On 11/25, Borislav Petkov wrote: > > On Mon, Nov 25, 2013 at 08:50:28PM +0100, Oleg Nesterov wrote: > > This won't work if va + len overflows? > > Oh, right, > > > Perhaps we should makes this clear, and we can even check the overflow > > in the generic code (iirc Linus suggested to do this). > > maybe something like > > ((va + len - 1) >= TASK_SIZE) || ((va + len - 1) < va) Yes. But again, it makes sense to do this in the caller. And kill the stupid get_hbp_len(). And other cleanups. But this patch just tries to fix the typo in the security check. Oleg. -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html