lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230425110511.11680-2-zhangpeng.00@bytedance.com>
Date:   Tue, 25 Apr 2023 19:05:03 +0800
From:   Peng Zhang <zhangpeng.00@...edance.com>
To:     Liam.Howlett@...cle.com
Cc:     akpm@...ux-foundation.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, maple-tree@...ts.infradead.org,
        Peng Zhang <zhangpeng.00@...edance.com>
Subject: [PATCH 1/9] maple_tree: Fix allocation when min is equal to max in mas_empty_area/_area_rev()

Make the allocation valid when min is equal to max in mas_empty_area()
and mas_empty_area_rev(). As Liam R. Howlett said, VMA doesn't make this
allocation, so now this bug won't trigger.

Also add some checks for invalid parameters.

Fixes: 54a611b60590 ("Maple Tree: add new data structure")
Signed-off-by: Peng Zhang <zhangpeng.00@...edance.com>
---
 lib/maple_tree.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 110a36479dced..72099b4b32169 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -5289,7 +5289,10 @@ int mas_empty_area(struct ma_state *mas, unsigned long min,
 	unsigned long *pivots;
 	enum maple_type mt;
 
-	if (min >= max)
+	if (unlikely(min > max))
+		return -EINVAL;
+
+	if (unlikely(size == 0) || unlikely(max - min < size - 1))
 		return -EINVAL;
 
 	if (mas_is_start(mas))
@@ -5344,7 +5347,10 @@ int mas_empty_area_rev(struct ma_state *mas, unsigned long min,
 {
 	struct maple_enode *last = mas->node;
 
-	if (min >= max)
+	if (unlikely(min > max))
+		return -EINVAL;
+
+	if (unlikely(size == 0) || unlikely(max - min < size - 1))
 		return -EINVAL;
 
 	if (mas_is_start(mas)) {
@@ -5380,7 +5386,7 @@ int mas_empty_area_rev(struct ma_state *mas, unsigned long min,
 		return -EBUSY;
 
 	/* Trim the upper limit to the max. */
-	if (max <= mas->last)
+	if (max < mas->last)
 		mas->last = max;
 
 	mas->index = mas->last - size + 1;
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