linux-stable.git - Linux kernel stable tree

diff options

author	David Rientjes <rientjes@google.com>	2018-02-21 14:45:32 -0800
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-02-21 15:35:43 -0800
commit	88913bd8ea2a75d7e460a4bed5f75e1c32660d7e (patch)
tree	7e7f3c91c5fcf133cef4071edb2d887d649844e8 /scripts
parent	9c4e6b1a7027f102990c0395296015a812525f4d (diff)
download	linux-stable-88913bd8ea2a75d7e460a4bed5f75e1c32660d7e.tar.gz linux-stable-88913bd8ea2a75d7e460a4bed5f75e1c32660d7e.tar.bz2 linux-stable-88913bd8ea2a75d7e460a4bed5f75e1c32660d7e.zip

kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE

chan->n_subbufs is set by the user and relay_create_buf() does a kmalloc() of chan->n_subbufs * sizeof(size_t *). kmalloc_slab() will generate a warning when this fails if chan->subbufs * sizeof(size_t *) > KMALLOC_MAX_SIZE. Limit chan->n_subbufs to the maximum allowed kmalloc() size. Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1802061216100.122576@chino.kir.corp.google.com Fixes: f6302f1bcd75 ("relay: prevent integer overflow in relay_open()") Signed-off-by: David Rientjes <rientjes@google.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Jens Axboe <axboe@kernel.dk> Cc: Dave Jiang <dave.jiang@intel.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: