patches/kernel/0007-seq-file-disallow-extremely-large.patch

   1 From 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b Mon Sep 17 00:00:00 2001
   2 From: Eric Sandeen <sandeen@redhat.com>
   3 Date: Tue, 13 Jul 2021 17:49:23 +0200
   4 Subject: seq_file: disallow extremely large seq buffer allocations
   5
   6 There is no reasonable need for a buffer larger than this, and it avoids
   7 int overflow pitfalls.
   8
   9 Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
  10 Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
  11 Reported-by: Qualys Security Advisory <qsa@qualys.com>
  12 Signed-off-by: Eric Sandeen <sandeen@redhat.com>
  13 Cc: stable@kernel.org
  14 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  15 ---
  16  fs/seq_file.c | 3 +++
  17  1 file changed, 3 insertions(+)
  18
  19 diff --git a/fs/seq_file.c b/fs/seq_file.c
  20 index b117b212ef288..4a2cda04d3e29 100644
  21 --- a/fs/seq_file.c
  22 +++ b/fs/seq_file.c
  23 @@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m)
  24
  25  static void *seq_buf_alloc(unsigned long size)
  26  {
  27 +       if (unlikely(size > MAX_RW_COUNT))
  28 +               return NULL;
  29 +
  30         return kvmalloc(size, GFP_KERNEL_ACCOUNT);
  31  }
  32
  33 --
  34 cgit 1.2.3-1.el7