On Tue, 30 Nov 2021 12:16:18 +0100, Bixuan Cui wrote:
The commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") limits the max allocatable memory via kvzalloc() to MAX_INT.
Reported-by: syzbot+bb348e9f9a954d42746f@syzkaller.appspotmail.com Signed-off-by: Bixuan Cui cuibixuan@linux.alibaba.com
We should check the allocation size a lot earlier than here. IOW, such a big size shouldn't have been passed to this function but it should have been handled as an error in the caller side (snd_pcm_oss_change_params*()).
Could you give the reproducer?
thanks,
Takashi
sound/core/oss/pcm_plugin.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/sound/core/oss/pcm_plugin.c b/sound/core/oss/pcm_plugin.c index 061ba06..61fccb5 100644 --- a/sound/core/oss/pcm_plugin.c +++ b/sound/core/oss/pcm_plugin.c @@ -68,6 +68,10 @@ static int snd_pcm_plugin_alloc(struct snd_pcm_plugin *plugin, snd_pcm_uframes_t size /= 8; if (plugin->buf_frames < frames) { kvfree(plugin->buf);
if (size > INT_MAX)return -ENOMEM;- plugin->buf = kvzalloc(size, GFP_KERNEL); plugin->buf_frames = frames; }
-- 1.8.3.1