On 1/3/19 5:59 PM, Roman Penyaev wrote:
area->size can include adjacent guard page but get_vm_area_size() returns actual size of the area.
This fixes possible kernel crash when userspace tries to map area on 1 page bigger: size check passes but the following vmalloc_to_page() returns NULL on last guard (non-existing) page.
Signed-off-by: Roman Penyaev rpenyaev@suse.de Cc: Andrew Morton akpm@linux-foundation.org Cc: Michal Hocko mhocko@suse.com Cc: Andrey Ryabinin aryabinin@virtuozzo.com Cc: Joe Perches joe@perches.com Cc: "Luis R. Rodriguez" mcgrof@kernel.org Cc: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org
Fixes: e69e9d4aee71 ("vmalloc: introduce remap_vmalloc_range_partial") Acked-by: Andrey Ryabinin aryabinin@virtuozzo.com