We must prohibit page boundary crossing for kmap() addresses. vmap() addresses are limited by the length of the mapping, and compound pages are limited by the size of the page. These should probably all have test cases? Matthew Wilcox (Oracle) (3): mm/usercopy: Check kmap addresses properly mm/usercopy: Detect vmalloc overruns mm/usercopy: Detect compound page overruns arch/x86/include/asm/highmem.h | 1 + include/linux/highmem-internal.h | 10 ++++++++++ mm/usercopy.c | 33 +++++++++++++++++++++----------- 3 files changed, 33 insertions(+), 11 deletions(-) -- 2.32.0
