If a large count is provided, it will triger a warning in bitmap_parse_user. Also check zero for it.
Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=0aecfd34fb878546f3fd Tested-by: [email protected] Signed-off-by: Lizhi Xu <[email protected]> --- kernel/trace/trace.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index be62f0ea1814..109f301549b8 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -5225,6 +5225,9 @@ tracing_cpumask_write(struct file *filp, const char __user *ubuf, cpumask_var_t tracing_cpumask_new; int err; + if (count == 0 || count << PAGE_SHIFT > MAX_PAGE_ORDER) + return -EINVAL; + if (!zalloc_cpumask_var(&tracing_cpumask_new, GFP_KERNEL)) return -ENOMEM; -- 2.43.0
