[lvc-project] [PATCH] mm/damon: get rid of overlapping areas.
Markov Gleb
markov.gi at npc-ksb.ru
Mon May 25 15:45:41 MSK 2026
From: Gleb Markov <markov.gi at npc-ksb.ru>
Caused of sscanf() usage on the same memory allocated space
may occur an overlapping areas situation with further UB fall.
Add a temporary buffer to avoid overlapping.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 4bc05954d007 ("mm/damon: implement a debugfs-based user space interface")
Signed-off-by: Gleb Markov <markov.gi at npc-ksb.ru>
---
mm/damon/dbgfs.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/mm/damon/dbgfs.c b/mm/damon/dbgfs.c
index b3f454a5c682..643c7c085c68 100644
--- a/mm/damon/dbgfs.c
+++ b/mm/damon/dbgfs.c
@@ -1003,17 +1003,20 @@ static ssize_t dbgfs_monitor_on_write(struct file *file,
{
ssize_t ret;
char *kbuf;
+ char tmp[64];
kbuf = user_input_str(buf, count, ppos);
if (IS_ERR(kbuf))
return PTR_ERR(kbuf);
/* Remove white space */
- if (sscanf(kbuf, "%s", kbuf) != 1) {
+ if (sscanf(kbuf, "%63s", tmp) != 1) {
kfree(kbuf);
return -EINVAL;
}
+ strcpy(kbuf, tmp);
+
mutex_lock(&damon_dbgfs_lock);
if (!strncmp(kbuf, "on", count)) {
int i;
--
2.43.0
More information about the lvc-project
mailing list