archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 03:24:45 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/include
History
Deepanshu Kartikey a58383fa45 block: add allocation size check in blkdev_pr_read_keys() 
blkdev_pr_read_keys() takes num_keys from userspace and uses it to
calculate the allocation size for keys_info via struct_size(). While
there is a check for SIZE_MAX (integer overflow), there is no upper
bound validation on the allocation size itself.

A malicious or buggy userspace can pass a large num_keys value that
doesn't trigger overflow but still results in an excessive allocation
attempt, causing a warning in the page allocator when the order exceeds
MAX_PAGE_ORDER.

Fix this by introducing PR_KEYS_MAX to limit the number of keys to
a sane value. This makes the SIZE_MAX check redundant, so remove it.
Also switch to kvzalloc/kvfree to handle larger allocations gracefully.

Fixes: 22a1ffea5f ("block: add IOC_PR_READ_KEYS ioctl")
Tested-by: syzbot+660d079d90f8a1baf54d@syzkaller.appspotmail.com
Reported-by: syzbot+660d079d90f8a1baf54d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=660d079d90f8a1baf54d
Link: https://lore.kernel.org/all/20251212013510.3576091-1-kartikey406@gmail.com/T/ [v1]
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2025-12-17 07:35:22 -07:00
..
acpi Revert "ACPI: processor: idle: Optimize ACPI idle driver registration" 2025-11-25 16:08:06 +01:00
asm-generic bpf-next-6.19 2025-12-03 16:54:54 -08:00
clocksource
crypto This update includes the following changes: 2025-12-03 11:28:38 -08:00
cxl
drm drm/pcids: Split PTL pciids group to make wcl subplatform 2025-11-18 08:47:58 -05:00
dt-bindings
hyperv
keys keys: Annotate struct asymmetric_key_id with __counted_by 2025-10-31 17:43:56 +08:00
kunit
kvm KVM: arm64: Kill leftovers of ad-hoc timer userspace access 2025-10-13 14:42:41 +01:00
linux block: move around bio flagging helpers 2025-12-12 12:36:44 -07:00
math-emu
media
memory
misc
net bluetooth-next pull request for net-next: 2025-12-01 17:10:52 -08:00
pcmcia
ras
rdma
rv
scsi scsi: core: Fix the unit attention counter implementation 2025-10-21 21:09:36 -04:00
soc KEYS: trusted: caam based protected key 2025-10-20 12:10:28 +08:00
sound ASoC: tas2781: Support more newly-released amplifiers tas58xx in the driver 2025-10-13 11:08:09 +01:00
target
trace New features and improvements for the ext4 file system 2025-12-03 20:37:15 -08:00
uapi block: add allocation size check in blkdev_pr_read_keys() 2025-12-17 07:35:22 -07:00
ufs scsi: ufs: core: Add a quirk to suppress link_startup_again 2025-10-29 23:20:19 -04:00
vdso
video
xen
Kbuild