On 2021/01/26 3:08, Casey Schaufler wrote:

On 1/24/2021 6:36 AM, Sabyrzhan Tasbolatov wrote:

quoted

syzbot found WARNINGs in several smackfs write operations where
bytes count is passed to memdup_user_nul which exceeds
GFP MAX_ORDER. Check count size if bigger SMK_LONGLABEL,
for smk_write_syslog if bigger than PAGE_SIZE - 1.

Reported-by: syzbot+a71a442385a0b2815497@syzkaller.appspotmail.com
Signed-off-by: Sabyrzhan Tasbolatov <redacted>

Thank you for the patch. Unfortunately, SMK_LONGLABEL isn't
the right value in some of these cases. 

Since it uses sscanf(), I think that whitespaces must be excluded from upper limit
check. I'm proposing adding __GFP_NOWARM on the memdup_user_nul() side at
https://lkml.kernel.org/r/20210120103436.11830-1-penguin-kernel@I-love.SAKURA.ne.jp .