mm: don't allow oversized kvmalloc() calls

'kvmalloc()' is a convenience function for people who want to do a kmalloc() but fall back on vmalloc() if there aren't enough physically contiguous pages, or if the allocation is larger than what kmalloc() supports. However, let's make sure it doesn't get _too_ easy to do crazy things with it. In particular, don't allow big allocations that could be due to integer overflow or underflow. So make sure the allocation size fits in an 'int', to protect against trivial integer conversion issues. Acked-by: Willy Tarreau <w@1wt.eu> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Linus Torvalds <torvalds@linux-foundation.org> 2021-07-14 09:45:49 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2021-09-02 09:47:01 -0700
commit: 7661809d493b426e979f39ab512e3adf41fbcc69 (patch)
tree: e6aefba9862580081aee2c8538676a4637d54d20 /mm/util.c
parent: 111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/mm/util.c b/mm/util.c
index db3091116b7c..499b6b5767ed 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -593,6 +593,10 @@ void *kvmalloc_node(size_t size, gfp_t flags, int node)
 	if (ret || size <= PAGE_SIZE)
 		return ret;
 
+	/* Don't even allow crazy sizes */
+	if (WARN_ON_ONCE(size > INT_MAX))
+		return NULL;
+
 	return __vmalloc_node(size, 1, flags, node,
 			__builtin_return_address(0));
 }
author	Linus Torvalds <torvalds@linux-foundation.org>	2021-07-14 09:45:49 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2021-09-02 09:47:01 -0700
commit	7661809d493b426e979f39ab512e3adf41fbcc69 (patch)
tree	e6aefba9862580081aee2c8538676a4637d54d20 /mm/util.c
parent	111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 (diff)