Received: by 10.223.185.116 with SMTP id b49csp1057038wrg;
        Fri, 23 Feb 2018 11:07:21 -0800 (PST)
X-Google-Smtp-Source: AH8x224jqyGN/QdCRwnBrzoOaTfeaGLbN0GTnewR+dlNO2VHdDGc2iGdqdE/ARX1psPSHZdaOfT8
X-Received: by 10.98.160.90 with SMTP id r87mr2682483pfe.151.1519412841287;
        Fri, 23 Feb 2018 11:07:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519412841; cv=none;
        d=google.com; s=arc-20160816;
        b=uhX9aDSVm9n61KsBYf/eEUf5sAOTvKAK9Z1QtaH8ugSig0NOcNKeNzS5eUxC/XPZ4+
         A8vdoVx2TUChpSvdh0UU22AmVt+Oj9cqXQVJRjTbcrqauX9SJZkWnvUXMuZ2QmGTDZD2
         rM0RPFUnib8gkLCaQ2spw1MZMCYIu16X68svwySGTnmUehSkwUJnDPo7QuaxVnpt703G
         HvShsjzG32mJ6sZ/CAhgki+H27utlmvOPFGwJI4330smTyK1p1+YpSKPz51Q8Di4ICPq
         Re+0NnNIW98uJa6Z/fZsIiRvv7Wqj17dMEIUNtmTdUBnGRM9Jb8BAX5YDF2I7mQVSkc2
         w2OQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=PqKcFrXpHiWfqWkCffCAiul6zWSxwDPz9EwRyiO2/GI=;
        b=Iv8T8DohJqb8h3be6Jj5wAZ+oVjGz76nD6+4VgQb/gUuOwUxFMPp1giUWQ3wal74vr
         Nku7UNOUlvzYcCqKyOOSmiDK9o6qskj3e/kv8U6w6Gso7QNM+4HQOSsigA0JuN+uAxLl
         aU517Rh6MuiTU72RcdiXuiHLqoZm12zbH5in+jie3i1OD4V5H/05qxSG84eQA7L5nnzK
         +dsF63FVDftcRH/Bw8Zl4VCz/Aim7eLj+im4crt2Lv49S+FEmb4yKmvHG7ZmByoe17ty
         b2hMjzMulBCPvWWDcXAnb9jk/z8VO2wcy6sN2aTeWQL5H+1FdKvNBqqoXtowumD2lFT8
         HMYw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b2-v6si149180plz.81.2018.02.23.11.07.06;
        Fri, 23 Feb 2018 11:07:21 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S965453AbeBWS5k (ORCPT <rfc822;daisukeokaopensource@gmail.com>
        + 99 others); Fri, 23 Feb 2018 13:57:40 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:50262 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S965419AbeBWS5h (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Feb 2018 13:57:37 -0500
Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id D96E6EBD;
        Fri, 23 Feb 2018 18:57:36 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com,
        Jason Wang <jasowang@redhat.com>,
        "Michael S. Tsirkin" <mst@redhat.com>,
        "David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.15 02/45] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
Date:   Fri, 23 Feb 2018 19:28:41 +0100
Message-Id: <20180223170715.623064634@linuxfoundation.org>
X-Mailer: git-send-email 2.16.2
In-Reply-To: <20180223170715.197760019@linuxfoundation.org>
References: <20180223170715.197760019@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.15-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jason Wang <jasowang@redhat.com>

commit 6e6e41c3112276288ccaf80c70916779b84bb276 upstream.

To avoid slab to warn about exceeded size, fail early if queue
occupies more than KMALLOC_MAX_SIZE.

Reported-by: syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/ptr_ring.h |    2 ++
 1 file changed, 2 insertions(+)

--- a/include/linux/ptr_ring.h
+++ b/include/linux/ptr_ring.h
@@ -453,6 +453,8 @@ static inline int ptr_ring_consume_batch
 
 static inline void **__ptr_ring_init_queue_alloc(unsigned int size, gfp_t gfp)
 {
+	if (size * sizeof(void *) > KMALLOC_MAX_SIZE)
+		return NULL;
 	return kcalloc(size, sizeof(void *), gfp);
 }