Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp739577lqd; Wed, 24 Apr 2024 15:55:09 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVPpOvrs18pXT+JfP869avAo4e/N2kUt8nR75Vk/evNmCi/hvtDaBR8PJ7szUJmpOX+el6YbGPMere3daRwiEfHKED1Udg/4JDzG/FAeg== X-Google-Smtp-Source: AGHT+IEK65AUBHYHmeiZGZlUrJc9TXYmFRcWPcsXMVyeXovb1mtNKZp+i21btFdkDoIcwpKk7YVS X-Received: by 2002:ac8:5a43:0:b0:43a:453d:1ff6 with SMTP id o3-20020ac85a43000000b0043a453d1ff6mr341024qta.9.1713999308873; Wed, 24 Apr 2024 15:55:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713999308; cv=pass; d=google.com; s=arc-20160816; b=hqybZ2SEwbmH6zfyX7Y1Ekt7UXXzqBCp2pjXZMXtR4VKwQfo94k8uJKTSPoSFLHkrw e5Zq42Q5F73Bm7GHC8E4wQlODyqh/7uCXeErhLXNFCAg0HPoB2KIlmmv2jNTGLUnF4uu UgzUwFdguqIZ99AlwjRVfBP6TKwj0dFG495f45gygteBDQSfI5L6VfZm4Y5UsyQZosHJ G3CcV3TfpsvzYVwc3jEB+QT64G2GLm04IyZXLf8xXQaM5JVAshpmejw4ssUuvfv8f6ch QTfwUGjqVz6tPLz1bI+jU9Fl7iZJZIvjDedeIX/qtwj0oli1S19vO7a9rUElx7UJ68SD 7XNg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=Fbnupmf5sC5cHjxw78S7V8xP62P+Monrj9W+p/bLWt8=; fh=cMQOMgVyRKTASoSL9rhUTfkUzP6uZcdGljnQrcJHWHA=; b=epyZk+hNlREShb94ocKDXJtMPTCTaGrTckCpIktt4gWxhOZjLZpbWDuYW9PfEL8i4G ht5UWijXL4SVWshSQ4ZAau+2aXTFiM6cQjwZQSxikHwOeWKz1Kft2t+/9UTWyvRYZnTt aj3Ied7hSjr9bkUdja5mbkpfm5ErBFXc8cbpT+Yf8l6O0eWk/JfAivSqgMQh8QucZVI7 UXynNi+iQLInDkzGXlrGPe2dTKN50FYHoCGEUfVPZEfG0w+wd0pP+X6PY3IERgX5vjDw q902QSk7aVswnQ09pSPru/srbD7jN70SrXGrY8CddAqvjT5jHErTf3mIqbI1BZFR3t/9 8EeQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=WBsmIf4y; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-157809-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157809-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id 13-20020ac8570d000000b0043689471632si16337703qtw.321.2024.04.24.15.55.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Apr 2024 15:55:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-157809-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=WBsmIf4y; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-157809-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157809-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 7E2BA1C242EE for ; Wed, 24 Apr 2024 22:55:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 41CB316EC1A; Wed, 24 Apr 2024 22:54:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="WBsmIf4y" Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 25E5D155A50; Wed, 24 Apr 2024 22:54:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.133 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713999293; cv=none; b=umIfA4pFS054D2q/d3SXcgrWTttWqJu6bLbGLjnNC+XrouA+ZurrDbqASRxvIMdNS/UkyuUuu+g1SJPtr6CGu4X9UB5lAqjevk5w1EByNMfk/g3IGeRmNuekGGhMV1Y26LjgxvvueZzaDNSd27erk94knceqfCTD9JKtz09O3Gg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713999293; c=relaxed/simple; bh=7ipSa9pxy7YATvV2EbSJiFp9LRQuJRKRYACV2RxwZeU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=b7cXgCezay9moxs55Qeo22W3P4x/Wm80TN7aqM4bQaugx9h0zWgjgltSF2yhbY7R/Nl2w7I9EZuzkarvcfkyqAX2t6gFZ5AK+tqxXvdDRLZ9UIeb0U1tAHdfZDK4kNeExyIUkEMU8mr1/WJmMf6vXq+Iuh7/YhnojwhR/w6tCjI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=WBsmIf4y; arc=none smtp.client-ip=198.137.202.133 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=Fbnupmf5sC5cHjxw78S7V8xP62P+Monrj9W+p/bLWt8=; b=WBsmIf4y1ShgaLYKjS/ikx9Qb+ HUcO/dwue3Iyq1bKfYVQxURMK63hgtQeNKz4QHqHvTG8vj2MC6+r2EOL7fq1UkxV5AIujgZnt1IHM 5bSim8cRGxp5i4/gNiS5lY8VXp+lQQa5AJlHQvWE/twn05T/xThQQYfKQz6kzw82Bn2bh8x6UQrYx YS3cCLbJLQpH04nia9S9HZ2HunQUON4CnhjBoyIBQXO6QUdoCo/qA3wCYPXWROsishZwyc3fRdEbD uR/ZohjwQAOIDJx8pKW0xw/9zXagvXruUROTskOziPe3d9Rg0JJB1c4NsT65E+FJDMsF26iCr1N1F oxz9DuzQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rzlVq-00000006HlV-0hva; Wed, 24 Apr 2024 22:54:50 +0000 From: Luis Chamberlain To: akpm@linux-foundation.org, ziy@nvidia.com, linux-mm@kvack.org Cc: fstests@vger.kernel.org, linux-xfs@vger.kernel.org, linux-kernel@vger.kernel.org, willy@infradead.org, hare@suse.de, john.g.garry@oracle.com, p.raghav@samsung.com, da.gomez@samsung.com, mcgrof@kernel.org Subject: [PATCH 1/2] mm/huge_memory: skip invalid debugfs file entry for folio split Date: Wed, 24 Apr 2024 15:54:48 -0700 Message-ID: <20240424225449.1498244-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240424225449.1498244-1-mcgrof@kernel.org> References: <20240424225449.1498244-1-mcgrof@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: Luis Chamberlain If the file entry is too long we may easily end up going out of bounds and crash after strsep() on sscanf(). To avoid this ensure we bound the string to an expected length before we use sscanf() on it. Signed-off-by: Luis Chamberlain --- mm/huge_memory.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 9e9879d2f501..8386d24a163e 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3623,6 +3623,7 @@ static ssize_t split_huge_pages_write(struct file *file, const char __user *buf, char file_path[MAX_INPUT_BUF_SZ]; pgoff_t off_start = 0, off_end = 0; size_t input_len = strlen(input_buf); + size_t max_left_over; tok = strsep(&buf, ","); if (tok) { @@ -3632,6 +3633,14 @@ static ssize_t split_huge_pages_write(struct file *file, const char __user *buf, goto out; } + max_left_over = MAX_INPUT_BUF_SZ - strlen(file_path); + if (!buf || + strnlen(buf, max_left_over) < 7 || + strnlen(buf, max_left_over) > max_left_over) { + ret = -EINVAL; + goto out; + } + ret = sscanf(buf, "0x%lx,0x%lx,%d", &off_start, &off_end, &new_order); if (ret != 2 && ret != 3) { ret = -EINVAL; -- 2.43.0