| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230425110511.11680-2-zhangpeng.00@bytedance.com>
Date: Tue, 25 Apr 2023 19:05:03 +0800
From: Peng Zhang <zhangpeng.00@...edance.com>
To: Liam.Howlett@...cle.com
Cc: akpm@...ux-foundation.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, maple-tree@...ts.infradead.org,
Peng Zhang <zhangpeng.00@...edance.com>
Subject: [PATCH 1/9] maple_tree: Fix allocation when min is equal to max in mas_empty_area/_area_rev()
Make the allocation valid when min is equal to max in mas_empty_area()
and mas_empty_area_rev(). As Liam R. Howlett said, VMA doesn't make this
allocation, so now this bug won't trigger.
Also add some checks for invalid parameters.
Fixes: 54a611b60590 ("Maple Tree: add new data structure")
Signed-off-by: Peng Zhang <zhangpeng.00@...edance.com>
---
lib/maple_tree.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 110a36479dced..72099b4b32169 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -5289,7 +5289,10 @@ int mas_empty_area(struct ma_state *mas, unsigned long min,
unsigned long *pivots;
enum maple_type mt;
- if (min >= max)
+ if (unlikely(min > max))
+ return -EINVAL;
+
+ if (unlikely(size == 0) || unlikely(max - min < size - 1))
return -EINVAL;
if (mas_is_start(mas))
@@ -5344,7 +5347,10 @@ int mas_empty_area_rev(struct ma_state *mas, unsigned long min,
{
struct maple_enode *last = mas->node;
- if (min >= max)
+ if (unlikely(min > max))
+ return -EINVAL;
+
+ if (unlikely(size == 0) || unlikely(max - min < size - 1))
return -EINVAL;
if (mas_is_start(mas)) {
@@ -5380,7 +5386,7 @@ int mas_empty_area_rev(struct ma_state *mas, unsigned long min,
return -EBUSY;
/* Trim the upper limit to the max. */
- if (max <= mas->last)
+ if (max < mas->last)
mas->last = max;
mas->index = mas->last - size + 1;
--
2.20.1
Powered by blists - more mailing lists