From patchwork Mon Jan 16 11:58:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mawupeng X-Patchwork-Id: 13102946 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93C33C54EBE for ; Mon, 16 Jan 2023 11:59:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 12C386B0078; Mon, 16 Jan 2023 06:59:04 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0DC7F6B007B; Mon, 16 Jan 2023 06:59:04 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EE60A6B007D; Mon, 16 Jan 2023 06:59:03 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id DDF1E6B0078 for ; Mon, 16 Jan 2023 06:59:03 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 9D68B1A0882 for ; Mon, 16 Jan 2023 11:59:03 +0000 (UTC) X-FDA: 80360516166.07.DF33123 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by imf14.hostedemail.com (Postfix) with ESMTP id 511D5100014 for ; Mon, 16 Jan 2023 11:59:00 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf14.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.187 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1673870341; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=iD3XNU43t8xM6+eB7e4FkhscTRhvc3mm675O6bRptTs=; b=eYuRGmMB69e94waiQPdGeYtlAnnCO1GaY0BVIhlK07yYiqGREIRPyjBF4n3f1WUX7Mq2ns vKy2EbZmOh6phetDAHCYUAI+7ZYqllhMAPIPN6Lspnb4RoEpZDtctogRosW2ua89Bh8l7w lEVLRfEIEdkHPihHgKapQSnJhEm1xZU= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf14.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.187 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1673870341; a=rsa-sha256; cv=none; b=qCM6/YjgVzdrhjzAiskLjfutUpREEWe55dFqarpoixpmhVV2BAirbpu2p2ZuebGwzNkC7M eOQZU0wLpThvdnTXuZpEoPI1Xxpm7ClPMjGOa7A7qOisVVjLTjuFhN5oR9aXbBUHqy7SlB Sg2ikhrxOySMI/WsCmtRuKxsm0NOnUA= Received: from dggpemm500014.china.huawei.com (unknown [172.30.72.54]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4NwVr95MWNznVSt; Mon, 16 Jan 2023 19:57:13 +0800 (CST) Received: from localhost.localdomain (10.175.112.125) by dggpemm500014.china.huawei.com (7.185.36.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Mon, 16 Jan 2023 19:58:55 +0800 From: Wupeng Ma To: CC: , , , , Subject: [PATCH v2 0/4] Add overflow checks for several syscalls Date: Mon, 16 Jan 2023 19:58:09 +0800 Message-ID: <20230116115813.2956935-1-mawupeng1@huawei.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Originating-IP: [10.175.112.125] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To dggpemm500014.china.huawei.com (7.185.36.153) X-CFilter-Loop: Reflected X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 511D5100014 X-Stat-Signature: km4zj9z7t8at5ftzmmox3b5k6dn5tq4y X-Rspam-User: X-HE-Tag: 1673870340-416068 X-HE-Meta: U2FsdGVkX1/sBSUq4Mf6a4f+jPdVZ7lP1BAE1xVIE8k0DgGlahP+WKEzfeBHWztAB35fPqsiNu0h6GyN4yUur+loraRt5EeEuAfYdtqyCsy+qP7PaMFGUChItzvI7fF+6XytCjb9ZpYOkOAruInJoVFKB2dBMgbC+QpTZVyFCAQd2ua03mhk89mPmV/ntMqyHWD8SjlUcmHuQ1psSisV+58fyn5mznEfXTgnZexNkzBIOkjEOCsTbPIQuGg25QEUYAsjbJLT0QHjK1uJU8LeffHGCLRw/ltP4R9fWVY/75ruBhMD1Z4MyYh8VhBjgoSyAEvU2jyUZP+cXxKvrRTiqHw80k61yCuM+TyP3TSPR3p2hkx2nPHdg7HZqu2Q8F6WsD9d++CJeZtmgWP2hPzGBFj8y0DRVk0CaF6BKloOEM52sYQ7vJuJJVvBG/ij0mLTo68QFOASffJsfKeqoT3iEBpDGpT6j2mbcGdCS+J8n8J4fRl5ijyqfZWpOt1N+RvGNgnd5Or0crzoIy6bbu0kLYppLpRcBadszu1tC6SdyCi1xlemN2yeZn21kdn3OimcffwjGJM5mE/AH8f6q2mk24iXxIixJ16WUu/7NRhLMrxwupnOFCCII5+n5eoffn6YYNPsjkTigwhrFr/c9BUDaji/Owlxk8D6+fWBtFZc0S7SFkdoFl+ex6FzJL4oR8wzSE7JTc0syCY3QE6MnQM7aTpO1a12kSLCDKS2uguZKf3ywcV4pT/p+bym6HrMS5b3MqFdbTIQqJqfjosgKoxdMvfzK432fQlxcNMe5Lyxcg4re6u/7TRFh/lAnPKJnU/1ZBI40m99VHj0ptA2ahrNHka15aTK4TN9MgSQ9VpM710= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Ma Wupeng While testing mlock, we have a problem if the len of mlock is ULONG_MAX. The return value of mlock is zero. But nothing will be locked since the len in do_mlock overflows to zero due to the following code in mlock: len = PAGE_ALIGN(len + (offset_in_page(start))); The same problem happens in munlock. Add new check and return -EINVAL to fix this overflowing scenarios since they are absolutely wrong. Similar logic is used to fix problems with multiple syscalls. Changelog since v1[1]: - only check overflow rather than access_ok to keep backward-compatibility [1]: https://lore.kernel.org/lkml/20221228141701.c64add46c4b09aa17f605baf@linux-foundation.org/T/ Ma Wupeng (4): mm/mlock: return EINVAL if len overflows for mlock/munlock mm/mempolicy: return EINVAL for if len overflows for set_mempolicy_home_node mm/mempolicy: return EINVAL if len overflows for mbind mm/msync: return ENOMEM if len overflows for msync mm/mempolicy.c | 6 ++++-- mm/mlock.c | 8 ++++++++ mm/msync.c | 3 ++- 3 files changed, 14 insertions(+), 3 deletions(-)