Add more overflow checks in mmap

kernel/src/syscall/madvise.rs

@@ -20,7 +20,10 @@ pub fn sys_madvise(
     if start % PAGE_SIZE != 0 {
         return_errno_with_message!(Errno::EINVAL, "the start address should be page aligned");
     }
-    if len == 0 || len > usize::MAX - PAGE_SIZE + 1 {
+    if len > usize::MAX - PAGE_SIZE + 1 {
+        return_errno_with_message!(Errno::EINVAL, "len align overflow");
+    }
+    if len == 0 {
         return Ok(SyscallReturn::Return(0));
     }
 

kernel/src/syscall/mmap.rs

@@ -57,8 +57,8 @@ fn do_sys_mmap(
     if len == 0 {
         return_errno_with_message!(Errno::EINVAL, "mmap len cannot be zero");
     }
-    if len > usize::MAX - PAGE_SIZE + 1 {
-        return_errno_with_message!(Errno::ENOMEM, "mmap len align overflow");
+    if len > isize::MAX as usize {
+        return_errno_with_message!(Errno::ENOMEM, "mmap len too large");
     }
 
     let len = len.align_up(PAGE_SIZE);
@@ -66,6 +66,13 @@ fn do_sys_mmap(
     if offset % PAGE_SIZE != 0 {
         return_errno_with_message!(Errno::EINVAL, "mmap only support page-aligned offset");
     }
+    offset.checked_add(len).ok_or(Error::with_message(
+        Errno::EOVERFLOW,
+        "integer overflow when (offset + len)",
+    ))?;
+    if addr > isize::MAX as usize - len {
+        return_errno_with_message!(Errno::ENOMEM, "mmap (addr + len) too large");
+    }
 
     let root_vmar = ctx.process.root_vmar();
     let vm_map_options = {

kernel/src/vm/vmar/mod.rs

@@ -169,7 +169,7 @@ impl VmarInner {
                         .checked_add(child_size)
                         .ok_or(Error::with_message(
                             Errno::ENOMEM,
-                            "integer overflow whem (child_vmar_real_start + child_size)",
+                            "integer overflow when (child_vmar_real_start + child_size)",
                         ))?;
                 if region_start <= child_vmar_real_start && child_vmar_real_end <= region_end {
                     return Ok((*region_base, child_vmar_real_start));