Commit 7661809d authored by Linus Torvalds's avatar Linus Torvalds

mm: don't allow oversized kvmalloc() calls

'kvmalloc()' is a convenience function for people who want to do a
kmalloc() but fall back on vmalloc() if there aren't enough physically
contiguous pages, or if the allocation is larger than what kmalloc()
supports.

However, let's make sure it doesn't get _too_ easy to do crazy things
with it.  In particular, don't allow big allocations that could be due
to integer overflow or underflow.  So make sure the allocation size fits
in an 'int', to protect against trivial integer conversion issues.
Acked-by: default avatarWilly Tarreau <w@1wt.eu>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 111c1aa8
...@@ -593,6 +593,10 @@ void *kvmalloc_node(size_t size, gfp_t flags, int node) ...@@ -593,6 +593,10 @@ void *kvmalloc_node(size_t size, gfp_t flags, int node)
if (ret || size <= PAGE_SIZE) if (ret || size <= PAGE_SIZE)
return ret; return ret;
/* Don't even allow crazy sizes */
if (WARN_ON_ONCE(size > INT_MAX))
return NULL;
return __vmalloc_node(size, 1, flags, node, return __vmalloc_node(size, 1, flags, node,
__builtin_return_address(0)); __builtin_return_address(0));
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment