seq_file: disallow extremely large seq buffer allocations

commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream. There is no reasonable need for a buffer larger than this, and it avoids int overflow pitfalls. Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation") Suggested-by: Al Viro <viro@zeniv.linux.org.uk> Reported-by: Qualys Security Advisory <qsa@qualys.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Eric Sandeen <sandeen@redhat.com> 2021-07-13 18:49:23 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-07-20 17:10:54 +0300
commit: c1dafbb26164f43f2bb70bee9e5c4e1cad228ca7 (patch)
tree: 1feea3098ff1af9751097d86c277a072c18675e6 /fs/seq_file.c
parent: b06ab67bd63b51222645f5bf9f1ea25b2bc73721 (diff)
download: linux-c1dafbb26164f43f2bb70bee9e5c4e1cad228ca7.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/seq_file.c b/fs/seq_file.c
index 1600034a929b..c19ecc1f2d50 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -29,6 +29,9 @@ static void seq_set_overflow(struct seq_file *m)
 
 static void *seq_buf_alloc(unsigned long size)
 {
+	if (unlikely(size > MAX_RW_COUNT))
+		return NULL;
+
 	return kvmalloc(size, GFP_KERNEL_ACCOUNT);
 }
author	Eric Sandeen <sandeen@redhat.com>	2021-07-13 18:49:23 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-07-20 17:10:54 +0300
commit	c1dafbb26164f43f2bb70bee9e5c4e1cad228ca7 (patch)
tree	1feea3098ff1af9751097d86c277a072c18675e6 /fs/seq_file.c
parent	b06ab67bd63b51222645f5bf9f1ea25b2bc73721 (diff)
download	linux-c1dafbb26164f43f2bb70bee9e5c4e1cad228ca7.tar.xz