LinuxLists.cc - [PATCH] mm: madvise: complete input validation before taking lock

2013-04-10 23:53:05

Subject: [PATCH] mm: madvise: complete input validation before taking lock

In madvise(), there doesn't seem to be any reason for taking the
&current->mm->mmap_sem before start and len_in have been
validated. Incidentally, this removes the need for the out: label.

Signed-off-by: Rasmus Villemoes <[email protected]>
---

diff --git a/mm/madvise.c b/mm/madvise.c
index c58c94b..d2ae668 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -473,27 +473,27 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
if (!madvise_behavior_valid(behavior))
return error;

- write = madvise_need_mmap_write(behavior);
- if (write)
- down_write(&current->mm->mmap_sem);
- else
- down_read(&current->mm->mmap_sem);
-
if (start & ~PAGE_MASK)
- goto out;
+ return error;
len = (len_in + ~PAGE_MASK) & PAGE_MASK;

/* Check to see whether len was rounded up from small -ve to zero */
if (len_in && !len)
- goto out;
+ return error;

end = start + len;
if (end < start)
- goto out;
+ return error;

error = 0;
if (end == start)
- goto out;
+ return error;
+
+ write = madvise_need_mmap_write(behavior);
+ if (write)
+ down_write(&current->mm->mmap_sem);
+ else
+ down_read(&current->mm->mmap_sem);

/*
* If the interval [start,end) covers some unmapped address
@@ -541,7 +541,6 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
}
out_plug:
blk_finish_plug(&plug);
-out:
if (write)
up_write(&current->mm->mmap_sem);
else

2013-04-10 23:50:54

by David Rientjes

[permalink] [raw]

Subject: Re: [PATCH] mm: madvise: complete input validation before taking lock

On Wed, 10 Apr 2013, Rasmus Villemoes wrote:

> In madvise(), there doesn't seem to be any reason for taking the
> &current->mm->mmap_sem before start and len_in have been
> validated. Incidentally, this removes the need for the out: label.
>
>
> Signed-off-by: Rasmus Villemoes <[email protected]>

Acked-by: David Rientjes <[email protected]>

Would be nice to do s/out_plug/out/ now if you have a chance.

2013-04-10 23:56:55

by KOSAKI Motohiro

[permalink] [raw]

Subject: Re: [PATCH] mm: madvise: complete input validation before taking lock

(4/10/13 7:45 PM), Rasmus Villemoes wrote:
> In madvise(), there doesn't seem to be any reason for taking the
> &current->mm->mmap_sem before start and len_in have been
> validated. Incidentally, this removes the need for the out: label.
>
>
> Signed-off-by: Rasmus Villemoes <[email protected]>

Looks good.

Acked-by: KOSAKI Motohiro <[email protected]>