From patchwork Sat Jan 28 06:32:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mawupeng X-Patchwork-Id: 13119698 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F2E4C61DA4 for ; Sat, 28 Jan 2023 06:32:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 09F136B0074; Sat, 28 Jan 2023 01:32:47 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E35A86B007D; Sat, 28 Jan 2023 01:32:46 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B9DBA6B0074; Sat, 28 Jan 2023 01:32:46 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id A4AF36B0073 for ; Sat, 28 Jan 2023 01:32:46 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 61E53A024A for ; Sat, 28 Jan 2023 06:32:46 +0000 (UTC) X-FDA: 80403239532.27.07C3ABC Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf14.hostedemail.com (Postfix) with ESMTP id 9C00610000D for ; Sat, 28 Jan 2023 06:32:43 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf14.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674887564; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h6vKwVSyY7W55m4AzSw5Hc6HyhqCneigCqCcnvDYSf8=; b=wNmVmcEuvckTH/9kzHMnZ1zpx4UXiVY8IvqaTo6xJFsjWspYMSGsr2QtLDv8d1MeMt79HI +1BjPIWC4/0rTpN5hSOJMvZ11nrrpLfFxy7ll0oS7xcKwfEtAKS6oWjFXlXteV8s7tRCJp xQAGvOjIFncABnX4LAwxUwMOpypKNps= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf14.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674887564; a=rsa-sha256; cv=none; b=HOo7zUhTa+rOqKRyml0MKXF9zmI+opeNhlaTEIUtujYVEX/2zIUi4hjlZ2zEbTUM4v3TsE AZbQJcdj7LdS68c8LeC6KlElNkPEbJWNQfwh51EKWJXnLuyjDB5qmzNsaN2E3U4rmBCETA 9Y6qbvohhoQrhsXGMRFSJOIHI2kBNOw= Received: from dggpemm500014.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4P3l1g6WJNzRrCW; Sat, 28 Jan 2023 14:30:31 +0800 (CST) Received: from localhost.localdomain (10.175.112.125) by dggpemm500014.china.huawei.com (7.185.36.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Sat, 28 Jan 2023 14:32:38 +0800 From: Wupeng Ma To: CC: , , , , Subject: [PATCH v3 1/4] mm/mlock: return EINVAL if len overflows for mlock/munlock Date: Sat, 28 Jan 2023 14:32:26 +0800 Message-ID: <20230128063229.989058-2-mawupeng1@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230128063229.989058-1-mawupeng1@huawei.com> References: <20230128063229.989058-1-mawupeng1@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.112.125] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To dggpemm500014.china.huawei.com (7.185.36.153) X-CFilter-Loop: Reflected X-Rspamd-Queue-Id: 9C00610000D X-Stat-Signature: 6ficxrak3c8ujpa6388mbtpofhn5z5ze X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1674887563-503317 X-HE-Meta: U2FsdGVkX1+yXNehexG6uK9KixoVoPoCyR0BPwQqswLARzEJWXCKNt2jldvAXsPrWYmhgUwE/u7m+MoIxiHTylDEq1xX1DNbRkK4ie2hQyWofHrLoAaT3v5rWwNC7QK1GES3WeQLgI+g0HI5n6drSs9e46PzkjLCi3mAl9Jwlwx209SJuhs6L62ncUMTYUK0moVoQiUuuyqU7+AbNuKuKy8SwUGPRijU9oCB+QeNlupwC7NUgzBj6rOG2uGM8m00l0kYIs80/J7v5lj7jkDy8uFex+B5c36B1CVc4ddhbh1BY2Ql+ZwaG9dWUI1etDH0sCWVZzobziEmC7WMFsz65rzGK9h+Vl//6kSeNboFfg4XlQEwk7Fu0yGp6ZhjGcOv61GaANxzzZ5I0uZAMrLTh2Q90dOyYgchmm8wAndkRT80lJo082eBz4FADEDs6FHpM0oSfC1xOWuJIshl1/Q3+YrBH4tRfu2RN0panUl/Yadi+8IwEx46OLxCcwF9f07OpNQ3MJfrUentTojJ7CmMZ1Xyn1YwlGKu8zzRefgY7NEdTwK+aVojHrQXrCAgTcOGo962LI7pCdli+jGXl86mIS3e5ynM3vbvJ0yn2gqEYXBbeIRlP4T2f1dLEjN4J4Lt1pWgD8rzUeQa8yBLWHizgm/JecAk7pbmvuU6OCnu0uRQKrW8lqqxVudQZ4x2vxYvcWcMMG8WOxZoj+2eySaWHaPYgnXHfLrSsceypBl3JF2ptBL9gRLlTxAF76hr0Fzz4vYqEDrbGhahR/2sml+QG20EJgqGFrKuzTvUtLY9x6HReEVRb54cLRzzlwzVLHxmokqIMCnGfRgfBdljz2iWvS+zhOXN0E10dc+5bpOdsnPbCHLglio/HBXKQBUZIlazvWB/JlIKJvpbsf0Be5BCdknkFYwuvnLS74C30DiqX0C+c8KoxJFmTMZhLwJvKMhDECz6a/U7JeRXm+a5kda 4L/D7T4h T37e9rnjHckJ0AlphsDDff5Exq5fQ/m6KplIsBVlh+Isxeuc0cmhf0XSh9kPRpeHie8+tOqSPs6Qd2ag5lji8j6XX8NHbXUPi0c13/a73yC5BSlVwtROza+AC1Zub0QFJu5j73cJVsBQ4aypJ/jscSXMBbXqQOlHtjXv7 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Ma Wupeng While testing mlock, we have a problem if the len of mlock is ULONG_MAX. The return value of mlock is zero. But nothing will be locked since the len in do_mlock overflows to zero due to the following code in mlock: len = PAGE_ALIGN(len + (offset_in_page(start))); The same problem happens in munlock. Add new check and return -EINVAL to fix this overflowing scenarios since they are absolutely wrong. Return 0 early to avoid burn a bunch of cpu cycles if len == 0. Signed-off-by: Ma Wupeng --- mm/mlock.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/mm/mlock.c b/mm/mlock.c index 7032f6dd0ce1..eb09968ba27f 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -478,8 +478,6 @@ static int apply_vma_lock_flags(unsigned long start, size_t len, end = start + len; if (end < start) return -EINVAL; - if (end == start) - return 0; vma = mas_walk(&mas); if (!vma) return -ENOMEM; @@ -575,7 +573,13 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla if (!can_do_mlock()) return -EPERM; + if (!len) + return 0; + len = PAGE_ALIGN(len + (offset_in_page(start))); + if (!len) + return -EINVAL; + start &= PAGE_MASK; lock_limit = rlimit(RLIMIT_MEMLOCK); @@ -635,7 +639,13 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) start = untagged_addr(start); + if (!len) + return 0; + len = PAGE_ALIGN(len + (offset_in_page(start))); + if (!len) + return -EINVAL; + start &= PAGE_MASK; if (mmap_write_lock_killable(current->mm))