[v2] Add overflow checks for several syscalls

[PATCH v2 3/4] mm/mempolicy: return EINVAL if len overflows for mbind

Posted by Wupeng Ma 2 years, 8 months ago

From: Ma Wupeng <mawupeng1@huawei.com>

Return -EINVAL if len overflows for mbind.

Signed-off-by: Ma Wupeng <mawupeng1@huawei.com>
---
 mm/mempolicy.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 153fda1ebb9c..4cb19a6e368b 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1258,6 +1258,7 @@ static long do_mbind(unsigned long start, unsigned long len,
 		     nodemask_t *nmask, unsigned long flags)
 {
 	struct mm_struct *mm = current->mm;
+	unsigned long old_len = len;
 	struct mempolicy *new;
 	unsigned long end;
 	int err;
@@ -1278,7 +1279,7 @@ static long do_mbind(unsigned long start, unsigned long len,
 	len = PAGE_ALIGN(len);
 	end = start + len;
 
-	if (end < start)
+	if (end < start || (old_len != 0 && len == 0))
 		return -EINVAL;
 	if (end == start)
 		return 0;
-- 
2.25.1

[PATCH v2 1/4] mm/mlock: return EINVAL if len overflows for mlock/munlock
[PATCH v2 2/4] mm/mempolicy: return EINVAL for if len overflows for set_mempolicy_home_node
[PATCH v2 3/4] mm/mempolicy: return EINVAL if len overflows for mbind
[PATCH v2 4/4] mm/msync: return ENOMEM if len overflows for msync