[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAMo8Bf+Xv-r4cji=ueQgt0yK2SLJPSFNhzpG0ZX7Uo9b7qaMzQ@mail.gmail.com>
Date: Mon, 1 Sep 2025 02:20:36 -0700
From: Max Filippov <jcmvbkbc@...il.com>
To: Miaoqian Lin <linmq006@...il.com>
Cc: chris@...kel.net, thorsten.blum@...ux.dev, viro@...iv.linux.org.uk,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] xtensa: simdisk: add input size check in proc_write_simdisk
On Fri, Aug 29, 2025 at 1:30 AM Miaoqian Lin <linmq006@...il.com> wrote:
>
> A malicious user could pass an arbitrarily bad value
> to memdup_user_nul(), potentially causing kernel crash.
>
> This follows the same pattern as commit ee76746387f6
> ("netdevsim: prevent bad user input in nsim_dev_health_break_write()")
>
> Fixes: b6c7e873daf7 ("xtensa: ISS: add host file-based simulated disk")
> Fixes: 16e5c1fc3604 ("convert a bunch of open-coded instances of memdup_user_nul()")
> Cc: stable@...r.kernel.org
> Signed-off-by: Miaoqian Lin <linmq006@...il.com>
> ---
> arch/xtensa/platforms/iss/simdisk.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
Thanks. Applied to my xtensa tree.
-- Max
Powered by blists - more mailing lists