Re: [PATCH] mm/damon: Adjust the size of kbuf array to avoid overflow

From: SeongJae Park
Date: Wed Oct 13 2021 - 10:02:45 EST

Next message: kernel test robot: "Re: [PATCH v2 2/3] block: don't hide inode from block_device users"
Previous message: Borislav Petkov: "Re: [PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT"
In reply to: Xin Hao: "[PATCH] mm/damon: Adjust the size of kbuf array to avoid overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Xin,

On Wed, 13 Oct 2021 19:48:54 +0800 Xin Hao <xhao@xxxxxxxxxxxxxxxxx> wrote:

> In order to avoid the 'count' size space of kbuf array is
> used up, but a "\0" is still added.

Thank you for this patch! :)

But... I unsure how this can cause a buffer overflow, as 'kbuf' is accessed by
only size-specified functions, namely 'scnprintf()' and
'simple_read_from_buffer()'.

If I'm missing something, please feel free to let me know.

Thanks,
SJ

>
> Signed-off-by: Xin Hao <xhao@xxxxxxxxxxxxxxxxx>
> ---
> mm/damon/dbgfs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/damon/dbgfs.c b/mm/damon/dbgfs.c
> index faee070977d8..20c61eed54af 100644
> --- a/mm/damon/dbgfs.c
> +++ b/mm/damon/dbgfs.c
> @@ -247,7 +247,7 @@ static ssize_t dbgfs_kdamond_pid_read(struct file *file,
> char *kbuf;
> ssize_t len;
>
> - kbuf = kmalloc(count, GFP_KERNEL);
> + kbuf = kmalloc(count + 1, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;
>
> --
> 2.31.0
>

Next message: kernel test robot: "Re: [PATCH v2 2/3] block: don't hide inode from block_device users"
Previous message: Borislav Petkov: "Re: [PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT"
In reply to: Xin Hao: "[PATCH] mm/damon: Adjust the size of kbuf array to avoid overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]