On Tue 2020-01-07 21:54:10, Greg Kroah-Hartman wrote: > From: Daniel Vetter <daniel.vetter@xxxxxxxx> > > [ Upstream commit 5bf8bec3f4ce044a223c40cbce92590d938f0e9c ] > > The hardened usercpy code is too paranoid ever since commit 6a30afa8c1fb > ("uaccess: disallow > INT_MAX copy sizes") > Code itself should have been fine as-is. > > Link: http://lkml.kernel.org/r/20191106164755.31478-1-daniel.vetter@xxxxxxxx > Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxxx> > Reported-by: syzbot+fb77e97ebf0612ee6914@xxxxxxxxxxxxxxxxxxxxxxxxx > Fixes: 6a30afa8c1fb ("uaccess: disallow > INT_MAX copy sizes") There is no such thing as commit 6a30afa8c1fb. Apparently this is talking about commit "6d13de1489b6bf539695f96d945de3860e6d5e17", but that one is not in 4.19-stable. Do we need this in 4.19-stable? Pavel > +++ b/drivers/gpu/drm/drm_property.c > @@ -556,7 +556,7 @@ drm_property_create_blob(struct drm_device *dev, size_t length, > struct drm_property_blob *blob; > int ret; > > - if (!length || length > ULONG_MAX - sizeof(struct drm_property_blob)) > + if (!length || length > INT_MAX - sizeof(struct drm_property_blob)) > return ERR_PTR(-EINVAL); > > blob = kvzalloc(sizeof(struct drm_property_blob)+length, GFP_KERNEL); -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature