kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   888eddd4fd1e487559f6a6cf1b44bfe17b8ae897
  2.   patches.suse
  3.   mm-and-drivers-core-Convert-hugetlb_report_node_memi.patch
Blob Blame History Raw 
From 7981593bf083801035b1f1377661849805acb216 Mon Sep 17 00:00:00 2001
From: Joe Perches <joe@perches.com>
Date: Wed, 16 Sep 2020 13:40:43 -0700
Subject: [PATCH] mm: and drivers core: Convert hugetlb_report_node_meminfo to
 sysfs_emit
Git-commit: 7981593bf083801035b1f1377661849805acb216
Patch-mainline: v5.10-rc1
References: bsc#1200598 CVE-2022-20166

Convert the unbound sprintf in hugetlb_report_node_meminfo to use
sysfs_emit_at so that no possible overrun of a PAGE_SIZE buf can occur.

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Mike Kravetz <mike.kravetz@oracle.com>
Link: https://lore.kernel.org/r/894b351b82da6013cde7f36ff4b5493cd0ec30d0.1600285923.git.joe@perches.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Petr Mladek <pmladek@suse.com>

---
 drivers/base/node.c     |    2 +-
 include/linux/hugetlb.h |    4 ++--
 mm/hugetlb.c            |    4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

--- a/drivers/base/node.c
+++ b/drivers/base/node.c
@@ -143,7 +143,7 @@ static ssize_t node_read_meminfo(struct
 #else
 		       nid, K(sum_zone_node_page_state(nid, NR_SLAB_UNRECLAIMABLE)));
 #endif
-	len += hugetlb_report_node_meminfo(nid, buf + len);
+	len += hugetlb_report_node_meminfo(buf, len, nid);
 	return len;
 }
 
--- a/include/linux/hugetlb.h
+++ b/include/linux/hugetlb.h
@@ -77,7 +77,7 @@ void __unmap_hugepage_range(struct mmu_g
 				unsigned long start, unsigned long end,
 				struct page *ref_page);
 void hugetlb_report_meminfo(struct seq_file *);
-int hugetlb_report_node_meminfo(int, char *);
+int hugetlb_report_node_meminfo(char *buf, int len, int nid);
 void hugetlb_show_meminfo(void);
 unsigned long hugetlb_total_pages(void);
 int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
@@ -157,7 +157,7 @@ static inline void adjust_range_if_pmd_s
 static inline void hugetlb_report_meminfo(struct seq_file *m)
 {
 }
-#define hugetlb_report_node_meminfo(n, buf)	0
+#define hugetlb_report_node_meminfo(buf, len, nid)	0
 static inline void hugetlb_show_meminfo(void)
 {
 }
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -3050,12 +3050,12 @@ void hugetlb_report_meminfo(struct seq_f
 			1UL << (huge_page_order(h) + PAGE_SHIFT - 10));
 }
 
-int hugetlb_report_node_meminfo(int nid, char *buf)
+int hugetlb_report_node_meminfo(char *buf, int len, int nid)
 {
 	struct hstate *h = &default_hstate;
 	if (!hugepages_supported())
 		return 0;
-	return sprintf(buf,
+	return sysfs_emit_at(buf, len,
 		"Node %d HugePages_Total: %5u\n"
 		"Node %d HugePages_Free:  %5u\n"
 		"Node %d HugePages_Surp:  %5u\n",
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.