[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF



On Mon, 2012-04-09 at 04:22 +1000, Indan Zupancic wrote:
> On Sat, April 7, 2012 06:23, Andrew Morton wrote:
> >
> > I think this gives userspace an easy way of causing page allocation
> > failure warnings, by permitting large kmalloc() attempts.  Add
> > __GFP_NOWARN?
> 
> Max is 32kb. sk_attach_filter() in net/core/filter.c is worse,
> it allocates up to 512kb before even checking the length.
> 

I dont think so.

sk_attach_filter() uses sk_malloc() and it does a check.

# cat /proc/sys/net/core/optmem_max 
20480

Of course you can change the limit on your machine.



--
To unsubscribe from this list: send the line "unsubscribe linux-arch" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Photo]     [Yosemite]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]


  Powered by Linux