[v3] Add overflow checks for several syscalls

[PATCH v3 3/4] mm/mempolicy: return EINVAL if len overflows for mbind

Posted by Wupeng Ma 2 years, 7 months ago

From: Ma Wupeng <mawupeng1@huawei.com>

Check and return 0 if len == 0 at the beginning of the function.
Return -EINVAL if len overflows for mbind.

Signed-off-by: Ma Wupeng <mawupeng1@huawei.com>
---
 mm/mempolicy.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 85c5d3c2503b..7791be5a2677 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1275,13 +1275,16 @@ static long do_mbind(unsigned long start, unsigned long len,
 	if (mode == MPOL_DEFAULT)
 		flags &= ~MPOL_MF_STRICT;
 
+	if (!len)
+		return 0;
+
 	len = PAGE_ALIGN(len);
-	end = start + len;
+	if (!len)
+		return -EINVAL;
 
+	end = start + len;
 	if (end < start)
 		return -EINVAL;
-	if (end == start)
-		return 0;
 
 	new = mpol_new(mode, mode_flags, nmask);
 	if (IS_ERR(new))
-- 
2.25.1

[PATCH v3 1/4] mm/mlock: return EINVAL if len overflows for mlock/munlock
[PATCH v3 2/4] mm/mempolicy: return EINVAL for if len overflows for set_mempolicy_home_node
[PATCH v3 3/4] mm/mempolicy: return EINVAL if len overflows for mbind
[PATCH v3 4/4] mm/msync: return ENOMEM if len overflows for msync