From: Maciej Żenczykowski <maze@xxxxxxxxxx> Writing to an unallocated bitmap (with echo) results in an infinite loop - although I'm not clear if this is in kernel or in userspace. We return ENOMEDIUM 'No medium found', because it's the best error I could come up with to describe the situation. (Note: I'm not aware of any actual way to hit this with current kernel code, I hit this while testing new code, but it still seems like it should be fixed, especially since it prevented my machine from booting, and didn't even have the dignity to crash...) Cc: Luis Chamberlain <mcgrof@xxxxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Iurii Zaikin <yzaikin@xxxxxxxxxx> Cc: Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx> Cc: Linus FS Devel Mailing List <linux-fsdevel@xxxxxxxxxxxxxxx> Signed-off-by: Maciej Żenczykowski <maze@xxxxxxxxxx> --- kernel/sysctl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 2c3958d2f463..431966967c99 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -3174,6 +3174,11 @@ int proc_do_large_bitmap(struct ctl_table *table, int write, unsigned long *tmp_bitmap = NULL; char tr_a[] = { '-', ',', '\n' }, tr_b[] = { ',', '\n', 0 }, c; + if (write && (!bitmap || !bitmap_len)) + /* returning 0 could cause an infinite loop */ + return -ENOMEDIUM; + } + if (!bitmap || !bitmap_len || !left || (*ppos && !write)) { *lenp = 0; return 0; -- 2.24.0.432.g9d3f5f5b63-goog