From nobody Tue Apr 7 18:51:21 2026 Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 37B9B331219 for ; Fri, 27 Feb 2026 12:09:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772194149; cv=none; b=bgp7naRhJ9vSj7Dn/IDyUAYPknHIcY7bLfvpEOQBcbPUv/gfVqDiJrO0mCzK8plvmor7B071jUaczJf4H0Ltpg69MDukcH0AekrJExoNStZEsufF9atCpJ/jhFRqNYnnydKBT1vFNWyOUGIX5D96QZLMhdRoN/gBeQLv2jV7MVE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772194149; c=relaxed/simple; bh=SXVHjF2AskxAmJDJ8U4gZnXu+H5aNqpJzQOt2khuB74=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=i/3p5aFjyreNBFv5f9uDUIYYz6hCRKNXkGzBM4G9rF7en1x8O/Wd18f73mB+Y8TqVg+mbDO2oJw6uQAI07O6assuqccxaLiR2XQxPDuITsQTv35Z4MWOZBZDWCn2xZ3QuEwPSx1EManjrXfR1VAKAJ802ch/AM89Xk6lvdp2WPo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Gp2y6mGK; arc=none smtp.client-ip=209.85.208.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Gp2y6mGK" Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-65fac0b51baso3592556a12.0 for ; Fri, 27 Feb 2026 04:09:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772194146; x=1772798946; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=6iLB7nXM5ovw47mvFPcS+rOC8/N25r/mnUpmPtMnRQA=; b=Gp2y6mGKAicCf5Ul/eAdY2wKN8zBlkYUXlJiDZLjnZJi/jr+peNdyn62yKpPQKiATk XdsjCV1pvBaRoTTQPB1tO3mYgVL/vWuXMmmpu217jyLnIa9Ew324L85V63E9+j9l2MyV LZKLyOkdFe7k59NRxkhi6bwk1xvK/UCFc6tvXBIS6hgIxJ+5wARY5F/uFVhcW2mhLdGC S+vY2/1LMyuOvozp42dPhAY/oibRrN5/50r/ipmgXXPHIlDbVTzGI/T7PbaxXd2oDpht mx/oWxrNSY7uAvBJbvduq/g1rySV8NuFqE1RJXo0XDJUlM/RjsWPv4KtaU8v+Sj6KgkF wT5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772194146; x=1772798946; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=6iLB7nXM5ovw47mvFPcS+rOC8/N25r/mnUpmPtMnRQA=; b=BImtNcnolAiEqNpU4DIARb2TjdHih0PdUCsur3QWwqUTaBZ/fCqrb0do4h/zE0prRd rIJZQNoLAgRz5IQsM5rUKnDJD67+eQrAheAmyvD/TDhGXVfle7mb7lgwqwGvDAHhlOyh Mb7eSQIyseJniUU0v3yOfeCPNHsnP3hpNnYCwt/BtbLo9q/XKvl24Tg0cxIBDXfGPC/t AjjfORMV8m735KsNitUFlATaE8TmMdWqiUv6piPJmLNMNmMjf38cZX4cCXiN4NVV2Itr XlGYCavOqIbNeSqKEV9VYRXjyUEChntOem0cE6kh6BH/WqcCGZrEXeAQ7dQcA3yz+P6j rlwg== X-Gm-Message-State: AOJu0Ywehc9+WW1EpSdBBjoggDYM8f1Rv2rwP3Ww+xyTOcCyhuW9paF7 Jq/Hgm/DCx0T0sQx5incBCkjOsc70qPjfSi4eELsFJQ0tyUIxnGCw1GY X-Gm-Gg: ATEYQzzTvLXVXzIHzIDsyPHO4Xxx3hoU4+DJMyBqekckmpItmvHZVvX/UcrcFlUi7MY zrX1IMtYW9Zud15Wi5QVqglUgY+FiWReB17Qd+kouyp+8CKnjY79xndFABiKk/5NmStwicWd+B2 Q1L66DuTg4LyQHVBZU0UqHuDcfM5ViM0BmqKwHVW9uZvE6jdCrTs0RaUXPxKjHqo9bJv6uIE97x ohBMzfO+4bbB1z8GeJcoltFc5z42l/4sG6T7kmfri3Gw6tYT4QpIRRQknJ9VOjWEe/I3CONtEYs zzsrsd8YWn4v2skxQTj22kSAalmK/VvctxqBa4FTQjao+jjonHzOKaB9x7bwX1Z1nQBWOFEa9ih E/PQfnIa4VwCxW76noOyRrPgLDGSWNezve/omm49olLj1DUL/jshhZ8ZZl8VTcK/7O3aOMA6zNb PGZFq63r7GUUeZRb/HDmaKBrXnJw== X-Received: by 2002:aa7:db58:0:b0:641:88ff:10ad with SMTP id 4fb4d7f45d1cf-65fab733b71mr3013902a12.14.1772194145997; Fri, 27 Feb 2026 04:09:05 -0800 (PST) Received: from localhost ([121.91.57.108]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-65fabd467d1sm1296734a12.10.2026.02.27.04.09.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Feb 2026 04:09:05 -0800 (PST) From: Ali Zain To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, dave.hansen@linux.intel.com, peterz@infradead.org, mingo@redhat.com, Ali Zain Subject: [PATCH] x86/mm: guard against overflow in mmap_address_hint_valid Date: Fri, 27 Feb 2026 17:08:57 +0500 Message-ID: <20260227120857.80202-1-alizainuimx@gmail.com> X-Mailer: git-send-email 2.53.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use check_add_overflow() to safely compute addr + len and avoid potential o= verflow during address validation. Signed-off-by: Ali Zain --- arch/x86/mm/mmap.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c index 8964466ee..0bfb0bfd9 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -196,15 +196,17 @@ unsigned long get_mmap_base(int is_legacy) */ bool mmap_address_hint_valid(unsigned long addr, unsigned long len) { - if (TASK_SIZE - len < addr) - return false; + unsigned long end; =20 - if (addr + len < addr) // overflow check - return false; + if (TASK_SIZE - len < addr) + return false; =20 - return (addr > DEFAULT_MAP_WINDOW) =3D=3D (addr + len > DEFAULT_MAP_WINDO= W); -} + /* Prevent overflow in addr + len */ + if (check_add_overflow(addr, len, &end)) + return false; =20 + return (addr > DEFAULT_MAP_WINDOW) =3D=3D (end > DEFAULT_MAP_WINDO= W); +} /* Can we access it for direct reading/writing? Must be RAM: */ int valid_phys_addr_range(phys_addr_t addr, size_t count) { --=20 2.53.0