From patchwork Wed Apr 24 22:54:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13642593 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDDE6C4345F for ; Wed, 24 Apr 2024 22:54:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A35386B008C; Wed, 24 Apr 2024 18:54:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9E62B6B0092; Wed, 24 Apr 2024 18:54:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8AF8E6B0093; Wed, 24 Apr 2024 18:54:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 691D56B008C for ; Wed, 24 Apr 2024 18:54:55 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 252271C17C9 for ; Wed, 24 Apr 2024 22:54:55 +0000 (UTC) X-FDA: 82045932150.05.2F2CD26 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) by imf19.hostedemail.com (Postfix) with ESMTP id 892BB1A000C for ; Wed, 24 Apr 2024 22:54:53 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=WBsmIf4y; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=none (imf19.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713999293; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Fbnupmf5sC5cHjxw78S7V8xP62P+Monrj9W+p/bLWt8=; b=espwqp73K+eW9eJtrTOCGgP8K2Wp+OwHH5XZd5ZyQYhYWaK+rfznfmHKTYz1ZMgoFir5mq yzwBZghMoonSvdW/rFzbtI4eKbqX/uarwy8NltfhV+V1Ocp3HorGZzXlIOcOWHpuomGOme /GuoSxhTfs21VnP0YTFuKAUdpwjnngU= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=WBsmIf4y; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=none (imf19.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713999293; a=rsa-sha256; cv=none; b=iiB281Hyev/1hrfincgadlTgqVNSObey+BNEO+L/nFH47EvfV70C+g+Y3Pzh03c1gSFLQS Iwz6y0aBj/1CuYWePqRq2K0BI1mFgfRaOe08BZufKoHth6PttvobCD76QIa3v7Voii3MVV XO9Q0lRAOOyAW5Ca3+t5X/kpfm0i6RE= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=Fbnupmf5sC5cHjxw78S7V8xP62P+Monrj9W+p/bLWt8=; b=WBsmIf4y1ShgaLYKjS/ikx9Qb+ HUcO/dwue3Iyq1bKfYVQxURMK63hgtQeNKz4QHqHvTG8vj2MC6+r2EOL7fq1UkxV5AIujgZnt1IHM 5bSim8cRGxp5i4/gNiS5lY8VXp+lQQa5AJlHQvWE/twn05T/xThQQYfKQz6kzw82Bn2bh8x6UQrYx YS3cCLbJLQpH04nia9S9HZ2HunQUON4CnhjBoyIBQXO6QUdoCo/qA3wCYPXWROsishZwyc3fRdEbD uR/ZohjwQAOIDJx8pKW0xw/9zXagvXruUROTskOziPe3d9Rg0JJB1c4NsT65E+FJDMsF26iCr1N1F oxz9DuzQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rzlVq-00000006HlV-0hva; Wed, 24 Apr 2024 22:54:50 +0000 From: Luis Chamberlain To: akpm@linux-foundation.org, ziy@nvidia.com, linux-mm@kvack.org Cc: fstests@vger.kernel.org, linux-xfs@vger.kernel.org, linux-kernel@vger.kernel.org, willy@infradead.org, hare@suse.de, john.g.garry@oracle.com, p.raghav@samsung.com, da.gomez@samsung.com, mcgrof@kernel.org Subject: [PATCH 1/2] mm/huge_memory: skip invalid debugfs file entry for folio split Date: Wed, 24 Apr 2024 15:54:48 -0700 Message-ID: <20240424225449.1498244-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240424225449.1498244-1-mcgrof@kernel.org> References: <20240424225449.1498244-1-mcgrof@kernel.org> MIME-Version: 1.0 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 892BB1A000C X-Rspam-User: X-Stat-Signature: 8bkybyar6fhmor1woomd3ymh1k58ftr5 X-HE-Tag: 1713999293-223266 X-HE-Meta: U2FsdGVkX1/dDDTiE9e4RCoEwSF1KxMcbDehJSZBRJgGiaq7HllYMRJiUwJPNRMFgDgoLTSNRFYGBsJAXWCxkyOjgpgOGMxasInLnMB9tvtj+h1VgabLcc42wygt4O8bp3AAPe5qTzK5t/348BPfk5b8j00t2EpIEzGLZXZ2nGNA9KkWjcw10EsjHNTb8M4kAuKJY4Q2Xv0wDutZ5Pir6p2P1BSZN9mVi798VDOsUOcJJ8vEfgt3Rz8JKNu9y6dHux2GOn0bUmXkjPAf6Hv3k/lSCA70sf5E3VZNQ2zULUP+RsDRc+32IMupcJgLdfCdjOKdPMtgD3rtKYAx5NNCEbzIb0wtMlJIixtMDAmOlUxA9x66YQoS77+mFow++mlbV7l9uE4QE1UzA1q7482qImjYMbf7v5ZfcDrkgEiLdjxRIVzZiFR0JunK7cMHoip82506Lq+xSL9OKdZa0nei94q5MIzRMB9H6ASAeZcK//WYI1Svl/sk8G9RMoq9lyThXPYgtK2a8dqois1H31KSfCNdqhq8W5+XmuGfmOfB44mK3Bd+kN9iwR0vJ6OFwgs4H0/xEt+9r4bmCnYHPlVWoZ4VWiMZTQESdBBzAS+S/6VUqvC0ZU6gvPdiGgaceQ+NyDx7zpS0cefqMZYF9qRUb+C47bP5TasINdz7Hpe+hBxZKOCafFe5S3pBhWOpTSML2StRBlZRoN7uYb+n4DTHdR3hjtcFcaCg/C7TqF95mmhI0FQpRMXlqq302gXLTGYMv/ju/ApQrVanLLN1K2ezuzdhKjZ/6tj4+Moh0gofnnRFQ8AgQ//HHNlB0c3w7awrBDK0ndNNQmwVZ0YFWRug6khpcSkfZnmfNOKXhK8v2FthnAWRofBOB8XZudcK/I1cEtZ8Stp7v23/k3PG7R5cO3K1OkSWD0YP3d1gOEtiuDVQKPFeRazoMLJ7pz2uYJv9B7hb8hQsWokBd21DfPG 76Y/R8Ri mDdHyZrrpUGkJuDA9/bzK9r/ZkwyudW93An3kOvJ981MDkP3CFKpslYWrXkWU+IC70WOX1p3/gZW4YTKyCRKn2AIRpUXzC75Nux0Vo25Zw9zXK+TKry6X52eoATdwTJZXrrtv28Ewpjfg4VY/VNU+OO35L/V22NJVyfNVESG1tlp/EDlqvfi90NSuUMKW6ulZkahQI5Pi2JMWJygwZgM4fIph3ujU5Sqs5yb7l631bc1ZlJ0WZzVxH1ueRlfHkQOEJJuPngY6OZZJadkVm9XUK6aQV8Rtd5GLu4/+YibkacgzP9+ooWgwv4DwYoUZuP8/9lCLJ/9VxwWedvSszNZuBLKIgfAXvvsfY6jhVUJ1t2LASxDeN50RRUtiVg/O6acBwuG6thOdtSErSbdmrfy/9C7JPO0gad4Io5uEkdcMu/rfnfOP43NCD9ZQBZzpZ8cYkVvF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: If the file entry is too long we may easily end up going out of bounds and crash after strsep() on sscanf(). To avoid this ensure we bound the string to an expected length before we use sscanf() on it. Signed-off-by: Luis Chamberlain --- mm/huge_memory.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 9e9879d2f501..8386d24a163e 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3623,6 +3623,7 @@ static ssize_t split_huge_pages_write(struct file *file, const char __user *buf, char file_path[MAX_INPUT_BUF_SZ]; pgoff_t off_start = 0, off_end = 0; size_t input_len = strlen(input_buf); + size_t max_left_over; tok = strsep(&buf, ","); if (tok) { @@ -3632,6 +3633,14 @@ static ssize_t split_huge_pages_write(struct file *file, const char __user *buf, goto out; } + max_left_over = MAX_INPUT_BUF_SZ - strlen(file_path); + if (!buf || + strnlen(buf, max_left_over) < 7 || + strnlen(buf, max_left_over) > max_left_over) { + ret = -EINVAL; + goto out; + } + ret = sscanf(buf, "0x%lx,0x%lx,%d", &off_start, &off_end, &new_order); if (ret != 2 && ret != 3) { ret = -EINVAL;