[this has just hit my filters, I am not really familiar with the code itself] On Mon 02-01-23 23:53:40, Tetsuo Handa wrote: > syzbot is reporting too large allocation at ntfs_load_attr_list() [1], for > a crafted filesystem can have huge data_size. > > Link: https://syzkaller.appspot.com/bug?extid=89dbb3a789a5b9711793 [1] > Reported-by: syzbot <syzbot+89dbb3a789a5b9711793@xxxxxxxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > --- > fs/ntfs3/attrlist.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/ntfs3/attrlist.c b/fs/ntfs3/attrlist.c > index c0c6bcbc8c05..81c22df27c72 100644 > --- a/fs/ntfs3/attrlist.c > +++ b/fs/ntfs3/attrlist.c > @@ -52,7 +52,7 @@ int ntfs_load_attr_list(struct ntfs_inode *ni, struct ATTRIB *attr) > > if (!attr->non_res) { > lsize = le32_to_cpu(attr->res.data_size); > - le = kmalloc(al_aligned(lsize), GFP_NOFS); > + le = kmalloc(al_aligned(lsize), GFP_NOFS | __GFP_NOWARN); This looks like a bad idea in general. The allocator merely says that something is wrong and you are silencing that. The calling code should check the size for reasonable range and if larger size. Moreover, if lsize can be really more than PAGE_SIZE this should be kvmalloc instead. Ditto for the the other case. > if (!le) { > err = -ENOMEM; > goto out; > @@ -80,7 +80,7 @@ int ntfs_load_attr_list(struct ntfs_inode *ni, struct ATTRIB *attr) > if (err < 0) > goto out; > > - le = kmalloc(al_aligned(lsize), GFP_NOFS); > + le = kmalloc(al_aligned(lsize), GFP_NOFS | __GFP_NOWARN); > if (!le) { > err = -ENOMEM; > goto out; > -- > 2.34.1 > -- Michal Hocko SUSE Labs
