[<prev] [next>] [day] [month] [year] [list]
Message-ID: <36509a07-5ab0-44e8-85b3-5cf884a9aff4@p183>
Date: Mon, 10 Jul 2023 12:02:28 +0300
From: Alexey Dobriyan <adobriyan@...il.com>
To: lilinke99@...il.com
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] hugetlbfs: Fix integer overflow check in
hugetlbfs_file_mmap()
> --- a/fs/hugetlbfs/inode.c
> +++ b/fs/hugetlbfs/inode.c
> @@ -157,7 +157,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma)
> vma_len = (loff_t)(vma->vm_end - vma->vm_start);
> len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
> /* check for overflow */
> - if (len < vma_len)
> + if (vma_len > LLONG_MAX - ((loff_t)vma->vm_pgoff << PAGE_SHIFT))
> return -EINVAL;
Proper fix is to make everything unsigned probably.
Powered by blists - more mailing lists