projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3ff82f0)
UPSTREAM: sched/psi: Fix OOB write when writing 0 bytes to PSI files
authorSuren Baghdasaryan <surenb@google.com>
Mon, 3 Feb 2020 21:22:16 +0000 (13:22 -0800)
committerSuren Baghdasaryan <surenb@google.com>
Fri, 28 Feb 2020 15:43:04 +0000 (07:43 -0800)
Issuing write() with count parameter set to 0 on any file under
/proc/pressure/ will cause an OOB write because of the access to
buf[buf_size-1] when NUL-termination is performed. Fix this by checking
for buf_size to be non-zero.

Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Link: https://lkml.kernel.org/r/20200203212216.7076-1-surenb@google.com
(cherry picked from commit 6fcca0fa48118e6d63733eb4644c6cd880c15b8f)

Bug: 148159562
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I9ec7acfc6e1083c677a95b0ea1c559ab50152873

kernel/sched/psi.c patch | blob | blame | history

diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c
index 5ed1027d75d6c3416b5287585591c216d86c740b..59d5371694e4c8fc8a0eb4a65562f45790613842 100644 (file)
--- a/kernel/sched/psi.c
+++ b/kernel/sched/psi.c
@@ -1192,6 +1192,9 @@ static ssize_t psi_write(struct file *file, const char __user *user_buf,
        if (static_branch_likely(&psi_disabled))
                return -EOPNOTSUPP;
 
+       if (!nbytes)
+               return -EINVAL;
+
        buf_size = min(nbytes, sizeof(buf));
        if (copy_from_user(buf, user_buf, buf_size))
                return -EFAULT;