Fix a bound check error in msync()

utshina · utshina · commit dc59dca1da8b · 2018-02-09T08:52:45.000+09:00
In the previous bound check, msync() fails for exactly the same size mm_region.
diff --git a/src/mm/mm.c b/src/mm/mm.c
@@ -326,7 +326,7 @@ DEFINE_SYSCALL(get_mempolicy, gaddr_t, policy, gaddr_t, nmask, unsigned long, ma
 DEFINE_SYSCALL(msync, gaddr_t, addr, size_t, len, int, flags)
 {
   struct mm_region *region = find_region(addr, proc.mm);
-  if (!region || addr - region->gaddr >= len || len + addr - region->gaddr >= region->size) {
+  if (!region || addr - region->gaddr >= len || len + addr - region->gaddr > region->size) {
     return -LINUX_ENOMEM;
   }
   

Original file line number	Diff line number	Diff line change
`@@ -326,7 +326,7 @@ DEFINE_SYSCALL(get_mempolicy, gaddr_t, policy, gaddr_t, nmask, unsigned long, ma`
`326`	`326`	`DEFINE_SYSCALL(msync, gaddr_t, addr, size_t, len, int, flags)`
`327`	`327`	`{`
`328`	`328`	`struct mm_region *region = find_region(addr, proc.mm);`
`329`		`- if (!region \|\| addr - region->gaddr >= len \|\| len + addr - region->gaddr >= region->size) {`
	`329`	`+ if (!region \|\| addr - region->gaddr >= len \|\| len + addr - region->gaddr > region->size) {`
`330`	`330`	`return -LINUX_ENOMEM;`
`331`	`331`	`}`
`332`	`332`