diff mbox series

[v2,3/4] mm/mempolicy: return EINVAL if len overflows for mbind

Message ID 20230116115813.2956935-4-mawupeng1@huawei.com (mailing list archive)
State New
Headers show
Series Add overflow checks for several syscalls | expand

Commit Message

mawupeng Jan. 16, 2023, 11:58 a.m. UTC 
From: Ma Wupeng <mawupeng1@huawei.com>

Return -EINVAL if len overflows for mbind.

Signed-off-by: Ma Wupeng <mawupeng1@huawei.com>
---
 mm/mempolicy.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 153fda1ebb9c..4cb19a6e368b 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1258,6 +1258,7 @@  static long do_mbind(unsigned long start, unsigned long len,
 		     nodemask_t *nmask, unsigned long flags)
 {
 	struct mm_struct *mm = current->mm;
+	unsigned long old_len = len;
 	struct mempolicy *new;
 	unsigned long end;
 	int err;
@@ -1278,7 +1279,7 @@  static long do_mbind(unsigned long start, unsigned long len,
 	len = PAGE_ALIGN(len);
 	end = start + len;
 
-	if (end < start)
+	if (end < start || (old_len != 0 && len == 0))
 		return -EINVAL;
 	if (end == start)
 		return 0;