Skip to content

Commit

Permalink
NFC: Use GFP_USER for user-controlled kmalloc
Browse files Browse the repository at this point in the history 
These two functions are called in sendmsg path, and the
'len' is passed from user-space, so we should not allow
malicious users to OOM kernel on purpose.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
  • Loading branch information
Cong Wang authored and Samuel Ortiz committed Feb 25, 2016
1 parent 667f006 commit 81ca783
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions net/nfc/llcp_commands.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -663,7 +663,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
return -ENOBUFS;
}

msg_data = kzalloc(len, GFP_KERNEL);
msg_data = kmalloc(len, GFP_USER | __GFP_NOWARN);
if (msg_data == NULL)
return -ENOMEM;

Expand Down Expand Up @@ -729,7 +729,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
if (local == NULL)
return -ENODEV;

msg_data = kzalloc(len, GFP_KERNEL);
msg_data = kmalloc(len, GFP_USER | __GFP_NOWARN);
if (msg_data == NULL)
return -ENOMEM;

Expand Down

0 comments on commit 81ca783

Please sign in to comment.