1. Patchew
  2. linux
  3. View series

[PATCH] x86/mm: guard against overflow in mmap_address_hint_valid

Ali Zain posted 1 patch 1 month, 1 week ago 
arch/x86/mm/mmap.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
[PATCH] x86/mm: guard against overflow in mmap_address_hint_valid
Posted by Ali Zain 1 month, 1 week ago 
Use check_add_overflow() to safely compute addr + len and avoid potential overflow during address validation.

Signed-off-by: Ali Zain <alizainuimx@gmail.com>
---
 arch/x86/mm/mmap.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index 8964466ee..0bfb0bfd9 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -196,15 +196,17 @@ unsigned long get_mmap_base(int is_legacy)
  */
 bool mmap_address_hint_valid(unsigned long addr, unsigned long len)
 {
-	if (TASK_SIZE - len < addr)
-		return false;
+        unsigned long end;
 
-	if (addr + len < addr)   // overflow check
-		return false;
+        if (TASK_SIZE - len < addr)
+                return false;
 
-	return (addr > DEFAULT_MAP_WINDOW) == (addr + len > DEFAULT_MAP_WINDOW);
-}
+        /* Prevent overflow in addr + len */
+        if (check_add_overflow(addr, len, &end))
+                return false;
 
+        return (addr > DEFAULT_MAP_WINDOW) == (end > DEFAULT_MAP_WINDOW);
+}
 /* Can we access it for direct reading/writing? Must be RAM: */
 int valid_phys_addr_range(phys_addr_t addr, size_t count)
 {
-- 
2.53.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.