Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 9fb582b67072bea6cbfe1aefc2be13c62c7681bf
commit9fb582b67072bea6cbfe1aefc2be13c62c7681bf[log] [tgz]
authorMichael S. Tsirkin <mst@redhat.com>Fri Jan 26 01:36:35 2018 +0200
committerDavid S. Miller <davem@davemloft.net>Mon Jan 29 12:02:54 2018 -0500
treec2be3e6f9bc8cde4512dbb7871fcc5801c9f45c2
parent84328342a70a44379dd73011a44c5f5e00481a42 [diff]
Revert "net: ptr_ring: otherwise safe empty checks can overrun array bounds"

This reverts commit bcecb4bbf88aa03171c30652bca761cf27755a6b.

If we try to allocate an extra entry as the above commit did, and when
the requested size is UINT_MAX, addition overflows causing zero size to
be passed to kmalloc().

kmalloc then returns ZERO_SIZE_PTR with a subsequent crash.

Reported-by: syzbot+87678bcf753b44c39b67@syzkaller.appspotmail.com
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: c2be3e6f9bc8cde4512dbb7871fcc5801c9f45c2
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README