From patchwork Sat Jan 28 06:32:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mawupeng X-Patchwork-Id: 13119700 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28DB3C61DB3 for ; Sat, 28 Jan 2023 06:32:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 007AB6B0075; Sat, 28 Jan 2023 01:32:48 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E0F1A6B0078; Sat, 28 Jan 2023 01:32:47 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C87846B007B; Sat, 28 Jan 2023 01:32:47 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id B2DDB6B0075 for ; Sat, 28 Jan 2023 01:32:47 -0500 (EST) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 7A96FA56EF for ; Sat, 28 Jan 2023 06:32:47 +0000 (UTC) X-FDA: 80403239574.15.A9B7A17 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf16.hostedemail.com (Postfix) with ESMTP id 4B977180015 for ; Sat, 28 Jan 2023 06:32:44 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf16.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674887565; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=pDSt0R52iuviM9tqUBmLkqaFbOKlFVBOVTMpuuSjlL0=; b=25QlCVHrlugrSE92hFPRhO85MEr+jvN3zLjfrWEm4YjAvv70+QbwIn3+7/fA8ReWecLPm7 JHN/jBCM6JoG4paWZWAfqleoEUP35cV/Esb77TK5XD0uknnS/vMjqE9hMBKWMdCcNv69gm uBFEqq33Fmwa9VLSO+ZE5ogeqAJANKs= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf16.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674887565; a=rsa-sha256; cv=none; b=7WVba6m4kRZlrmYXuS1zGXs1Z9CCuRA/TDeJ71Kk1F8/kliOkMTHjpxb8qn+8wdf5Q/bL1 exSTjuUMMAFxlAq7SzZZ7SSWHsvOBFk0CMUlfXJwmjFFlf4RERKxHAype+TCOyC74fvYIR SyFA9oTES+p1zte8ufe25YF0/SKYFys= Received: from dggpemm500014.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4P3l1g3dWTzRrqN; Sat, 28 Jan 2023 14:30:31 +0800 (CST) Received: from localhost.localdomain (10.175.112.125) by dggpemm500014.china.huawei.com (7.185.36.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Sat, 28 Jan 2023 14:32:37 +0800 From: Wupeng Ma To: CC: , , , , Subject: [PATCH v3 0/4] Add overflow checks for several syscalls Date: Sat, 28 Jan 2023 14:32:25 +0800 Message-ID: <20230128063229.989058-1-mawupeng1@huawei.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Originating-IP: [10.175.112.125] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To dggpemm500014.china.huawei.com (7.185.36.153) X-CFilter-Loop: Reflected X-Rspamd-Queue-Id: 4B977180015 X-Stat-Signature: 76bnixfnfbpjc3r14qgqpriugprz5tqb X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1674887564-631764 X-HE-Meta: U2FsdGVkX19yignJmsQxZDMYaY+ocwIz3nVF/VlUtbIawdimeh36EckAWrNaWWunTQyl0UA4N7Aji/LWHr6DJLC9LAiehFTgxiOBcHUfy21ApXTYYGPBvZB9BGCxz+rlFEzwfHwl4VzUelddhRpZhrHmrjxsT5MB7HjOXmdDwPNA9S3fcXga4Impyb9aY/IySlPhPHArW+I9YGpDi60OZh1bxPMiMuxoAhrThFKGs+7HJgO7vX+L/NLdSBRF6zH1UhB+mReqF35NBXtqJwk+hhQoB52og7Wyq2sM03XiMwuu/hJxkUdtVxqb6trDMycMWGTronqmvt//185eeXkSf45jma9cXmXmtgM8O33Qq1QCvKN34hEZYcOPDZzaNpaQ/Zh6A49x/AjiDFl0VigpK88ZxFAH7BqrFp9DJiaQYo593GVhBilpEsQiLL/XCXFiukSDYWdi4RVeAugyxk/5k2PEslQ2FfiFizfEMopCCP5f2ih+2zw9IxF3ni+HIHvPFJyPqkofeeurrSxAEZOmOq0OekRsWOI2Q0/jWdbcbAHD9XkQoGFIvIGP/QBdeO6HV0cVXBs1ASO736Ea6L8rofg2VOvvJ2qqqXKcIv+F0PDghXtqq4Sq0l/7lWB2eQ8V7n6cXqNvfoFR/oEoPYNAZBBg7qO5HdKyvaBRfV1ncrrRiTE9JhMLp98FLcItb+SAfd5RGnDtNPViFrGU1dSk5cuwc2H+p3EC8QCgT+tkjvn5L7aDR1HnksczDzLU9R+pOlL/EIult4IwqERK8FmnfrG00HNQE6iJrVTNqwLNnqpH8uBm2SLHWKhxLwBL/4/0enSAiMg4vwNfKK3fsK3fIaT01j6Zb8tXxXElFDwnNRo8J42db0HQ7X59Rlt3NI2F6LKAAO4gTW9g4UkNU4I/UbJs3hxRjxYnCdlwv5WR6HDEWYGLbBnHJYNOpxyGvXsyY11+dWrbD+pKXwCzYsj nn9kgNIE /OrDJLKISZIVRMA77gZv8Z6TRF3KkXk1E7PtiqFJV6U/WyKlupKdyugVb90k+hdaht3g2Z+nUAF8GPs6f36Zur8GLTHxxuvgzGX9wHG6uR/Pd3CE2PPynP54/B0M9843xFwowoM2gWNXXKiS3LdFiNlLFS4G2UXYi1S5GG62oP5qluoXzEHRYk9zWkppoVBSdL/gCTEUish3EuN/ujzcl0QYhZgMreI8/X+1vu4f5N9ct/SWHz7f2HnXp71W6EyNLBZ49JazoARTnwPsp1REWCiBwCFJAWn9iBfDFCMN0B+BXzuBSUdSnNL4rU9NBhehN+3FlB6fjosOOuSc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Ma Wupeng While testing mlock, we have a problem if the len of mlock is ULONG_MAX. The return value of mlock is zero. But nothing will be locked since the len in do_mlock overflows to zero due to the following code in mlock: len = PAGE_ALIGN(len + (offset_in_page(start))); The same problem happens in munlock. Add new check and return -EINVAL to fix this overflowing scenarios since they are absolutely wrong. Similar logic is used to fix problems with multiple syscalls. Changelog since v2[2]: - modified the way of checking overflows based on Andrew's comments Changelog since v1[1]: - only check overflow rather than access_ok to keep backward-compatibility [1]: https://lore.kernel.org/lkml/20221228141701.c64add46c4b09aa17f605baf@linux-foundation.org/T/ [2]: https://lore.kernel.org/linux-mm/20230116115813.2956935-5-mawupeng1@huawei.com/T/ Ma Wupeng (4): mm/mlock: return EINVAL if len overflows for mlock/munlock mm/mempolicy: return EINVAL for if len overflows for set_mempolicy_home_node mm/mempolicy: return EINVAL if len overflows for mbind mm/msync: return ENOMEM if len overflows for msync mm/mempolicy.c | 18 ++++++++++++------ mm/mlock.c | 14 ++++++++++++-- mm/msync.c | 9 ++++++--- 3 files changed, 30 insertions(+), 11 deletions(-)