From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0729EB64D9 for ; Thu, 6 Jul 2023 22:50:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6979B8D0003; Thu, 6 Jul 2023 18:50:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5FCB08D0002; Thu, 6 Jul 2023 18:50:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4250C8D0003; Thu, 6 Jul 2023 18:50:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 2DA9D8D0002 for ; Thu, 6 Jul 2023 18:50:56 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id EEDE2C0146 for ; Thu, 6 Jul 2023 22:50:55 +0000 (UTC) X-FDA: 80982683670.21.10901A6 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) by imf18.hostedemail.com (Postfix) with ESMTP id 296C51C0005 for ; Thu, 6 Jul 2023 22:50:53 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=oG6cUbXq; spf=pass (imf18.hostedemail.com: domain of 3TUWnZA0KCKAAXELRASMUSSENGOOGLE.COMLINUX-MMKVACK.ORG@flex--axelrasmussen.bounces.google.com designates 209.85.219.201 as permitted sender) smtp.mailfrom=3TUWnZA0KCKAAXELRASMUSSENGOOGLE.COMLINUX-MMKVACK.ORG@flex--axelrasmussen.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688683854; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dr4h9VGDfsn/VMT+xHDPiOp9dXBZSKUD38K7YaReMD4=; b=sQ06Bg4e30OarG+GI8RW3WHXNkTMLUcR5SgP3d3Mr359LqnddddKT1co+Ry7Ug04lxcMVs el4ZQHzNjnjY/G6gM0seUrXCzpkDsKLhXch78PZ3Y23cZQpwFB4zRGV3iIifAmSEgm3U+7 DqzLp+0pgL8YIeb1+4YsKCJ0I9iBV1Y= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688683854; a=rsa-sha256; cv=none; b=mMIMYEsJKuQhl50SVceK/X1JcQLqWnvnRTbuTyUUpyxlakI2v4fkGI7yV2G2//Of390LLQ N2/oAqS6gExDxdTLpLfjZzANPA5hYgQweFWc//1Cl11XjKlqiNr9j5eDZRbwqfIqYi+/a4 l17KFScCrW+Gw5dvrKPQxtMIoT3VKiw= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=oG6cUbXq; spf=pass (imf18.hostedemail.com: domain of 3TUWnZA0KCKAAXELRASMUSSENGOOGLE.COMLINUX-MMKVACK.ORG@flex--axelrasmussen.bounces.google.com designates 209.85.219.201 as permitted sender) smtp.mailfrom=3TUWnZA0KCKAAXELRASMUSSENGOOGLE.COMLINUX-MMKVACK.ORG@flex--axelrasmussen.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-c60ba0bd413so1225275276.2 for ; Thu, 06 Jul 2023 15:50:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688683853; x=1691275853; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=dr4h9VGDfsn/VMT+xHDPiOp9dXBZSKUD38K7YaReMD4=; b=oG6cUbXqueLNKCE01QfHG46TYxjrnSczrRs1z4fAd0XehnlwpZ6QzxEJt4W2Ue3oTg jmIlcVMPOO3wBc5Jmpx0+P7PdoVG9zHOG4l9JNotEr1VVRKn8UBqflwPIUBZiM7amwz3 tHjgfEOpZHvakwUYyo/kFliQBAwyxEYaH9p9Krdz4uCEX03XtWL0k4huwPf4JMBUWiuJ vH0FF8WK3+d9dnq2JbKxfTWxmC9bR4z1x++0EIg8VN51Y6zcrk9sFkWFs+n0Ee8WaTrI T/JjfeQ68QMFZsZ0wuD8e82BwZ+qeWxNN+55lMptu2IruYWfXF6lh4uEunTtWoQohPkt /enw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688683853; x=1691275853; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dr4h9VGDfsn/VMT+xHDPiOp9dXBZSKUD38K7YaReMD4=; b=QKSuuDFxrMeY0fXCOOjtWjlMyhv6dytYISuqRmAULYqQa1UWNOIg0KSE2IcmR5OVit Zr3ydsbnOlu1z3Dzp0b/QmQAbYfzuN4NxxNNERmG/U+2met17EqkZKzZ4bZMKIX64yrO a6XUFoxEZSRyTDrmIZnTwhiCCZ6nRHheX9PFNMAD1FuPzG3pnhTIioh5dkIbkEXgxv0i pBfg3qpKGNuLx/LgmmcgrdlMBmjQh9JmjZGDLIzN6+lkEQ74VsJQtuncSMeEBP8fx5TH j8PSKA82lLlVBmVclWXqarU2wyH/VhDSdm+C6wfJ0XBu60K4ESImSnrmehUkHlAAFM8T 6UuA== X-Gm-Message-State: ABy/qLZ6GADmzaeVll8IdPbpI3dCu29bhTIsXAj+VtNOVjf63ENdox92 L6KhZN0VYAFY0yoNXxNvvmK4L7p9l/gfkwU1NS+j X-Google-Smtp-Source: APBJJlEl5yfZInV23tQIGQwzZqjUhDMQjVJrb/6PeQU7rd1hzOOT/WdC6F9gqXpUHWmfYN6lE3AUVfAUoi1up8aCXiJW X-Received: from axel.svl.corp.google.com ([2620:15c:2a3:200:bec3:2b1c:87a:fca2]) (user=axelrasmussen job=sendgmr) by 2002:a25:c70e:0:b0:c67:e177:100a with SMTP id w14-20020a25c70e000000b00c67e177100amr19507ybe.4.1688683853333; Thu, 06 Jul 2023 15:50:53 -0700 (PDT) Date: Thu, 6 Jul 2023 15:50:30 -0700 In-Reply-To: <20230706225037.1164380-1-axelrasmussen@google.com> Mime-Version: 1.0 References: <20230706225037.1164380-1-axelrasmussen@google.com> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230706225037.1164380-3-axelrasmussen@google.com> Subject: [PATCH v3 2/8] mm: userfaultfd: check for start + len overflow in validate_range From: Axel Rasmussen To: Alexander Viro , Andrew Morton , Brian Geffon , Christian Brauner , David Hildenbrand , Gaosheng Cui , Huang Ying , Hugh Dickins , James Houghton , "Jan Alexander Steffens (heftig)" , Jiaqi Yan , Jonathan Corbet , Kefeng Wang , "Liam R. Howlett" , Miaohe Lin , Mike Kravetz , "Mike Rapoport (IBM)" , Muchun Song , Nadav Amit , Naoya Horiguchi , Peter Xu , Ryan Roberts , Shuah Khan , Suleiman Souhlal , Suren Baghdasaryan , "T.J. Alumbaugh" , Yu Zhao , ZhangPeng Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, Axel Rasmussen Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 296C51C0005 X-Rspam-User: X-Stat-Signature: ap5brkstuo5tyeg3c88tphfpnwrrykgu X-Rspamd-Server: rspam03 X-HE-Tag: 1688683853-800388 X-HE-Meta: U2FsdGVkX1/AMJQfsXBwWvz6YbVM2S4hensfTgalq1AQztBFeUAA627j64aHE3qJ4d5pq/nxW/ACdF3Hh8DIZuA4EzgO4p84jU5Jf9RFk+WkQzT/pGS3jOuHvmoMxUADzQMIdGQ/p68zoLOHl0FUa2NWG6pUoWYLA/VkAYPkOJ38QW+Jr3NXiaHzVQBW/GxLXMVkRHaS6XNTG8Kym4AgTLoEOTgiTVcjkg2EeIxkNLlcKep5YDCQ/PsaY9IKudH60AxLhoVLmlO4PBFo2GXGYt24IEJqNduevRD1RA5VHSX/8KQXgTN/UlnQEoXGsBlDrXOoIaqTnkeJ6keFzaFxjLJPT9T5G6wvC3o4TY6uSuMA5gEjUC5xZEC/QAJsn6uFT39OtCMwp/iRLdZ/VIxftQCwIhhDCmns7+94ypDwW/g/QggWyTFBoM+KjE4hBVKy/DLA4DyeZPmzdwnvB6pjCiOykt5em1Z8E8j5rSWXQKgj2ElK2SS+dRHdlF1bWt/viRfTjsW+VKPkCWDUrIBQmhsufywB3OcyEivPhR4tuDFU+FB/N4SSxrk48hH9LoiP/Zxs9AZeY/yzRILWmxr9Q6VIHHbJ5O2TCFessvG/pUhhGI1xflXXAQqyqQdMMzN8KKeyw+irEc/pcibGc3wr/LGpkpkEuXivAd+MHhCjkeBScjoZ5FdY4+eLWrDnRi4pp9MwsrVAKnSj4kX73zqa/RPMXxm+llwFnpqWGcrkqzmV4Up3+dXBDAiDRubSZaL8hLK7C7yDL11ERO3ndYG54M4QsZTYa/+OB2vIIuG3/DBfCgVvdXUEZ67pZg4sCwj2hbnMQpCe0uDmbgyR88SzzEDsk3xV6rgELMFuOHC9+kalt8yrWpqNCMrsuEZ8aFNe5RFo4t7M4GkcP9Elt7aI+aaWlfgcX8GPSNZyOihkZKJEL2cT6JMhgJkBMgx60XS8ejtf5ipeDZ/PLciEXMV