AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-21 17:20:56 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
53f6c858c4
linux_dsm_epyc7002/drivers/misc
History
Sabyrzhan Tasbolatov 53f6c858c4 drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue 
commit 2fd10bcf0310b9525b2af9e1f7aa9ddd87c3772e upstream.

syzbot found WARNING in qp_broker_alloc[1] in qp_host_alloc_queue()
when num_pages is 0x100001, giving queue_size + queue_page_size
bigger than KMALLOC_MAX_SIZE for kzalloc(), resulting order >= MAX_ORDER
condition.

queue_size + queue_page_size=0x8000d8, where KMALLOC_MAX_SIZE=0x400000.

[1]
Call Trace:
 alloc_pages include/linux/gfp.h:547 [inline]
 kmalloc_order+0x40/0x130 mm/slab_common.c:837
 kmalloc_order_trace+0x15/0x70 mm/slab_common.c:853
 kmalloc_large include/linux/slab.h:481 [inline]
 __kmalloc+0x257/0x330 mm/slub.c:3959
 kmalloc include/linux/slab.h:557 [inline]
 kzalloc include/linux/slab.h:682 [inline]
 qp_host_alloc_queue drivers/misc/vmw_vmci/vmci_queue_pair.c:540 [inline]
 qp_broker_create drivers/misc/vmw_vmci/vmci_queue_pair.c:1351 [inline]
 qp_broker_alloc+0x936/0x2740 drivers/misc/vmw_vmci/vmci_queue_pair.c:1739

Reported-by: syzbot+15ec7391f3d6a1a7cc7d@syzkaller.appspotmail.com
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
Link: https://lore.kernel.org/r/20210209102612.2112247-1-snovitoll@gmail.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-03-04 11:38:32 +01:00
..
altera-stapl
c2port misc: c2port: core: Ensure source size does not equal destination size in strncpy() 2020-06-29 18:45:52 +02:00
cardreader misc: rtsx: init of rts522a add OCP power off when no card is present 2021-03-04 11:38:32 +01:00
cb710 misc: cb710: sgbuf2: Add missing documentation for cb710_sg_dwiter_write_next_block()'s 'data' arg 2020-06-29 18:45:53 +02:00
cxl cxl: Rework error message for incompatible slots 2020-08-25 01:31:32 +10:00
echo char: Replace HTTP links with HTTPS ones 2020-07-23 09:44:15 +02:00
eeprom misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users 2021-03-04 11:38:11 +01:00
genwqe pci-v5.9-changes 2020-08-07 18:48:15 -07:00
habanalabs habanalabs: disable FW events on device removal 2021-02-07 15:37:17 +01:00
ibmasm misc: ibmasm: dot_command: Demote function headers from kerneldoc 2020-07-01 15:08:03 +02:00
lis3lv02d
lkdtm lkdtm: don't move ctors to .rodata 2021-02-17 11:02:24 +01:00
mei mei: hbm: call mei_set_devstate() on hbm stop response 2021-03-04 11:38:12 +01:00
ocxl powerpc updates for 5.10 2020-10-16 12:21:15 -07:00
sgi-gru x86/platform/uv: Update Copyrights to conform to HPE standards 2020-10-07 09:10:07 +02:00
sgi-xp x86/platform/uv: Update Copyrights to conform to HPE standards 2020-10-07 09:10:07 +02:00
ti-st misc: ti-st: st_kim: Tidy-up bespoke commentry 2020-06-29 18:45:52 +02:00
uacce Char/Misc driver patches for 5.10-rc1 2020-10-15 10:01:51 -07:00
vmw_vmci drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue 2021-03-04 11:38:32 +01:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c docs: misc-devices/pci-endpoint-test.txt: convert to ReST 2020-06-19 14:05:49 -06:00
ad525x_dpot.h
apds990x.c
apds9802als.c
atmel_tclib.c
atmel-ssc.c misc: atmel-ssc: lock with mutex instead of spinlock 2020-06-29 19:10:51 +02:00
bh1770glc.c
cs5535-mfgpt.c
ds1682.c
dummy-irq.c
enclosure.c misc: enclosure: Update enclosure_remove_device() documentation to match reality 2020-07-01 15:05:37 +02:00
fastrpc.c misc: fastrpc: fix incorrect usage of dma_map_sgtable 2021-03-04 11:38:14 +01:00
hisi_hikey_usb.c misc: hisi_hikey_usb: delete a stray tab 2020-09-22 18:54:00 +02:00
hmc6352.c
hpilo.c misc: hpilo: avoid a useless memset 2020-07-23 12:56:49 +02:00
hpilo.h hpilo: Replace one-element array with flexible-array member 2020-07-14 18:21:25 +02:00
ibmvmc.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
ibmvmc.h
ics932s401.c
isl29003.c
isl29020.c
Kconfig misc: mic: remove the MIC drivers 2020-10-28 19:12:03 +01:00
kgdbts.c kgdbts: switch to kernel_clone() 2020-08-20 13:12:59 +02:00
lattice-ecp3-config.c misc: lattice-ecp3-config: Remove set but clearly unused variable 'ret' 2020-07-01 15:05:37 +02:00
Makefile misc: mic: remove the MIC drivers 2020-10-28 19:12:03 +01:00
pch_phub.c misc: pch_phub: Remove superfluous descriptions to non-existent args 'offset_address' 2020-07-01 15:05:37 +02:00
pci_endpoint_test.c misc: pci_endpoint_test: fix return value of error branch 2020-12-30 11:53:45 +01:00
phantom.c misc/phantom.c: use generic power management 2020-06-29 18:43:42 +02:00
pti.c misc: pti: Remove unparsable empty line in function header 2020-07-01 15:05:36 +02:00
pvpanic.c misc: pvpanic: Use devm_platform_ioremap_resource() 2020-09-22 18:53:30 +02:00
qcom-coincell.c
sram-exec.c char: Replace HTTP links with HTTPS ones 2020-07-23 09:44:15 +02:00
sram.c
sram.h
tifm_7xx1.c misc/tifm_7xx1.c: use generic power management 2020-06-29 18:43:42 +02:00
tifm_core.c
tsl2550.c
vmw_balloon.c
xilinx_sdfec.c misc: xilinx-sdfec: convert get_user_pages() --> pin_user_pages() 2020-05-27 11:09:26 +02:00