| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZqNMfL6JmgHCJwBv@tiehlicka>
Date: Fri, 26 Jul 2024 09:13:00 +0200
From: Michal Hocko <mhocko@...e.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: cgroups@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] memcg_write_event_control(): fix a user-triggerable oops
On Fri 26-07-24 09:06:59, Michal Hocko wrote:
> On Fri 26-07-24 06:43:57, Al Viro wrote:
> > We are *not* guaranteed that anything past the terminating NUL
> > is mapped (let alone initialized with anything sane).
> >
>
> Fixes: 0dea116876ee ("cgroup: implement eventfd-based generic API for notifications")
>
> > Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
>
> Acked-by: Michal Hocko <mhocko@...e.com>
Btw. this should be
Cc: stable
>
> > ---
> > diff --git a/mm/memcontrol-v1.c b/mm/memcontrol-v1.c
> > index 2aeea4d8bf8e..417c96f2da28 100644
> > --- a/mm/memcontrol-v1.c
> > +++ b/mm/memcontrol-v1.c
> > @@ -1842,9 +1842,12 @@ static ssize_t memcg_write_event_control(struct kernfs_open_file *of,
> > buf = endp + 1;
> >
> > cfd = simple_strtoul(buf, &endp, 10);
> > - if ((*endp != ' ') && (*endp != '\0'))
> > + if (*endp == '\0')
> > + buf = endp;
> > + else if (*endp == ' ')
> > + buf = endp + 1;
> > + else
> > return -EINVAL;
> > - buf = endp + 1;
> >
> > event = kzalloc(sizeof(*event), GFP_KERNEL);
> > if (!event)
>
> --
> Michal Hocko
> SUSE Labs
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists