From: Eric Sandeen
stable inclusion
from linux-4.19.198
commit 6de9f0bf7cacc772a618699f9ed5c9f6fca58a1d
category: bugfix
issue: #I45880
CVE: CVE-2021-33909
--------------------------------
commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.
There is no reasonable need for a buffer larger than this, and it avoids
int overflow pitfalls.
Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
Suggested-by: Al Viro
Reported-by: Qualys Security Advisory
Signed-off-by: Eric Sandeen
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Yang Yingliang
Signed-off-by: Yu Changchun
---
fs/seq_file.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/seq_file.c b/fs/seq_file.c
index 05e58b56f620..e11f62b29be8 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -29,6 +29,9 @@ static void seq_set_overflow(struct seq_file *m)
static void *seq_buf_alloc(unsigned long size)
{
+ if (unlikely(size > MAX_RW_COUNT))
+ return NULL;
+
return kvmalloc(size, GFP_KERNEL_ACCOUNT);
}
--
2.22.0
