summaryrefslogtreecommitdiffstats
path: root/sound/pcmcia/pdaudiocf
diff options
context:
space:
mode:
authorDarrick J. Wong <darrick.wong@oracle.com>2016-09-15 05:20:44 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2016-09-15 22:29:52 +0200
commitb71dbf1032f546bf3efd60fb5d9d0cefd200a508 (patch)
tree6b09fe48b1c87c94f8274be6e834dc6abada6c63 /sound/pcmcia/pdaudiocf
parentvfs: fix return type of ioctl_file_dedupe_range (diff)
downloadlinux-b71dbf1032f546bf3efd60fb5d9d0cefd200a508.tar.xz
linux-b71dbf1032f546bf3efd60fb5d9d0cefd200a508.zip
vfs: cap dedupe request structure size at PAGE_SIZE
Kirill A Shutemov reports that the kernel doesn't try to cap dest_count in any way, and uses the number to allocate kernel memory. This causes high order allocation warnings in the kernel log if someone passes in a big enough value. We should clamp the allocation at PAGE_SIZE to avoid stressing the VM. The two existing users of the dedupe ioctl never send more than 120 requests, so we can safely clamp dest_range at PAGE_SIZE, because with 4k pages we can handle up to 127 dedupe candidates. Given the max extent length of 16MB, we can end up doing 2GB of IO which is plenty. [ Note: the "offsetof()" can't overflow, because 'count' is just a 16-bit integer. That's not obvious in the limited context of the patch, so I'm noting it here because it made me go look. - Linus ] Reported-by: "Kirill A. Shutemov" <kirill@shutemov.name> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'sound/pcmcia/pdaudiocf')
0 files changed, 0 insertions, 0 deletions