functionallity but the basic things are
> > there, I'm actually running a kernel with this patch right now, with
> > /home and /var on lvm. The vg_t/lv_t..-structures are now available in
> > to versions, one exported to userspace (and that should remain
> > constant through versions) and one used in kernelspace containing
> > stuff that should not be exposed to userspace (struct block_device,
> > kdev_t and such). (this also allows more flexibillity making changes
> > in the driver without changing the userspace interface). Should i
> > finish this patch? Would davej accept it?
>
> That's _very_ nice to see. I don't know about -dj, but it's definitely
> a step in right direction for the main tree.
>
> Other things that need to be done:
>
> a) propagate struct block_device * on the kernel side. It's not a trivial
> change - unlike kdev_t struct block_device * might leak. So you will need
> to add proper refcounting to uses in lvm*.c and from my fighting with
> lvm code I can say that it won't be easy.
>
> b) check all copy_{from,to}_user() in lvm for buffer overruns. The damn thing
> is choke-full of them - e.g. it happily assumes that
> n = <get a number from userland>;
> p = (struct foo *)kmalloc(n * sizeof(struct foo), ...);
> if (!p)
> return -ENOMEM;
> for (i = 0; i<n; i++) {
> copy_from_user(p+i, user_p+i, sizeof(struct foo));
> ...
> }
> is OK. It isn't - if value of n is slightly above 2^32/sizeof(struct foo)
> you will get fairly small argument of kmalloc() (multiplication is done
> modulo 2^32) and kmalloc() succeeds, allocating <small amount> instead of
> 4Gb + <small amount> assumed by the loop below.

Maybe p = alloc_struct(n, struct foo, GFP_WHATEVER) (and then using
this macro) is right way to tackle this problem?. Or maybe even
alloc_struct(p, n, GFP_WHATEVER)?
Pavel

-- 
(about SSSCA) "I don't say this lightly.  However, I really think that the U.S.
no longer is classifiable as a democracy, but rather as a plutocracy." --hpa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Pavel Machek: "checkpoint/restart [was Re: [ANNOUNCE] fastboot mailing list at OSDL: fastboot@lists.osdl.org]"
Previous message: Pavel Machek: "Re: [RFC] possible fix for broken floppy driver since 2.5.13"