Re: [PATCH v4 1/4] mm/mlock: return EINVAL if len overflows for mlock/munlock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21.03.23 08:44, mawupeng wrote:


On 2023/3/20 18:54, David Hildenbrand wrote:
On 20.03.23 03:47, Wupeng Ma wrote:
From: Ma Wupeng <mawupeng1@xxxxxxxxxx>

While testing mlock, we have a problem if the len of mlock is ULONG_MAX.
The return value of mlock is zero. But nothing will be locked since the
len in do_mlock overflows to zero due to the following code in mlock:

    len = PAGE_ALIGN(len + (offset_in_page(start)));

The same problem happens in munlock.

Add new check and return -EINVAL to fix this overflowing scenarios since
they are absolutely wrong.

Thinking again, wouldn't we reject mlock(0, ULONG_MAX) now as well?

mlock will return 0 if len is zero which is the same w/o this patchset.
Here is the calltrace if len is zero.

mlock(len == 0)
	do_mlock(len == 0)
		if (!len)
			return 0


I was asking about addr=0, len=ULONG_MAX.

IIUC, that used to work but could now fail? I haven't played with it, though.

--
Thanks,

David / dhildenb





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux