vfs: fs_context: fix up param length parsing in legacy_parse_param
commit 722d94847de29310e8aa03fcbdb41fc92c521756 upstream.
The "PAGE_SIZE - 2 - size" calculation in legacy_parse_param() is an
unsigned type so a large value of "size" results in a high positive
value instead of a negative value as expected. Fix this by getting rid
of the subtraction.
Signed-off-by: Jamie Hill-Daniel <jamie@hill-daniel.co.uk>
Signed-off-by: William Liu <willsroot@protonmail.com>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Tested-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit d6bbb6cd71d058bc37d2ef29bba899676198c889)
Signed-off-by: Robert Kolchmeyer <rkolchmeyer@google.com>
BUG=b/213421437
TEST=presubmit
RELEASE_NOTE=Fixed a privilege escalation vulnerability in fs_context
in the Linux kernel. This resolves CVE-2022-0185.
cos-patch: security-high
Change-Id: I0f9f2ea425b4dd6e4111d885a3b92ca452fca2c1
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/27920
Reviewed-by: Roy Yang <royyang@google.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: Oleksandr Tymoshenko <ovt@google.com>
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
1 file changed