Commit ef9d965b authored by Christoph Hellwig's avatar Christoph Hellwig Committed by Al Viro

sysctl: reject gigantic reads/write to sysctl files

Instead of triggering a WARN_ON deep down in the page allocator just
give up early on allocations that are way larger than the usual sysctl
values.

Fixes: 32927393 ("sysctl: pass kernel pointers to ->proc_handler")
Reported-by: default avatarVegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 8c46fa96
...@@ -564,6 +564,10 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf, ...@@ -564,6 +564,10 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf,
if (!table->proc_handler) if (!table->proc_handler)
goto out; goto out;
/* don't even try if the size is too large */
if (count > KMALLOC_MAX_SIZE)
return -ENOMEM;
if (write) { if (write) {
kbuf = memdup_user_nul(ubuf, count); kbuf = memdup_user_nul(ubuf, count);
if (IS_ERR(kbuf)) { if (IS_ERR(kbuf)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment