On 2/16/23 2:24 PM, David Hildenbrand wrote: > On 16.02.23 10:16, Muhammad Usama Anjum wrote: >> Add VM_WARN_ONCE() to uffd_wp_range() to detect range (start, len) abuse. >> >> Signed-off-by: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx> >> --- >> mm/userfaultfd.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c >> index 77c5839e591c..d89ed44d2668 100644 >> --- a/mm/userfaultfd.c >> +++ b/mm/userfaultfd.c >> @@ -717,6 +717,8 @@ long uffd_wp_range(struct mm_struct *dst_mm, struct >> vm_area_struct *dst_vma, >> struct mmu_gather tlb; >> long ret; >> + VM_WARN_ONCE(start < dst_vma->vm_start || start + len > >> dst_vma->vm_end, >> + "The address range exceeds VMA boundary.\n"); > > VM_WARN_ON_ONCE is sufficient (sorry for spelling out the wrong variant > earlier). Will do in the next version. Thanks. > > These kinds of bugs are expected to be found early during testing, still it > might make sense to implement a backup path > > if (WARN_ON_ONCE(...)) > return -EINVAL; > > But we can't use VM_WARN_ON_ONCE here, so we can't compile it out anymore > ... so I guess a simple VM_WARN_ON_ONCE() is sufficient. > -- BR, Muhammad Usama Anjum
