On Wed, Mar 17, 2021 at 04:55:22PM -0700, Gwendal Grignou wrote: > commit 5d749d0bbe811c10d9048cde6dfebc761713abfd upstream. > > Prevent memory scribble by checking that ioctl buffer size parameters > are sane. > Without this check, on 32 bits system, if .insize = 0xffffffff - 20 and > .outsize the amount to scribble, we would overflow, allocate a small > amounts and be able to write outside of the malloc'ed area. > Adding a hard limit allows argument checking of the ioctl. With the > current EC, it is expected .insize and .outsize to be at around 512 bytes > or less. > > Signed-off-by: Olof Johansson <olof@xxxxxxxxx> > Signed-off-by: Gwendal Grignou <gwendal@xxxxxxxxxxxx> > --- > drivers/platform/chrome/cros_ec_dev.c | 4 ++++ > drivers/platform/chrome/cros_ec_proto.c | 4 ++-- > include/linux/mfd/cros_ec.h | 6 ++++-- > 3 files changed, 10 insertions(+), 4 deletions(-) What stable tree(s) are you wanting this to be applied to? Always give us a hint... thanks, greg k-h
