superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include
History
Deepanshu Kartikey a58383fa45 block: add allocation size check in blkdev_pr_read_keys() 
blkdev_pr_read_keys() takes num_keys from userspace and uses it to
calculate the allocation size for keys_info via struct_size(). While
there is a check for SIZE_MAX (integer overflow), there is no upper
bound validation on the allocation size itself.

A malicious or buggy userspace can pass a large num_keys value that
doesn't trigger overflow but still results in an excessive allocation
attempt, causing a warning in the page allocator when the order exceeds
MAX_PAGE_ORDER.

Fix this by introducing PR_KEYS_MAX to limit the number of keys to
a sane value. This makes the SIZE_MAX check redundant, so remove it.
Also switch to kvzalloc/kvfree to handle larger allocations gracefully.

Fixes: 22a1ffea5f ("block: add IOC_PR_READ_KEYS ioctl")
Tested-by: syzbot+660d079d90f8a1baf54d@syzkaller.appspotmail.com
Reported-by: syzbot+660d079d90f8a1baf54d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=660d079d90f8a1baf54d
Link: https://lore.kernel.org/all/20251212013510.3576091-1-kartikey406@gmail.com/T/ [v1]
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
 		2025-12-17 07:35:22 -07:00
..
acpi Revert "ACPI: processor: idle: Optimize ACPI idle driver registration" 2025-11-25 16:08:06 +01:00
asm-generic bpf-next-6.19 2025-12-03 16:54:54 -08:00
clocksource
crypto This update includes the following changes: 2025-12-03 11:28:38 -08:00
cxl
drm drm/pcids: Split PTL pciids group to make wcl subplatform 2025-11-18 08:47:58 -05:00
dt-bindings
hyperv
keys
kunit
kvm
linux block: move around bio flagging helpers 2025-12-12 12:36:44 -07:00
math-emu
media
memory
misc
net bluetooth-next pull request for net-next: 2025-12-01 17:10:52 -08:00
pcmcia
ras
rdma
rv
scsi
soc
sound
target
trace New features and improvements for the ext4 file system 2025-12-03 20:37:15 -08:00
uapi block: add allocation size check in blkdev_pr_read_keys() 2025-12-17 07:35:22 -07:00
ufs
vdso
video
xen
Kbuild