From patchwork Mon Mar 20 02:47:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mawupeng X-Patchwork-Id: 13180690 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CF9DC7618E for ; Mon, 20 Mar 2023 02:47:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A938B900002; Sun, 19 Mar 2023 22:47:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8E8E5900005; Sun, 19 Mar 2023 22:47:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 71395900002; Sun, 19 Mar 2023 22:47:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 55787900003 for ; Sun, 19 Mar 2023 22:47:51 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 19E67805D2 for ; Mon, 20 Mar 2023 02:47:51 +0000 (UTC) X-FDA: 80587741542.21.98FF3B7 Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255]) by imf26.hostedemail.com (Postfix) with ESMTP id 746A414000C for ; Mon, 20 Mar 2023 02:47:48 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf26.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.255 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1679280469; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XhEAoOe8xCfT6IlHvtiu7ZPhz8+1Soq3ZGAYB5XEjfg=; b=LuR18dWgwJrVoxUMp7cUQF44phTQQznu8OxWX4JxC0CVZQmZLOKQhUCJorz0LLs937HagU rEsBRpG44b8xb8RWllVhIMIAyNloO/zTP5hQy5zQb7Iv5y2jnkKbB8Ypene9K61FSipIT+ U7PD5z3nC3Nmat7EeOyvOfn+g0GCUFs= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf26.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.255 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1679280469; a=rsa-sha256; cv=none; b=Q6KQeXhfKbh77eCiEgMrrViVhAXF5yljGtJbxkqDWlmI8JtzEy4foyMCUV7n776b++BDJ/ emVeiHx23NrpQDUDNpx0B1upSG9/vffz9W9uu6E1G7+vTWuzNnwY7pvcHgMgxocOTYGMeE ny+3iO3/DF2c59TgaYACPO0KWEs/Zlw= Received: from dggpemm500014.china.huawei.com (unknown [172.30.72.55]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4PfzbY3Q4Fz17MKr; Mon, 20 Mar 2023 10:44:41 +0800 (CST) Received: from localhost.localdomain (10.175.112.125) by dggpemm500014.china.huawei.com (7.185.36.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Mon, 20 Mar 2023 10:47:44 +0800 From: Wupeng Ma To: CC: , , , , , Subject: [PATCH v4 1/4] mm/mlock: return EINVAL if len overflows for mlock/munlock Date: Mon, 20 Mar 2023 10:47:36 +0800 Message-ID: <20230320024739.224850-2-mawupeng1@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230320024739.224850-1-mawupeng1@huawei.com> References: <20230320024739.224850-1-mawupeng1@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.112.125] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpemm500014.china.huawei.com (7.185.36.153) X-CFilter-Loop: Reflected X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 746A414000C X-Stat-Signature: bi9jkqcbfiz9bdr9sxmk8onax1buf17q X-HE-Tag: 1679280468-557692 X-HE-Meta: U2FsdGVkX18iqHUFREg1iRZlQPas+lhvEQNw2UjfguvO14+DT9GI68CJ6Z5Qz+n23AIaNr1HPTfF6B5sAtIm+hvOwPsh23C/NL2UKO1OeH83Xds6bfAZVABM3Fcisjf4KCYzeB4iRp/3CG+GP9maIlCda2mlLkHqgoankj2AfF1pZ/R3P3/7StY6w0QnwvUNLmLJMJxElVc2hAVv6iY2nC2eWhmMs4eusZLP1HPlHOSKPJMpAYUxdI2JzjDnP20h48beaAR3/4hVVvo49L576r3BiVojym5mao5fqvJws3MBM8dIbcxqQ2S7mdHWUvI3PlnAJxNm+yjmOGKKpENUn+T5nErswE0mncohRPHIK0PQk54vHF00lvkyFw28AYJCNb+rREl79Rddxs7rBm7u0iXVGmHZh6ACIZV+/JilUm8O9e/FYvIfKCAqtoksjCJQCr8othbaBHX5KR9DMHJToTZ3i5gZ5/BHHOYeqW4HYHR7bnzm+wgj2lvHxYh9bUaWqITnXIfl5ZbxyxHKgf0pu6RnhhDYjdLXWYq4iZ1rCcTB+nXdUgakRb6GK2LY65fllREQe+vlLfkTBpN8tCMOfA1rQ0PqqzsBtwP0ABa9he9QQYSwxPYpmvj6L7rbX7jYmCrLuV/+9W7Gy/Ad12/SAhxch1skIKP34aLaMsh0R9+2XqIkKva76kRZNcHiu7Dvrb2XHozFxJgQWvRgBrAF79J0l56DbTetJ9kK6V4ybwsfFbbQ/132r/hUm4lElLKY5fV8tvMyLr8V0NzQgXSEDW1SeH1hD6taatOX51c876dbtjnk4eJ8KHLVzdEndYMvlbZlYx+c4OfsfKWMRaVvsoPTEWL1m7L7t+H858YqktW410/UmJYqkOWbbNGIetAmmpXULhpNIcHaaPLWZFlahGMA/5ZerqpEJnUVPxMEq+iaOgK0eQuOJHgx3N933FOsdxrx0tgbVIBP+vXj+yR jrJmZoky Z5ZkdCMHQcL5LSDDuKObahjz5RJUQiO2zxCOcmk55Y/Hpv5841Y7smqhPgijYkcV1hYsJbE/hSyI1lPQSbKzgmU/u9H5n0QQYfNcuGibjhHAzFc2k2Sh/uvNdmBnkCa2tAcUuTpRlBbftXV4so60saWX2AzNOg+AAKeal X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Ma Wupeng While testing mlock, we have a problem if the len of mlock is ULONG_MAX. The return value of mlock is zero. But nothing will be locked since the len in do_mlock overflows to zero due to the following code in mlock: len = PAGE_ALIGN(len + (offset_in_page(start))); The same problem happens in munlock. Add new check and return -EINVAL to fix this overflowing scenarios since they are absolutely wrong. Signed-off-by: Ma Wupeng --- mm/mlock.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mm/mlock.c b/mm/mlock.c index 617469fce96d..eb68476da497 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -568,6 +568,7 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla unsigned long locked; unsigned long lock_limit; int error = -ENOMEM; + size_t old_len = len; start = untagged_addr(start); @@ -577,6 +578,9 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla len = PAGE_ALIGN(len + (offset_in_page(start))); start &= PAGE_MASK; + if (old_len != 0 && len == 0) + return -EINVAL; + lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; locked = len >> PAGE_SHIFT; @@ -631,12 +635,16 @@ SYSCALL_DEFINE3(mlock2, unsigned long, start, size_t, len, int, flags) SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) { int ret; + size_t old_len = len; start = untagged_addr(start); len = PAGE_ALIGN(len + (offset_in_page(start))); start &= PAGE_MASK; + if (old_len != 0 && len == 0) + return -EINVAL; + if (mmap_write_lock_killable(current->mm)) return -EINTR; ret = apply_vma_lock_flags(start, len, 0);