From: Eric Sandeen sandeen@redhat.com
stable inclusion from linux-4.19.198 commit 6de9f0bf7cacc772a618699f9ed5c9f6fca58a1d CVE: CVE-2021-33909
--------------------------------
commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.
There is no reasonable need for a buffer larger than this, and it avoids int overflow pitfalls.
Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation") Suggested-by: Al Viro viro@zeniv.linux.org.uk Reported-by: Qualys Security Advisory qsa@qualys.com Signed-off-by: Eric Sandeen sandeen@redhat.com Cc: stable@kernel.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Yang Yingliang yangyingliang@huawei.com Reviewed-by: Xiu Jianfeng xiujianfeng@huawei.com Reviewed-by: Zhang Yi yi.zhang@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- fs/seq_file.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/fs/seq_file.c b/fs/seq_file.c index 05e58b56f6202..e11f62b29be87 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -29,6 +29,9 @@ static void seq_set_overflow(struct seq_file *m)
static void *seq_buf_alloc(unsigned long size) { + if (unlikely(size > MAX_RW_COUNT)) + return NULL; + return kvmalloc(size, GFP_KERNEL_ACCOUNT); }
-
Yang Yingliang