Re: [PATCH] drm/panfrost: Avoid user size passed to kvmalloc()

16 Dec 2021


      On Thu, Dec 16, 2021 at 10:16 AM Steven Price steven.price@arm.com wrote:
...
panfrost_copy_in_sync() takes the number of fences from user space
(in_sync_count) and used to kvmalloc() an array to hold that number of
fences before processing them. This provides an easy method for user
space to trigger the OOM killer (by temporarily allocating large amounts
of kernel memory) or hit the WARN_ONCE() added by 7661809d493b ("mm:
don't allow oversized kvmalloc() calls").
Since we don't expect there to be a large number of fences we can
instead iterate over the fences one-by-one and avoid the temporary
allocation altogether. This also makes the code simpler.
Doesn't the BO lookup suffer from the same issue?
Rob

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Re: [PATCH] drm/panfrost: Avoid user size passed to kvmalloc()