The commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") limits the max allocatable memory via kvzalloc() to MAX_INT.
Reported-by: syzbot+bb348e9f9a954d42746f@syzkaller.appspotmail.com Signed-off-by: Bixuan Cui cuibixuan@linux.alibaba.com --- sound/core/oss/pcm_plugin.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/sound/core/oss/pcm_plugin.c b/sound/core/oss/pcm_plugin.c index 061ba06..61fccb5 100644 --- a/sound/core/oss/pcm_plugin.c +++ b/sound/core/oss/pcm_plugin.c @@ -68,6 +68,10 @@ static int snd_pcm_plugin_alloc(struct snd_pcm_plugin *plugin, snd_pcm_uframes_t size /= 8; if (plugin->buf_frames < frames) { kvfree(plugin->buf); + + if (size > INT_MAX) + return -ENOMEM; + plugin->buf = kvzalloc(size, GFP_KERNEL); plugin->buf_frames = frames; }