Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7f6aaf1d authored by Isaac J. Manjarres's avatar Isaac J. Manjarres
Browse files

mm/usercopy: Use memory range to be accessed for wraparound check 



Currently, when checking to see if accessing n bytes starting at
address "ptr" will cause a wraparound in the memory addresses,
the check in check_bogus_address() adds an extra byte, which is
incorrect, as the range of addresses that will be accessed is
[ptr, ptr + (n - 1)].

This can lead to incorrectly detecting a wraparound in the
memory address, when trying to read 4 KB from memory that is
mapped to the the last possible page in the virtual address
space, when in fact, accessing that range of memory would not
cause a wraparound to occur.

Use the memory range that will actually be accessed when
considering if accessing a certain amount of bytes will cause
the memory address to wrap around.

Change-Id: Ie71a5a5cb9f6dc15d82a77202b4aaa775eb549f7
Signed-off-by: default avatarIsaac J. Manjarres <isaacm@codeaurora.org>
parent 71f9600f

mm/usercopy.c

+1 −1
Original line number Diff line number Diff line
@@ -151,7 +151,7 @@ static inline void check_bogus_address(const unsigned long ptr, unsigned long n, 
				       bool to_user)

{

	/* Reject if object wraps past end of memory. */

	if (ptr + n < ptr)

	if (ptr + (n - 1) < ptr)

		usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);



	/* Reject if NULL or ZERO-allocation. */