From nobody Mon Feb 9 04:53:11 2026 Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D78A28366 for ; Sat, 21 Dec 2024 07:47:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.181.97.72 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734767265; cv=none; b=e7zsxBgt2YizTK/uI7Kq2DyXWq/FMpQsprlot3DUs8EqvQTKQC21zT8zXsaoO1aeVFdrOkhm0exbzn1V0fx0jgN8+Q/5t8OB1zNlXYBuA3yZWaDH+KySITmUMvXVzsMqDLJ6NlO4YEt9dW8YiaBYJjXeSnbQ7z4iUod97YdI0pM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734767265; c=relaxed/simple; bh=OftZsKg+S1YrZ+UnkB5AX1dfHFNfhdzVpYuP7n9L9HE=; h=Message-ID:Date:MIME-Version:To:Cc:From:Subject:Content-Type; b=dSza7H5+NLBoM4xOA48UcmYMNSed66n+QYT4G+Zu678u2tJ+1EKo3IrSMfv1UCuA+zigDmfJK6FXZUiTAhqAcKZyJuBv1cT/Zv/WsYkam6LeL8xJj23x3O76InnDLruLBGz259mo3inKG4J7AKyD7g5YkIHmqJXRNd3hB8WjFEU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=I-love.SAKURA.ne.jp; spf=pass smtp.mailfrom=I-love.SAKURA.ne.jp; arc=none smtp.client-ip=202.181.97.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=I-love.SAKURA.ne.jp Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=I-love.SAKURA.ne.jp Received: from www262.sakura.ne.jp (localhost [127.0.0.1]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 4BL7lVk3085310; Sat, 21 Dec 2024 16:47:31 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from [192.168.1.6] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 4BL7lVQ3085304 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Sat, 21 Dec 2024 16:47:31 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: <014cd694-cc27-4a07-a34a-2ae95d744515@I-love.SAKURA.ne.jp> Date: Sat, 21 Dec 2024 16:47:29 +0900 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Andrew Morton , linux-mm Cc: LKML From: Tetsuo Handa Subject: [PATCH] mm/util: make memdup_user_nul() similar to memdup_user() Content-Transfer-Encoding: quoted-printable X-Anti-Virus-Server: fsav201.rs.sakura.ne.jp X-Virus-Status: clean Content-Type: text/plain; charset="utf-8" Since the string data to copy from userspace is likely less than PAGE_SIZE bytes, replace GFP_KERNEL with GFP_USER like commit 6c2c97a24f09 ("memdup_user(): switch to GFP_USER") does and add __GFP_NOWARN like commit 6c8fcc096be9 ("mm: don't let userspace spam allocations warnings") does. Also, use dedicated slab buckets like commit d73778e4b867 ("mm/util: Use dedicated slab buckets for memdup_user()") does. Reported-by: syzbot+7e12e97b36154c54414b@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D7e12e97b36154c54414b Signed-off-by: Tetsuo Handa Acked-by: Kees Cook --- mm/util.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/mm/util.c b/mm/util.c index c1c3b06ab4f9..60aa40f612b8 100644 --- a/mm/util.c +++ b/mm/util.c @@ -297,12 +297,7 @@ void *memdup_user_nul(const void __user *src, size_t l= en) { char *p; =20 - /* - * Always use GFP_KERNEL, since copy_from_user() can sleep and - * cause pagefault, which makes it pointless to use GFP_NOFS - * or GFP_ATOMIC. - */ - p =3D kmalloc_track_caller(len + 1, GFP_KERNEL); + p =3D kmem_buckets_alloc_track_caller(user_buckets, len + 1, GFP_USER | _= _GFP_NOWARN); if (!p) return ERR_PTR(-ENOMEM); =20 --=20 2.43.5