Mailing List Archive

[PATCH v5 3/4] mm/mempolicy: return EINVAL if len overflows for mbind
From: Ma Wupeng <mawupeng1@huawei.com>

Check and return 0 if len == 0 at the beginning of the function.
Return -EINVAL if len overflows for mbind.

Signed-off-by: Ma Wupeng <mawupeng1@huawei.com>
---
mm/mempolicy.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 0a596c6cbed9..134fdc1f6c87 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1276,13 +1276,16 @@ static long do_mbind(unsigned long start, unsigned long len,
if (mode == MPOL_DEFAULT)
flags &= ~MPOL_MF_STRICT;

+ if (!len)
+ return 0;
+
len = PAGE_ALIGN(len);
- end = start + len;
+ if (!len)
+ return -EINVAL;

+ end = start + len;
if (end < start)
return -EINVAL;
- if (end == start)
- return 0;

new = mpol_new(mode, mode_flags, nmask);
if (IS_ERR(new))
--
2.25.1