From f38adfef7e6bfe681d6602b6668be31fe1310ed0 Mon Sep 17 00:00:00 2001 From: "Fabio M. De Francesco" Date: Mon, 9 May 2022 18:20:51 -0700 Subject: [PATCH] mm/highmem: VM_BUG_ON() if offset + len > PAGE_SIZE Add VM_BUG_ON() bounds checking to make sure that, if "offset + len> PAGE_SIZE", memset() does not corrupt data in adjacent pages. Mainly to match all the similar functions in highmem.h. Link: https://lkml.kernel.org/r/20220426193020.8710-1-fmdefrancesco@gmail.com Signed-off-by: Fabio M. De Francesco Reviewed-by: Andrew Morton Cc: Ira Weiny Cc: Catalin Marinas Cc: "Matthew Wilcox (Oracle)" Cc: Peter Collingbourne Signed-off-by: Andrew Morton --- include/linux/highmem.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/highmem.h b/include/linux/highmem.h index 39bb9b47fa9c..67720bfd6ade 100644 --- a/include/linux/highmem.h +++ b/include/linux/highmem.h @@ -358,6 +358,8 @@ static inline void memcpy_to_page(struct page *page, size_t offset, static inline void memzero_page(struct page *page, size_t offset, size_t len) { char *addr = kmap_local_page(page); + + VM_BUG_ON(offset + len > PAGE_SIZE); memset(addr + offset, 0, len); flush_dcache_page(page); kunmap_local(addr);