[PATCH 4/4] mm/msync: return EINVAL for illegal user memory range for msync
From: Wupeng Ma
Date: Sun Dec 04 2022 - 22:41:37 EST
From: Ma Wupeng <mawupeng1@xxxxxxxxxx>
Add access_ok to check user memory range and return EINVAL if overflows for
msync.
Signed-off-by: Ma Wupeng <mawupeng1@xxxxxxxxxx>
---
mm/msync.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mm/msync.c b/mm/msync.c
index ac4c9bfea2e7..a87c3dca473a 100644
--- a/mm/msync.c
+++ b/mm/msync.c
@@ -43,6 +43,8 @@ SYSCALL_DEFINE3(msync, unsigned long, start, size_t, len, int, flags)
goto out;
if (offset_in_page(start))
goto out;
+ if (unlikely(!access_ok((void __user *)start, len)))
+ goto out;
if ((flags & MS_ASYNC) && (flags & MS_SYNC))
goto out;
error = -ENOMEM;
--
2.25.1