From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:42940 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751359AbcKOQma (ORCPT
        <rfc822;stable@vger.kernel.org>); Tue, 15 Nov 2016 11:42:30 -0500
Subject: Patch "ALSA: info: Limit the proc text input size" has been added to the 4.4-stable tree
To: tiwai@suse.de, gregkh@linuxfoundation.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Tue, 15 Nov 2016 17:42:41 +0100
Message-ID: <14792281617945@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    ALSA: info: Limit the proc text input size

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     alsa-info-limit-the-proc-text-input-size.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From 027a9fe6835620422b6713892175716f3613dd9d Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Sun, 30 Oct 2016 22:18:45 +0100
Subject: ALSA: info: Limit the proc text input size

From: Takashi Iwai <tiwai@suse.de>

commit 027a9fe6835620422b6713892175716f3613dd9d upstream.

The ALSA proc handler allows currently the write in the unlimited size
until kmalloc() fails.  But basically the write is supposed to be only
for small inputs, mostly for one line inputs, and we don't have to
handle too large sizes at all.  Since the kmalloc error results in the
kernel warning, it's better to limit the size beforehand.

This patch adds the limit of 16kB, which must be large enough for the
currently existing code.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/core/info.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/sound/core/info.c
+++ b/sound/core/info.c
@@ -331,6 +331,9 @@ static ssize_t snd_info_text_entry_write
 	if (!valid_pos(pos, count))
 		return -EIO;
 	next = pos + count;
+	/* don't handle too large text inputs */
+	if (next > 16 * 1024)
+		return -EIO;
 	mutex_lock(&entry->access);
 	buf = data->wbuffer;
 	if (!buf) {


Patches currently in stable-queue which might be from tiwai@suse.de are

queue-4.4/alsa-info-limit-the-proc-text-input-size.patch
queue-4.4/alsa-info-return-error-for-invalid-read-write.patch