From: Eric Sandeen <sandeen@redhat.com>
Subject: seq_file: Disallow extremely large seq buffer allocations
References: bsc#1188062, CVE-2021-33909
Patch-mainline: Not yet, embargoed security

There is no reasonable need for a buffer larger than this,
and it avoids int overflow pitfalls.

Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
---

---
 fs/seq_file.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -25,6 +25,9 @@
 
 static void *seq_buf_alloc(unsigned long size)
 {
+	if (unlikely(size > MAX_RW_COUNT))
+		return NULL;
+
 	return kvmalloc(size, GFP_KERNEL);
 }