diff options
| author | Eric Sandeen <sandeen@redhat.com> | 2021-07-13 17:49:23 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-07-20 16:21:16 +0200 |
| commit | c5157b3e775dac31d51b11f993a06a84dc11fc8c (patch) | |
| tree | 51e7336714bb4bd7a55028af16759974867fedda | |
| parent | 8be8d4ba1c4d4f5fb316957965f9f8d5f110f5b5 (diff) | |
| download | linux-stable-c5157b3e775dac31d51b11f993a06a84dc11fc8c.tar.gz linux-stable-c5157b3e775dac31d51b11f993a06a84dc11fc8c.tar.bz2 linux-stable-c5157b3e775dac31d51b11f993a06a84dc11fc8c.zip | |
seq_file: disallow extremely large seq buffer allocations
commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.
There is no reasonable need for a buffer larger than this, and it avoids
int overflow pitfalls.
Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Reported-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | fs/seq_file.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/seq_file.c b/fs/seq_file.c index 368bfb92b115..3ade39e02bb7 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -28,6 +28,9 @@ static void *seq_buf_alloc(unsigned long size) void *buf; gfp_t gfp = GFP_KERNEL; + if (unlikely(size > MAX_RW_COUNT)) + return NULL; + /* * For high order allocations, use __GFP_NORETRY to avoid oom-killing - * it's better to fall back to vmalloc() than to kill things. For small |