Hi Xin, On Wed, 13 Oct 2021 19:48:54 +0800 Xin Hao <xhao@xxxxxxxxxxxxxxxxx> wrote: > In order to avoid the 'count' size space of kbuf array is > used up, but a "\0" is still added. Thank you for this patch! :) But... I unsure how this can cause a buffer overflow, as 'kbuf' is accessed by only size-specified functions, namely 'scnprintf()' and 'simple_read_from_buffer()'. If I'm missing something, please feel free to let me know. Thanks, SJ > > Signed-off-by: Xin Hao <xhao@xxxxxxxxxxxxxxxxx> > --- > mm/damon/dbgfs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/damon/dbgfs.c b/mm/damon/dbgfs.c > index faee070977d8..20c61eed54af 100644 > --- a/mm/damon/dbgfs.c > +++ b/mm/damon/dbgfs.c > @@ -247,7 +247,7 @@ static ssize_t dbgfs_kdamond_pid_read(struct file *file, > char *kbuf; > ssize_t len; > > - kbuf = kmalloc(count, GFP_KERNEL); > + kbuf = kmalloc(count + 1, GFP_KERNEL); > if (!kbuf) > return -ENOMEM; > > -- > 2.31.0 >
