From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EEC27C46467 for ; Mon, 16 Jan 2023 11:59:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 68AF66B0075; Mon, 16 Jan 2023 06:59:03 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 65BAD6B0073; Mon, 16 Jan 2023 06:59:03 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D5056B007B; Mon, 16 Jan 2023 06:59:03 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 378086B0073 for ; Mon, 16 Jan 2023 06:59:03 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 152EF120936 for ; Mon, 16 Jan 2023 11:59:03 +0000 (UTC) X-FDA: 80360516166.07.77FAFF3 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf05.hostedemail.com (Postfix) with ESMTP id E12BC10000C for ; Mon, 16 Jan 2023 11:59:00 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=none; spf=pass (imf05.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1673870341; a=rsa-sha256; cv=none; b=RebbXXhlmi8fqPaX4qHon49iI1UTivcwGSnAFCkU6GgC8poK11Bm4QWkInxuss5VcDgRnx Dcok5Rb12s0ZX05eHx9fGvXUtKk6r9pK9j8ROwr2wiyh8GV6YJnv48LSxGj5Vj7xkqtgnK teYTtpVSSY1kWiGrFZ5A1wyzxCKpe3A= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=none; spf=pass (imf05.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1673870341; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZXs30kgxpSHxAdEYiLHpiCntuAe092GVq0Y7+UMvMFo=; b=kGCFbduG41o0fV/ThQk0PzUhtZUXsmZLC/HRnnpDxn4fbLwS/ntcZM9J2pZb2NO3HfucjC fz7HZZSFmJHIBXW9LBWtuWHhbP7LpZkKQgG8h+dB/fBTfH2JtktE2+Z2dtpke7/MSBhOo5 Tr6ol/PIrMc+5eBzl8NyvYXKSSfswOA= Received: from dggpemm500014.china.huawei.com (unknown [172.30.72.56]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4NwVr24brBzRrlv; Mon, 16 Jan 2023 19:57:06 +0800 (CST) Received: from localhost.localdomain (10.175.112.125) by dggpemm500014.china.huawei.com (7.185.36.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Mon, 16 Jan 2023 19:58:55 +0800 From: Wupeng Ma To: CC: , , , , Subject: [PATCH v2 1/4] mm/mlock: return EINVAL if len overflows for mlock/munlock Date: Mon, 16 Jan 2023 19:58:10 +0800 Message-ID: <20230116115813.2956935-2-mawupeng1@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230116115813.2956935-1-mawupeng1@huawei.com> References: <20230116115813.2956935-1-mawupeng1@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.175.112.125] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To dggpemm500014.china.huawei.com (7.185.36.153) X-CFilter-Loop: Reflected X-Rspam-User: X-Rspamd-Queue-Id: E12BC10000C X-Rspamd-Server: rspam01 X-Stat-Signature: pephkg1tqbcf7iqmb8zhs8ea8sfiesmu X-HE-Tag: 1673870340-168333 X-HE-Meta: U2FsdGVkX18PkZRUABuuSRBkjET2waHXephKd4QNWX4aSyHQO6LD2fzhRlAZNIHu/zGc86h0O9QqoDatQ9jRPJ+QVRA/Ccbrs4Yz78tL2flDUqzQz4RmDzHXXoTEf9b1I6jmVMk11BWKo6lAJl8Rdnu+zA1oYAAqxmHLZT3wg4V2OcqSnbPH9KrlBfexF0dFz7CbIiv9yArQ10+E5zJUGA93YVIisV2Irtvhk80xZSSJtmBzE72dCCmnjvxoGPuWlqEHa/Yqm6aVyT3p90h5sAhoMXNdOno+LaFQsmmIdvWUqFGUlCRSPU5MyqeSwdgYqppHrf3fo+FXkgWNHKZMSsgOJN6F/GbzSyZo/tPtfEi8CNtgiMtctyQEFU+7KaaTjC5Hi2fgKtC0QoRhhK5bpFxhvlDyx8O8m3XAEWdHJPMXiLfVB6Trq1WLT11iL3ebvPbCAkHlv4sYChkwJ17PYtVjTzp7TKsuwCKTm0wEHTAAE3tLqv0Mcv6WkROpOvvpZVKbzZOYYF+E/SzcRgUb7vp3YMyCzD2S/dSx3/i441bzSk604G17BhMYdl2hRCm0CTGMhwNZV5+L0Anv42us11XjG+n91GqVLcwmqoC3N3yOHw9W7FGroFqBXUEbrTW9/kgg/UAs0vlpxuy3vF7QRi6tOPmnGfJAgRLt/zCaVZH6ezRSlYiuvRZyrkLaT+VDCSLZiXBt4pfOcQqxpkRneQxuOBIqn9FE9vLrwhexarmtzKP75sUouIH7fyKjbC9kKy2+DIDe5rkZuBOdk48IQAlfcjLy5rxP2Yodu4cAy0xNByIJg/64xWOb9bnDVDBM3r9jhPpxVEDT44r6uT4jI8jWerPLhgEyrEyqjbA3Ci8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Ma Wupeng While testing mlock, we have a problem if the len of mlock is ULONG_MAX. The return value of mlock is zero. But nothing will be locked since the len in do_mlock overflows to zero due to the following code in mlock: len = PAGE_ALIGN(len + (offset_in_page(start))); The same problem happens in munlock. Add new check and return -EINVAL to fix this overflowing scenarios since they are absolutely wrong. Signed-off-by: Ma Wupeng --- mm/mlock.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mm/mlock.c b/mm/mlock.c index 7032f6dd0ce1..5a4e767feb28 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -569,6 +569,7 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla unsigned long locked; unsigned long lock_limit; int error = -ENOMEM; + size_t old_len = len; start = untagged_addr(start); @@ -578,6 +579,9 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla len = PAGE_ALIGN(len + (offset_in_page(start))); start &= PAGE_MASK; + if (old_len != 0 && len == 0) + return -EINVAL; + lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; locked = len >> PAGE_SHIFT; @@ -632,12 +636,16 @@ SYSCALL_DEFINE3(mlock2, unsigned long, start, size_t, len, int, flags) SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) { int ret; + size_t old_len = len; start = untagged_addr(start); len = PAGE_ALIGN(len + (offset_in_page(start))); start &= PAGE_MASK; + if (old_len != 0 && len == 0) + return -EINVAL; + if (mmap_write_lock_killable(current->mm)) return -EINTR; ret = apply_vma_lock_flags(start, len, 0); -- 2.25.1