E52ju/ZB OlygyOzkaVx2iCDe+cumHmJgSIP6I01TW6pB5wnHFO6Fob73saYyYOt2DqS23xHMjog5AHpcR3gCS6sI2A8HXJjSj7YYDAg+pWaVN630Gohe+jKJJ6ORSx+bB2u0bxxa9rPmhUfAe8zpwEc9eBWCWYm7dBiMupdsgIXPwUjwX0v7QjeVQe4vIli3jlPSRImb3M/AVOl3AVGrJXNNxm+t2uqX0YFrKxB6SrlVemnIdHvFkNm/LhMhGWcGYwflj8ENRzDSeFDmSnKIQcAGRAjNg6EC7fBE0E6YhsHIPKewevu/O0OtDOHEWYDj/Ki45T3srp4jdIk4RiMU3cvd7FlMNHKXudx0l7DHg9bECKK8C9gulGnjbckqvlI7J0pJ6qwfmmpgDUsfsELL/8ug4ZgHM2BnGWuc5m/3f+qwZb0SGNUmaVbNCnLAL4BIANUu9cCpHV3niKJ6wYz/DUKBGFV6oZMb/OVFew1UwEC5v+RgCk2gKcPB50J7Z8G+4u09NBOJVU8QF6pbAZa+hasIUv5AdBvl/MrsoI9ced8HR7zzyta/UtSfrb8kwNKSfnGGQs+ZP4QOqsqEu70dbZxaWQoORvLQl9LfuL8IUkBZWqoHHMMX4Urs/wmtHxJgBg+xnVj4OrFoR9j6qfutFJ/b900A/Nvoo69TZCuZWYSMxgMyRJ5Gt0cRmFoec1BMvtpZJQNV4aa/EHPSlWfEnHbk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Most userfaultfd ioctls take a `start + len` range as an argument. We have the validate_range helper to check that such ranges are valid. However, some (but not all!) ioctls *also* check that `start + len` doesn't wrap around (overflow). Just check for this in validate_range. This saves some repetitive code, and adds the check to some ioctls which weren't bothering to check for it before. Signed-off-by: Axel Rasmussen --- fs/userfaultfd.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 7cecd49e078b..2e84684c46f0 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1306,6 +1306,8 @@ static __always_inline int validate_range(struct mm_struct *mm, return -EINVAL; if (len > task_size - start) return -EINVAL; + if (start + len <= start) + return -EINVAL; return 0; } @@ -1760,14 +1762,8 @@ static int userfaultfd_copy(struct userfaultfd_ctx *ctx, ret = validate_range(ctx->mm, uffdio_copy.dst, uffdio_copy.len); if (ret) goto out; - /* - * double check for wraparound just in case. copy_from_user() - * will later check uffdio_copy.src + uffdio_copy.len to fit - * in the userland range. - */ + ret = -EINVAL; - if (uffdio_copy.src + uffdio_copy.len <= uffdio_copy.src) - goto out; if (uffdio_copy.mode & ~(UFFDIO_COPY_MODE_DONTWAKE|UFFDIO_COPY_MODE_WP)) goto out; if (uffdio_copy.mode & UFFDIO_COPY_MODE_WP) @@ -1927,11 +1923,6 @@ static int userfaultfd_continue(struct userfaultfd_ctx *ctx, unsigned long arg) goto out; ret = -EINVAL; - /* double check for wraparound just in case. */ - if (uffdio_continue.range.start + uffdio_continue.range.len <= - uffdio_continue.range.start) { - goto out; - } if (uffdio_continue.mode & ~(UFFDIO_CONTINUE_MODE_DONTWAKE | UFFDIO_CONTINUE_MODE_WP)) goto out; -- 2.41.0.255.g8b1d071c50-goog