Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp4342270pxu; Mon, 12 Oct 2020 16:53:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyAkXCeYAfBlJjCaFYtX3tLZ7CoYYVnrJyNLlWjopnep7ecOaTjCUk3iYX8gKoSwvNA0NrR X-Received: by 2002:a17:906:bce5:: with SMTP id op5mr32312167ejb.500.1602546817520; Mon, 12 Oct 2020 16:53:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602546817; cv=none; d=google.com; s=arc-20160816; b=JgggY3NIfEcBFJ4Nu298kxMKxuGFlpUfJm41vB18GcC73WSZHhspq698mEpG4D6n9u N1lbFQZ3nCgnOGekiMXzeidHjJ/tpNs6DblUgAJo4Zv3Z1P4zzaQbUULHPHlH9D8vFY/ iQaNk8v7yC4ohsGLsnsKwxkXFOpm7rE4W2jp4GTo7iFAkI+kbZdrlfizk6Je8PDeTuZx IB/lJplszjoN5ZRgH9jkjjCmO7hqlXHuWgK4V7ndZiU8UK8Iaq8x4wMwERmY4PNdUiSa tYMs8vqYWZHa0Aloj6Y0MmcoC374uei5fVQnxFm/XIpPmPIiQQqTAkFLH1+BQBTRUqgM L9lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=aEhTxIDcnws3t+/1MTMYzY7WCPnHtEbkSEEs/06y3PU=; b=ilUke0vl2XET/zP7n0SicJXMwFXD2RSF8tqDGLPbA9hM7zVAEXynecCcAuPbFVN/9M 0NiYCKRJuxephdrZ1CEe/X78IWvpDrCTW3Kt5r6izUQw/5UYu8dsK8iRqrjEAfDZBtoL OjFlH2v+HdRrRLXoC1nKxY1504v10XRof/gpLEnOe79tc3jePjkPdjzgbdZyUKkFFpzE hyAX9wJgBWufAAtg9Hoj8jfEiBkEc2S62A2Da+RFFWsKvZLn0vnZ1v9cGvX9A1fBND7q KBk9Famn15B79NW2kFPBsIWWvHYoTjAvr9tSHDfxdS5MGo+QLTsGOENXDuBHlw0WEq18 pi7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="oUxYcE/v"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l19si12921251ejz.222.2020.10.12.16.53.14; Mon, 12 Oct 2020 16:53:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="oUxYcE/v"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389868AbgJLNtV (ORCPT + 99 others); Mon, 12 Oct 2020 09:49:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:53874 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731930AbgJLNsV (ORCPT ); Mon, 12 Oct 2020 09:48:21 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1F21F2065C; Mon, 12 Oct 2020 13:48:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1602510500; bh=nkughcisM3Tew1sDWfUS+ImMOVIfJ4vGc+Frw2AFkWQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oUxYcE/vxN0DpyWO3WwyRXaoWzeR55VZx9K0M1zzcb3pYezjvjBVjPSbRjCKJcJSv RH2Jlnppu62/sCyRTm2BE55II0Y+hgIVgzJiSoC11qzvCpTj9JkXG+lJfFexNHf+RD II5xKIbquLE6/ndX3o90hQLGuIdTlLSIQxDES/L4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alexey Kardashevskiy Subject: [PATCH 5.8 119/124] tty/vt: Do not warn when huge selection requested Date: Mon, 12 Oct 2020 15:32:03 +0200 Message-Id: <20201012133152.609765516@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201012133146.834528783@linuxfoundation.org> References: <20201012133146.834528783@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alexey Kardashevskiy commit 44c413d9a51752056d606bf6f312003ac1740fab upstream. The tty TIOCL_SETSEL ioctl allocates a memory buffer big enough for text selection area. The maximum allowed console size is VC_RESIZE_MAXCOL * VC_RESIZE_MAXROW == 32767*32767 == ~1GB and typical MAX_ORDER is set to allow allocations lot less than than (circa 16MB). So it is quite possible to trigger huge allocation (and syzkaller just did that) which is going to fail (which is fine) with a backtrace in mm/page_alloc.c at WARN_ON_ONCE(!(gfp_mask & __GFP_NOWARN)) and this may trigger panic (if panic_on_warn is enabled) and leak kernel addresses to dmesg. This passes __GFP_NOWARN to kmalloc_array to avoid unnecessary user- triggered WARN_ON. Note that the error is not ignored and the warning is still printed. Signed-off-by: Alexey Kardashevskiy Link: https://lore.kernel.org/r/20200617070444.116704-1-aik@ozlabs.ru Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/selection.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/tty/vt/selection.c +++ b/drivers/tty/vt/selection.c @@ -193,7 +193,7 @@ static int vc_selection_store_chars(stru /* Allocate a new buffer before freeing the old one ... */ /* chars can take up to 4 bytes with unicode */ bp = kmalloc_array((vc_sel.end - vc_sel.start) / 2 + 1, unicode ? 4 : 1, - GFP_KERNEL); + GFP_KERNEL | __GFP_NOWARN); if (!bp) { printk(KERN_WARNING "selection: kmalloc() failed\n"); clear_selection();