On 12/01/2015 11:46 AM, David Laight wrote:

From: Marcelo Ricardo Leitner

quoted

Sent: 30 November 2015 16:33
Dmitry Vyukov reported that the user could trigger a kernel warning by
using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that
value directly affects the value used as a kmalloc() parameter.

This patch thus switches the allocation flags from all user-controllable
kmalloc size to GFP_USER to put some more restrictions on it and also
disables the warn, as they are not necessary.

ISTM that the code should put some 'sanity limit' on that
size before allocating the kernel buffer.

One could do that in addition, but this buffer has just a short lifetime
and by using GFP_USER hardwall restrictions apply already.