Re: [PATCH 01/39] memcg_write_event_control(): fix a user-triggerable oops
From: Michal Hocko <mhocko@suse.com>
Date: 2024-07-30 07:13:41
Also in:
bpf, cgroups, kvm, linux-fsdevel
On Tue 30-07-24 01:15:47, viro@kernel.org wrote:
From: Al Viro <viro@zeniv.linux.org.uk> we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). [the sucker got moved in mainline]
You could have preserved
Fixes: 0dea116876ee ("cgroup: implement eventfd-based generic API for notifications")
Cc: stable
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
and Acked-by: Michal Hocko <mhocko@suse.com>
quoted hunk ↗ jump to hunk
--- mm/memcontrol-v1.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)diff --git a/mm/memcontrol-v1.c b/mm/memcontrol-v1.c index 2aeea4d8bf8e..417c96f2da28 100644 --- a/mm/memcontrol-v1.c +++ b/mm/memcontrol-v1.c@@ -1842,9 +1842,12 @@ static ssize_t memcg_write_event_control(struct kernfs_open_file *of, buf = endp + 1; cfd = simple_strtoul(buf, &endp, 10); - if ((*endp != ' ') && (*endp != '\0')) + if (*endp == '\0') + buf = endp; + else if (*endp == ' ') + buf = endp + 1; + else return -EINVAL; - buf = endp + 1; event = kzalloc(sizeof(*event), GFP_KERNEL); if (!event)-- 2.39.2
-- Michal Hocko SUSE Labs