[PATCH] mm/highmem: VM_BUG_ON() if offset + len > PAGE_SIZE

From: Fabio M. De Francesco
Date: Tue Apr 26 2022 - 15:31:55 EST


Add VM_BUG_ON() bounds checking to make sure that, if "offset + len>
PAGE_SIZE", memset() does not corrupt data in adjacent pages.

Cc: Ira Weiny <ira.weiny@xxxxxxxxx>
Signed-off-by: Fabio M. De Francesco <fmdefrancesco@xxxxxxxxx>
---
include/linux/highmem.h | 2 ++
1 file changed, 2 insertions(+)

diff --git a/include/linux/highmem.h b/include/linux/highmem.h
index 6b2d59e025c5..d54dbaae9a5e 100644
--- a/include/linux/highmem.h
+++ b/include/linux/highmem.h
@@ -380,6 +380,8 @@ static inline void memcpy_to_page(struct page *page, size_t offset,
static inline void memzero_page(struct page *page, size_t offset, size_t len)
{
char *addr = kmap_local_page(page);
+
+ VM_BUG_ON(offset + len > PAGE_SIZE);
memset(addr + offset, 0, len);
flush_dcache_page(page);
kunmap_local(addr);
--
2.34.1