diff mbox series

[v3,3/4] mm/mempolicy: return EINVAL if len overflows for mbind

Message ID 20230128063229.989058-4-mawupeng1@huawei.com (mailing list archive)
State New
Headers show
Series Add overflow checks for several syscalls | expand

Commit Message

mawupeng Jan. 28, 2023, 6:32 a.m. UTC 
From: Ma Wupeng <mawupeng1@huawei.com>

Check and return 0 if len == 0 at the beginning of the function.
Return -EINVAL if len overflows for mbind.

Signed-off-by: Ma Wupeng <mawupeng1@huawei.com>
---
 mm/mempolicy.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 85c5d3c2503b..7791be5a2677 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1275,13 +1275,16 @@  static long do_mbind(unsigned long start, unsigned long len,
 	if (mode == MPOL_DEFAULT)
 		flags &= ~MPOL_MF_STRICT;
 
+	if (!len)
+		return 0;
+
 	len = PAGE_ALIGN(len);
-	end = start + len;
+	if (!len)
+		return -EINVAL;
 
+	end = start + len;
 	if (end < start)
 		return -EINVAL;
-	if (end == start)
-		return 0;
 
 	new = mpol_new(mode, mode_flags, nmask);
 	if (IS_ERR(new))