Commit 3a0ae68a authored Nov 01, 2018 by Isaac J. Manjarres Committed by Gerrit - the friendly Code Review server Jan 17, 2019

mm/usercopy: Use memory range to be accessed for wraparound check



Currently, when checking to see if accessing n bytes starting at
address "ptr" will cause a wraparound in the memory addresses,
the check in check_bogus_address() adds an extra byte, which is
incorrect, as the range of addresses that will be accessed is
[ptr, ptr + (n - 1)].

This can lead to incorrectly detecting a wraparound in the
memory address, when trying to read 4 KB from memory that is
mapped to the the last possible page in the virtual address
space, when in fact, accessing that range of memory would not
cause a wraparound to occur.

Use the memory range that will actually be accessed when
considering if accessing a certain amount of bytes will cause
the memory address to wrap around.

Change-Id: Ie71a5a5cb9f6dc15d82a77202b4aaa775eb549f7
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
Signed-off-by: Zhenhua Huang <zhenhuah@codeaurora.org>

parent 85016969

mm/usercopy.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -124,7 +124,7 @@ static inline const char check_kernel_text_object(const void ptr,
		static inline const char check_bogus_address(const void ptr, unsigned long n)
		{
		/* Reject if object wraps past end of memory. */
		if ((unsigned long)ptr + n < (unsigned long)ptr)
		if ((unsigned long)ptr + (n - 1) < (unsigned long)ptr)
		return "<wrapped address>";

		/* Reject if NULL or ZERO-allocation. */