I like these, but a quick question: Since the usercopy_abort() calls are all because the offset exceeds the page size, is there a reason why you don't specifically state that via the detail parameter rather than just supply a NULL pointer? Otherwise for the patch series: Reviewed-by: William Kucharski <william.kucharski@xxxxxxxxxx> > On Dec 13, 2021, at 7:27 AM, Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx> wrote: > > We must prohibit page boundary crossing for kmap() addresses. > vmap() addresses are limited by the length of the mapping, and > compound pages are limited by the size of the page. > > These should probably all have test cases? > > v3: > - Remove a now-unused variable > v2: > - Prevent a NULL pointer dereference when a vmalloc-range pointer > doesn't have an associated allocation (me) > - Report better offsets than "0" (Kees) > > > Matthew Wilcox (Oracle) (3): > mm/usercopy: Check kmap addresses properly > mm/usercopy: Detect vmalloc overruns > mm/usercopy: Detect compound page overruns > > arch/x86/include/asm/highmem.h | 1 + > include/linux/highmem-internal.h | 10 ++++++++ > mm/usercopy.c | 43 +++++++++++++++++++++++--------- > 3 files changed, 42 insertions(+), 12 deletions(-) > > -- > 2.33.0
