[PATCH] seq_file: Disallow extremely large seq buffer allocations

There is no reasonable need for a buffer larger than this,
and it avoids int overflow pitfalls.

Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
Reported-by: Qualys Security Advisory <qsa@qualys.com>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name seq_file-Disallow-extremely-large-seq-buffer-allocat.patch

diff --git a/fs/seq_file.c b/fs/seq_file.c
index 03a369ccd28c342dad3e2bf815642aa8ade08f9e..472714716be69a984a327fb00ebb3f93abdf9cf0 100644 (file)
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m)
 
 static void *seq_buf_alloc(unsigned long size)
 {
+       if (unlikely(size > MAX_RW_COUNT))
+               return NULL;
+
        return kvmalloc(size, GFP_KERNEL_ACCOUNT);
 }