mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr()

The is_kmap_addr() and the is_vmalloc_addr() in the check_heap_object() will not work, because the virt_addr_valid() will exclude the kmap and vmalloc regions. So let's move the virt_addr_valid() below the is_vmalloc_addr(). Signed-off-by: Yuanzheng Song <songyuanzheng@huawei.com> Fixes: 4e140f59d285 ("mm/usercopy: Check kmap addresses properly") Fixes: 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns") Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220505071037.4121100-1-songyuanzheng@huawei.com
author: Yuanzheng Song <songyuanzheng@huawei.com> 2022-05-05 07:10:37 +0000
committer: Kees Cook <keescook@chromium.org> 2022-05-16 16:02:21 -0700
commit: a5f4d9df1f7beaaebbaa5943ceb789c34f10b8d5 (patch)
tree: 64b27c83d25403a1c9fe2b4c3b53c8d4cff3b3d3 /mm/usercopy.c
parent: 710e4ebfbacac53b05c86a01e6d636c69f6eca9f (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/mm/usercopy.c b/mm/usercopy.c
index ac8a093e90c1..baeacc735b83 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -163,9 +163,6 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
 {
 	struct folio *folio;
 
-	if (!virt_addr_valid(ptr))
-		return;
-
 	if (is_kmap_addr(ptr)) {
 		unsigned long page_end = (unsigned long)ptr | (PAGE_SIZE - 1);
 
@@ -190,6 +187,9 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
 		return;
 	}
 
+	if (!virt_addr_valid(ptr))
+		return;
+
 	folio = virt_to_folio(ptr);
 
 	if (folio_test_slab(folio)) {
author	Yuanzheng Song <songyuanzheng@huawei.com>	2022-05-05 07:10:37 +0000
committer	Kees Cook <keescook@chromium.org>	2022-05-16 16:02:21 -0700
commit	a5f4d9df1f7beaaebbaa5943ceb789c34f10b8d5 (patch)
tree	64b27c83d25403a1c9fe2b4c3b53c8d4cff3b3d3 /mm/usercopy.c
parent	710e4ebfbacac53b05c86a01e6d636c69f6eca9f (diff)