| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180604103735.42781-1-nixiaoming@huawei.com>
Date: Mon, 4 Jun 2018 18:37:35 +0800
From: nixiaoming <nixiaoming@...wei.com>
To: <akpm@...ux-foundation.org>, <vdavydov.dev@...il.com>,
<hannes@...xchg.org>, <garsilva@...eddedor.com>,
<ktkhai@...tuozzo.com>, <stummala@...eaurora.org>
CC: <nixiaoming@...wei.com>, <linux-kernel@...r.kernel.org>,
<linux-mm@...ck.org>
Subject: [PATCH] mm: Add conditions to avoid out-of-bounds
In the function memcg_init_list_lru
if call goto fail when i == 0, will cause out-of-bounds at lru->node[i]
The same out-of-bounds access scenario exists in the functions
memcg_update_list_lru and __memcg_init_list_lru_node
Signed-off-by: nixiaoming <nixiaoming@...wei.com>
---
mm/list_lru.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/mm/list_lru.c b/mm/list_lru.c
index fcfb6c8..ec6bdd9 100644
--- a/mm/list_lru.c
+++ b/mm/list_lru.c
@@ -298,6 +298,9 @@ static void __memcg_destroy_list_lru_node(struct list_lru_memcg *memcg_lrus,
{
int i;
+ if (unlikely(begin >= end))
+ return;
+
for (i = begin; i < end; i++)
kfree(memcg_lrus->lru[i]);
}
@@ -422,6 +425,8 @@ static int memcg_init_list_lru(struct list_lru *lru, bool memcg_aware)
}
return 0;
fail:
+ if (unlikely(i == 0))
+ return -ENOMEM;
for (i = i - 1; i >= 0; i--) {
if (!lru->node[i].memcg_lrus)
continue;
@@ -456,6 +461,8 @@ static int memcg_update_list_lru(struct list_lru *lru,
}
return 0;
fail:
+ if (unlikely(i == 0))
+ return -ENOMEM;
for (i = i - 1; i >= 0; i--) {
if (!lru->node[i].memcg_lrus)
continue;
--
2.10.1
Powered by blists - more mailing lists