Re: [PATCH 4.19 040/115] drm: limit to INT_MAX in create_blob ioctl

8 Jan 2020


      On Wed, Jan 08, 2020 at 09:11:48AM +0100, Pavel Machek wrote:
...
On Tue 2020-01-07 21:54:10, Greg Kroah-Hartman wrote:
...
From: Daniel Vetter daniel.vetter@ffwll.ch
[ Upstream commit 5bf8bec3f4ce044a223c40cbce92590d938f0e9c ]
The hardened usercpy code is too paranoid ever since commit 6a30afa8c1fb
("uaccess: disallow > INT_MAX copy sizes")
...
Code itself should have been fine as-is.
Link: http://lkml.kernel.org/r/20191106164755.31478-1-daniel.vetter@ffwll.ch
Signed-off-by: Daniel Vetter daniel.vetter@intel.com
Reported-by: syzbot+fb77e97ebf0612ee6914@syzkaller.appspotmail.com
Fixes: 6a30afa8c1fb ("uaccess: disallow > INT_MAX copy sizes")
There is no such thing as commit 6a30afa8c1fb. Apparently this is
talking about commit "6d13de1489b6bf539695f96d945de3860e6d5e17", but
that one is not in 4.19-stable.
Do we need this in 4.19-stable?
Yes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH 4.19 040/115] drm: limit to INT_MAX in create_blob ioctl