[PATCH] proc_do_large_bitmap - return error on writes to non-existant bitmap
From: Maciej Åenczykowski
Date: Wed Nov 27 2019 - 04:55:10 EST
From: Maciej Åenczykowski <maze@xxxxxxxxxx>
Writing to an unallocated bitmap (with echo) results in an infinite
loop - although I'm not clear if this is in kernel or in userspace.
We return ENOMEDIUM 'No medium found', because it's the best error
I could come up with to describe the situation.
(Note: I'm not aware of any actual way to hit this with current
kernel code, I hit this while testing new code, but it still seems
like it should be fixed, especially since it prevented my machine
from booting, and didn't even have the dignity to crash...)
Cc: Luis Chamberlain <mcgrof@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Iurii Zaikin <yzaikin@xxxxxxxxxx>
Cc: Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>
Cc: Linus FS Devel Mailing List <linux-fsdevel@xxxxxxxxxxxxxxx>
Signed-off-by: Maciej Åenczykowski <maze@xxxxxxxxxx>
---
kernel/sysctl.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 2c3958d2f463..431966967c99 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -3174,6 +3174,11 @@ int proc_do_large_bitmap(struct ctl_table *table, int write,
unsigned long *tmp_bitmap = NULL;
char tr_a[] = { '-', ',', '\n' }, tr_b[] = { ',', '\n', 0 }, c;
+ if (write && (!bitmap || !bitmap_len))
+ /* returning 0 could cause an infinite loop */
+ return -ENOMEDIUM;
+ }
+
if (!bitmap || !bitmap_len || !left || (*ppos && !write)) {
*lenp = 0;
return 0;
--
2.24.0.432.g9d3f5f5b63-goog