Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp815476ybx; Wed, 6 Nov 2019 08:49:59 -0800 (PST) X-Google-Smtp-Source: APXvYqys/xGRwvAHD2P6KFwMoN60APssPTq+ZifodbJ+sVbrIRrDlVYusHjt0pSjJ0yqf2Tb15Xr X-Received: by 2002:a05:6402:611:: with SMTP id n17mr3754773edv.143.1573058998991; Wed, 06 Nov 2019 08:49:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058998; cv=none; d=google.com; s=arc-20160816; b=gTtZHDAKEyNtD94/yOtnJedx95eZucvXsPfi2yFVuD6v2YnXfT/Tk7HF88I2R4/VJ0 9d44qLD3XPcGZsv7CxTCHznFOzUNAImVHheZL6MthMZrHOirlLCbRED8sQkueUgDuvYa aKDoJe6EApRzjryXtpoQiU3kVt+2i2Y0/wbTIqbd5rcRhitvSeqFZtOuuRYrqr1zqOzy Il0zBmtK/QAzByvB1A38voO9B5ktkR5yKA4gERbkqnitqiQiYo3UCJx7pBJSRuLDL+fe W3RijbKAzX745lVsViEGhoEqTUA3cR+GNQBEE+PPrq5+nbvbH9K8+EUfEDMavCoj6wCg ILIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=qsQf+1m23+jsDxNB5IS6XnKaQp9Ng9lV2UMQAWB4LKw=; b=m/OgpDzxZKY5GvcEeB0GFycgyMfAlfZiM6QFT4a7DiRvkyvZhFbDDWxCijgV2zmiqo FiTDJTFdZ2+DtxVdaC8dIq6JQ7Hvk1/II8BvETlgOnvO8gV36u4qtDu8gjj5G/pKfyNw PbodeodqxLV0mT6V+rFUnefiBm2zaC66PdFmvpBNsoo1V4kCajeVb8aNDZEqxdouT4vP /NdNGxotjjMe+FlFo2GJ+NE5/QmyJF24tJDiAbLq8duyAIwtAHCmXqlqxx3FZZu9oN8X eFrhI2Q2+W0OXXuzc1NTpUSBuLqzneJi2pgpxa57N3/fxNElwvY89L3bQ/buZLad7hnl HidQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=TDfF3VN9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id pw7si16218317ejb.157.2019.11.06.08.49.34; Wed, 06 Nov 2019 08:49:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=TDfF3VN9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732292AbfKFQsF (ORCPT + 99 others); Wed, 6 Nov 2019 11:48:05 -0500 Received: from mail-wr1-f68.google.com ([209.85.221.68]:36592 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727570AbfKFQsE (ORCPT ); Wed, 6 Nov 2019 11:48:04 -0500 Received: by mail-wr1-f68.google.com with SMTP id w18so26729755wrt.3 for ; Wed, 06 Nov 2019 08:48:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=qsQf+1m23+jsDxNB5IS6XnKaQp9Ng9lV2UMQAWB4LKw=; b=TDfF3VN9GaeQ/u0sLLvRvovI5BAhrbb/MI7b7LHt4gu3mjqLxSEwVXmdM5bBA4L5tQ g7XAIkJ7IQJfMDsIjivw9DRrqHmIoKbtWxjFhIrjhkqMI0UtiiE0xFVyLu6hxlA53eZG y674F5ysqw5/BF1d6i0Fu8yX3hTWMgSLluQXM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=qsQf+1m23+jsDxNB5IS6XnKaQp9Ng9lV2UMQAWB4LKw=; b=qQO3wbRP4auG7+2hjqYrVBo7lL/tUJw6FWiWlkMTCPRwyzvoIaGQCDfZyHnWKQPWN7 Kz00HI8u8hhC1AUcluGo5lRuaLrBDjc5m4Rb9NpyyAxLWTAMyI1fiEeXJuWo4OJyBYiw uSa+OkDZXFtKLooyfvgvR1LY1VnEAAbuzrya+Amu9/AdxrKEAH2pc5A4U9SkfFbX9cKD T/QlNuVLLfIdOPD2DXP3I8zold64lX+wIqevfd/ew7QaV9qowL/9G3s+upHYpkDvF1f1 o2tcClnXcukmey02pKHegihxA4sn6BrLlmepUfdUWsX7OYrMnY6sBI+VFc3HM+JwgPVp Z1Iw== X-Gm-Message-State: APjAAAUjafA16lhstLmUo5b3oqJdeYLkIcbdB0Aacbxy1Hns+exsMjLd LkuhYF7dgDhonlJd4rbiQfxUnA== X-Received: by 2002:a5d:678f:: with SMTP id v15mr2521944wru.242.1573058881709; Wed, 06 Nov 2019 08:48:01 -0800 (PST) Received: from phenom.ffwll.local (212-51-149-96.fiber7.init7.net. [212.51.149.96]) by smtp.gmail.com with ESMTPSA id p4sm16694187wrx.71.2019.11.06.08.48.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Nov 2019 08:48:01 -0800 (PST) From: Daniel Vetter To: DRI Development Cc: LKML , Daniel Vetter , syzbot+fb77e97ebf0612ee6914@syzkaller.appspotmail.com, Kees Cook , Alexander Viro , Andrew Morton , Stephen Rothwell , Daniel Vetter Subject: [PATCH] drm: Limit to INT_MAX in create_blob ioctl Date: Wed, 6 Nov 2019 17:47:55 +0100 Message-Id: <20191106164755.31478-1-daniel.vetter@ffwll.ch> X-Mailer: git-send-email 2.24.0.rc2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The hardened usercpy code is too paranoid ever since: commit 6a30afa8c1fbde5f10f9c584c2992aa3c7f7a8fe Author: Kees Cook Date: Wed Nov 6 16:07:01 2019 +1100 uaccess: disallow > INT_MAX copy sizes Code itself should have been fine as-is. Reported-by: syzbot+fb77e97ebf0612ee6914@syzkaller.appspotmail.com Fixes: 6a30afa8c1fb ("uaccess: disallow > INT_MAX copy sizes") Cc: Kees Cook Cc: Alexander Viro Cc: Andrew Morton Cc: Stephen Rothwell Signed-off-by: Daniel Vetter -- Kees/Andrew, Since this is -mm can I have a stable sha1 or something for referencing? Or do you want to include this in the -mm patch bomb for the merge window? -Daniel --- drivers/gpu/drm/drm_property.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c index 892ce636ef72..6ee04803c362 100644 --- a/drivers/gpu/drm/drm_property.c +++ b/drivers/gpu/drm/drm_property.c @@ -561,7 +561,7 @@ drm_property_create_blob(struct drm_device *dev, size_t length, struct drm_property_blob *blob; int ret; - if (!length || length > ULONG_MAX - sizeof(struct drm_property_blob)) + if (!length || length > INT_MAX - sizeof(struct drm_property_blob)) return ERR_PTR(-EINVAL); blob = kvzalloc(sizeof(struct drm_property_blob)+length, GFP_KERNEL); -- 2.24.0.rc2