Merge "diag: Sanitize the mempools with pool data size check" (93baeae7) · Commits · e / devices / android_kernel_fairphone_FP4

drivers/char/diag/diagmem.c

+6 −2

Original line number	Diff line number	Diff line
		// SPDX-License-Identifier: GPL-2.0-only
		/* Copyright (c) 2008-2014, 2016-2019 The Linux Foundation. All rights reserved.
		/* Copyright (c) 2008-2014, 2016-2019, 2021 The Linux Foundation. All rights reserved.
		*/

		#include <linux/init.h>
		@@ -143,6 +143,9 @@ void diagmem_setsize(int pool_idx, int itemsize, int poolsize)
		}

		diag_mempools[pool_idx].itemsize = itemsize;
		if (diag_mempools[pool_idx].pool)
		diag_mempools[pool_idx].pool->pool_data =
		(void *)(uintptr_t)itemsize;
		diag_mempools[pool_idx].poolsize = poolsize;
		pr_debug("diag: Mempool %s sizes: itemsize %d poolsize %d\n",
		diag_mempools[pool_idx].name, diag_mempools[pool_idx].itemsize,
		@@ -168,7 +171,8 @@ void diagmem_alloc(struct diagchar_dev driver, int size, int pool_type)
		mempool->name);
		break;
		}
		if (size == 0 \|\| size > mempool->itemsize) {
		if (size == 0 \|\| size > mempool->itemsize \|\|
		size > (int)mempool->pool->pool_data) {
		pr_err_ratelimited("diag: cannot alloc from mempool %s, invalid size: %d\n",
		mempool->name, size);
		break;