From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Jamie Hill-Daniel <jamie@hill-daniel.co.uk>,
William Liu <willsroot@protonmail.com>,
Salvatore Bonaccorso <carnil@debian.org>,
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 5.15 05/28] vfs: fs_context: fix up param length parsing in legacy_parse_param
Date: Tue, 18 Jan 2022 17:05:51 +0100 [thread overview]
Message-ID: <20220118160452.056787467@linuxfoundation.org> (raw)
In-Reply-To: <20220118160451.879092022@linuxfoundation.org>
From: Jamie Hill-Daniel <jamie@hill-daniel.co.uk>
commit 722d94847de29310e8aa03fcbdb41fc92c521756 upstream.
The "PAGE_SIZE - 2 - size" calculation in legacy_parse_param() is an
unsigned type so a large value of "size" results in a high positive
value instead of a negative value as expected. Fix this by getting rid
of the subtraction.
Signed-off-by: Jamie Hill-Daniel <jamie@hill-daniel.co.uk>
Signed-off-by: William Liu <willsroot@protonmail.com>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Tested-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fs_context.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/fs_context.c
+++ b/fs/fs_context.c
@@ -548,7 +548,7 @@ static int legacy_parse_param(struct fs_
param->key);
}
- if (len > PAGE_SIZE - 2 - size)
+ if (size + len + 2 > PAGE_SIZE)
return invalf(fc, "VFS: Legacy: Cumulative options too large");
if (strchr(param->key, ',') ||
(param->type == fs_value_is_string &&
next prev parent reply other threads:[~2022-01-18 16:10 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 16:05 [PATCH 5.15 00/28] 5.15.16-rc1 review Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 01/28] devtmpfs regression fix: reconfigure on each mount Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 02/28] drm/amd/display: explicitly set is_dsc_supported to false before use Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 03/28] orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 04/28] remoteproc: qcom: pil_info: Dont memcpy_toio more than is provided Greg Kroah-Hartman
2022-01-18 16:05 ` Greg Kroah-Hartman [this message]
2022-01-18 16:05 ` [PATCH 5.15 06/28] perf: Protect perf_guest_cbs with RCU Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 07/28] KVM: x86: Register perf callbacks after calling vendors hardware_setup() Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 08/28] KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 09/28] KVM: x86: dont print when fail to read/write pv eoi memory Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 10/28] KVM: s390: Clarify SIGP orders versus STOP/RESTART Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 11/28] remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 12/28] 9p: only copy valid iattrs in 9P2000.L setattr implementation Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 13/28] video: vga16fb: Only probe for EGA and VGA 16 color graphic cards Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 14/28] media: uvcvideo: fix division by zero at stream start Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 15/28] rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 16/28] firmware: qemu_fw_cfg: fix sysfs information leak Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 17/28] firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 18/28] firmware: qemu_fw_cfg: fix kobject leak in probe error path Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 19/28] perf annotate: Avoid TUI crash when navigating in the annotation of recursive functions Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 20/28] KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 21/28] ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 22/28] ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP laptop Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 23/28] ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 24/28] ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 25/28] ALSA: hda/tegra: Fix Tegra194 HDA reset failure Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 26/28] ALSA: hda/realtek: Add quirk for Legion Y9000X 2020 Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 27/28] ALSA: hda/realtek: Re-order quirk entries for Lenovo Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 28/28] mtd: fixup CFI on ixp4xx Greg Kroah-Hartman
2022-01-18 19:39 ` [PATCH 5.15 00/28] 5.15.16-rc1 review Florian Fainelli
2022-01-18 22:22 ` Shuah Khan
2022-01-19 2:16 ` Ron Economos
2022-01-19 10:21 ` Naresh Kamboju
2022-01-20 1:48 ` Guenter Roeck
2022-01-22 0:29 ` Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220118160452.056787467@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=carnil@debian.org \
--cc=cascardo@canonical.com \
--cc=dan.carpenter@oracle.com \
--cc=jamie@hill-daniel.co.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=willsroot@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).