The sysfs interface can be used to trigger arbitrarily large memory allocations. This can induce pressure on the VM layer to satisfy the request only to fail anyways. Reported-by: cheung wall <zzqq0103.hey@xxxxxxxxx> Closes: https://lore.kernel.org/lkml/20250103091906.GD1977892@ZenIV/ Fixes: 73f37068d540 ("ptp: support ptp physical/virtual clocks conversion") Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Thomas Weißschuh <linux@xxxxxxxxxxxxxx> --- The limit is completely made up, let me know if there is something better. I'm also wondering about the point of the max_vclocks sysfs attribute. It could easily be removed and all its logic moved into the n_vclocks attribute, simplifying the UAPI. --- drivers/ptp/ptp_private.h | 1 + drivers/ptp/ptp_sysfs.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/ptp/ptp_private.h b/drivers/ptp/ptp_private.h index 18934e28469ee6e3bf9c9e6d1a1adb82808d88e6..07003339795e9c0fb813887e47eaee4ba0e20064 100644 --- a/drivers/ptp/ptp_private.h +++ b/drivers/ptp/ptp_private.h @@ -22,6 +22,7 @@ #define PTP_MAX_TIMESTAMPS 128 #define PTP_BUF_TIMESTAMPS 30 #define PTP_DEFAULT_MAX_VCLOCKS 20 +#define PTP_MAX_VCLOCKS_LIMIT 2048 #define PTP_MAX_CHANNELS 2048 struct timestamp_event_queue { diff --git a/drivers/ptp/ptp_sysfs.c b/drivers/ptp/ptp_sysfs.c index 6b1b8f57cd9510f269c86dd89a7a74f277f6916b..200eaf50069681eecc87d63c0e0440f28cccab77 100644 --- a/drivers/ptp/ptp_sysfs.c +++ b/drivers/ptp/ptp_sysfs.c @@ -284,7 +284,7 @@ static ssize_t max_vclocks_store(struct device *dev, size_t size; u32 max; - if (kstrtou32(buf, 0, &max) || max == 0) + if (kstrtou32(buf, 0, &max) || max == 0 || max > PTP_MAX_VCLOCKS_LIMIT) return -EINVAL; if (max == ptp->max_vclocks) --- base-commit: 582ef8a0c406e0b17030b0773392595ec331a0d2 change-id: 20250103-ptp-max_vclocks-0dab5b03b006 Best regards, -- Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
