Re: WARNING in __alloc_frozen_pages_noprof

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



syzbot creates a pipe and writes some data to it. It then creates a v9fs
mount using the pipe as transport. The data in the pipe specifies an ACL
of size 9 TB (9895604649984 bytes) for the root inode, causing kmalloc
to fail.

KMALLOC_MAX_SIZE is probably too loose of an upper bound for the size of
an ACL, but I didn't see an existing limit for V9FS like in e.g. NFS:

include/linux/nfsacl.h:
>/* Maximum number of ACL entries over NFS */
>#define NFS_ACL_MAX_ENTRIES     1024
>
>#define NFSACL_MAXWORDS         (2*(2+3*NFS_ACL_MAX_ENTRIES))
>#define NFSACL_MAXPAGES         ((2*(8+12*NFS_ACL_MAX_ENTRIES) + PAGE_SIZE-1) \
>                                 >> PAGE_SHIFT)
>        
>#define NFS_ACL_MAX_ENTRIES_INLINE      (5)
>#define NFS_ACL_INLINE_BUFSIZE  ((2*(2+3*NFS_ACL_MAX_ENTRIES_INLINE)) << 2)

#syz test

---
 fs/9p/acl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/9p/acl.c b/fs/9p/acl.c
index eed551d8555f..1b9681d58f8d 100644
--- a/fs/9p/acl.c
+++ b/fs/9p/acl.c
@@ -28,6 +28,8 @@ static struct posix_acl *v9fs_fid_get_acl(struct p9_fid *fid, const char *name)
 		return ERR_PTR(size);
 	if (size == 0)
 		return ERR_PTR(-ENODATA);
+	if (size > KMALLOC_MAX_SIZE)
+		return ERR_PTR(-ERANGE);
 
 	value = kzalloc(size, GFP_NOFS);
 	if (!value)
-- 
2.43.0





[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux