diff mbox series

[v5,3/4] mm/mempolicy: return EINVAL if len overflows for mbind

Message ID 20230321074035.1526157-4-mawupeng1@huawei.com (mailing list archive)
State New
Headers show
Series Add overflow checks for several syscalls | expand

Commit Message

mawupeng March 21, 2023, 7:40 a.m. UTC 
From: Ma Wupeng <mawupeng1@huawei.com>

Check and return 0 if len == 0 at the beginning of the function.
Return -EINVAL if len overflows for mbind.

Signed-off-by: Ma Wupeng <mawupeng1@huawei.com>
---
 mm/mempolicy.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 0a596c6cbed9..134fdc1f6c87 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1276,13 +1276,16 @@  static long do_mbind(unsigned long start, unsigned long len,
 	if (mode == MPOL_DEFAULT)
 		flags &= ~MPOL_MF_STRICT;
 
+	if (!len)
+		return 0;
+
 	len = PAGE_ALIGN(len);
-	end = start + len;
+	if (!len)
+		return -EINVAL;
 
+	end = start + len;
 	if (end < start)
 		return -EINVAL;
-	if (end == start)
-		return 0;
 
 	new = mpol_new(mode, mode_flags, nmask);
 	if (IS_ERR(new))