summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorEric Sandeen <sandeen@redhat.com>2021-07-13 18:49:23 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2021-07-20 03:18:48 +0300
commit8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b (patch)
treece4ab88a4716617571135afcb7728f33739244a3 /fs
parent2734d6c1b1a089fb593ef6a23d4b70903526fe0c (diff)
downloadlinux-8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b.tar.xz
seq_file: disallow extremely large seq buffer allocations
There is no reasonable need for a buffer larger than this, and it avoids int overflow pitfalls. Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation") Suggested-by: Al Viro <viro@zeniv.linux.org.uk> Reported-by: Qualys Security Advisory <qsa@qualys.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/seq_file.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/seq_file.c b/fs/seq_file.c
index b117b212ef28..4a2cda04d3e2 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m)
static void *seq_buf_alloc(unsigned long size)
{
+ if (unlikely(size > MAX_RW_COUNT))
+ return NULL;
+
return kvmalloc(size, GFP_KERNEL_ACCOUNT);
}