On Tue, 30 Nov 2021 12:16:18 +0100, Bixuan Cui wrote: > > The commit 7661809d493b ("mm: don't allow oversized kvmalloc() > calls") limits the max allocatable memory via kvzalloc() to MAX_INT. > > Reported-by: syzbot+bb348e9f9a954d42746f@xxxxxxxxxxxxxxxxxxxxxxxxx > Signed-off-by: Bixuan Cui <cuibixuan@xxxxxxxxxxxxxxxxx> We should check the allocation size a lot earlier than here. IOW, such a big size shouldn't have been passed to this function but it should have been handled as an error in the caller side (snd_pcm_oss_change_params*()). Could you give the reproducer? thanks, Takashi > --- > sound/core/oss/pcm_plugin.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/sound/core/oss/pcm_plugin.c b/sound/core/oss/pcm_plugin.c > index 061ba06..61fccb5 100644 > --- a/sound/core/oss/pcm_plugin.c > +++ b/sound/core/oss/pcm_plugin.c > @@ -68,6 +68,10 @@ static int snd_pcm_plugin_alloc(struct snd_pcm_plugin *plugin, snd_pcm_uframes_t > size /= 8; > if (plugin->buf_frames < frames) { > kvfree(plugin->buf); > + > + if (size > INT_MAX) > + return -ENOMEM; > + > plugin->buf = kvzalloc(size, GFP_KERNEL); > plugin->buf_frames = frames; > } > -- > 1.8.3.1 >