[PATCH -next] ALSA: Fix oversized kvmalloc() calls
Takashi Iwai
tiwai at suse.de
Tue Nov 30 12:39:27 CET 2021
On Tue, 30 Nov 2021 12:16:18 +0100,
Bixuan Cui wrote:
>
> The commit 7661809d493b ("mm: don't allow oversized kvmalloc()
> calls") limits the max allocatable memory via kvzalloc() to MAX_INT.
>
> Reported-by: syzbot+bb348e9f9a954d42746f at syzkaller.appspotmail.com
> Signed-off-by: Bixuan Cui <cuibixuan at linux.alibaba.com>
We should check the allocation size a lot earlier than here.
IOW, such a big size shouldn't have been passed to this function but
it should have been handled as an error in the caller side
(snd_pcm_oss_change_params*()).
Could you give the reproducer?
thanks,
Takashi
> ---
> sound/core/oss/pcm_plugin.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/sound/core/oss/pcm_plugin.c b/sound/core/oss/pcm_plugin.c
> index 061ba06..61fccb5 100644
> --- a/sound/core/oss/pcm_plugin.c
> +++ b/sound/core/oss/pcm_plugin.c
> @@ -68,6 +68,10 @@ static int snd_pcm_plugin_alloc(struct snd_pcm_plugin *plugin, snd_pcm_uframes_t
> size /= 8;
> if (plugin->buf_frames < frames) {
> kvfree(plugin->buf);
> +
> + if (size > INT_MAX)
> + return -ENOMEM;
> +
> plugin->buf = kvzalloc(size, GFP_KERNEL);
> plugin->buf_frames = frames;
> }
> --
> 1.8.3.1
>
More information about the Alsa-devel
mailing list