Re: [PATCH 0/4] return EINVAL for illegal user memory range

From: mawupeng
Date: Wed Jan 04 2023 - 04:32:40 EST

Next message: Arend van Spriel: "Re: [PATCH 1/2] brcmfmac: Use separate struct to declare firmware names for Apple OTP chips"
Previous message: Etienne Carriere: "Re: [PATCH v4 3/3] nvmem: stm32: detect bsec pta presence for STM32MP15x"
In reply to: David Hildenbrand: "Re: [PATCH 0/4] return EINVAL for illegal user memory range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2023/1/2 21:22, David Hildenbrand wrote:
> On 05.12.22 04:41, Wupeng Ma wrote:
>> From: Ma Wupeng <mawupeng1@xxxxxxxxxx>
>>
>> While testing mlock, we have a problem if the len of mlock is ULONG_MAX.
>> The return value of mlock is zero. But nothing will be locked since the
>> len in do_mlock overflows to zero due to the following code in mlock:
>>
>>    len = PAGE_ALIGN(len + (offset_in_page(start)));
>>
>> However this problem appear in multiple syscalls.
>>
>> Since TASK_SIZE is the maximum user space address. The start or len of
>> mlock shouldn't be bigger than this. Function access_ok can be used to
>> check this issue, so return -EINVAL if bigger.
>
> I assume this makes sure that what we document holds:
>
> EINVAL (mlock(), mlock2(), and munlock()) The result of the addition
>     addr+len was less than addr (e.g., the addition may have
>     resulted in an overflow).
>
> So instead of adding access_ok() checks, wouldn't be the right think to do checking for overflows?

I agree with you. Do checking only for overflows do seems nice since we need to keep
backward-compatibility.

>
>

Next message: Arend van Spriel: "Re: [PATCH 1/2] brcmfmac: Use separate struct to declare firmware names for Apple OTP chips"
Previous message: Etienne Carriere: "Re: [PATCH v4 3/3] nvmem: stm32: detect bsec pta presence for STM32MP15x"
In reply to: David Hildenbrand: "Re: [PATCH 0/4] return EINVAL for illegal user memory range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]