| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZqNLEc54NVP40Kpn@tiehlicka>
Date: Fri, 26 Jul 2024 09:06:57 +0200
From: Michal Hocko <mhocko@...e.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: cgroups@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] memcg_write_event_control(): fix a user-triggerable oops
On Fri 26-07-24 06:43:57, Al Viro wrote:
> We are *not* guaranteed that anything past the terminating NUL
> is mapped (let alone initialized with anything sane).
>
Fixes: 0dea116876ee ("cgroup: implement eventfd-based generic API for notifications")
> Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
Acked-by: Michal Hocko <mhocko@...e.com>
> ---
> diff --git a/mm/memcontrol-v1.c b/mm/memcontrol-v1.c
> index 2aeea4d8bf8e..417c96f2da28 100644
> --- a/mm/memcontrol-v1.c
> +++ b/mm/memcontrol-v1.c
> @@ -1842,9 +1842,12 @@ static ssize_t memcg_write_event_control(struct kernfs_open_file *of,
> buf = endp + 1;
>
> cfd = simple_strtoul(buf, &endp, 10);
> - if ((*endp != ' ') && (*endp != '\0'))
> + if (*endp == '\0')
> + buf = endp;
> + else if (*endp == ' ')
> + buf = endp + 1;
> + else
> return -EINVAL;
> - buf = endp + 1;
>
> event = kzalloc(sizeof(*event), GFP_KERNEL);
> if (!event)
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists