• Darrick J. Wong's avatar
    vfs: cap dedupe request structure size at PAGE_SIZE · b71dbf10
    Darrick J. Wong authored
    Kirill A Shutemov reports that the kernel doesn't try to cap dest_count
    in any way, and uses the number to allocate kernel memory.  This causes
    high order allocation warnings in the kernel log if someone passes in a
    big enough value.  We should clamp the allocation at PAGE_SIZE to avoid
    stressing the VM.
    
    The two existing users of the dedupe ioctl never send more than 120
    requests, so we can safely clamp dest_range at PAGE_SIZE, because with
    4k pages we can handle up to 127 dedupe candidates.  Given the max
    extent length of 16MB, we can end up doing 2GB of IO which is plenty.
    
    [ Note: the "offsetof()" can't overflow, because 'count' is just a
      16-bit integer.  That's not obvious in the limited context of the
      patch, so I'm noting it here because it made me go look.  - Linus ]
    Reported-by: default avatar"Kirill A. Shutemov" <kirill@shutemov.name>
    Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    b71dbf10
ioctl.c 17.2 KB