diff --git a/kernel/src/syscall/madvise.rs b/kernel/src/syscall/madvise.rs index 9b533ee02..a2d72402c 100644 --- a/kernel/src/syscall/madvise.rs +++ b/kernel/src/syscall/madvise.rs @@ -20,7 +20,7 @@ pub fn sys_madvise( if start % PAGE_SIZE != 0 { return_errno_with_message!(Errno::EINVAL, "the start address should be page aligned"); } - if len == 0 { + if len == 0 || len > usize::MAX - PAGE_SIZE + 1 { return Ok(SyscallReturn::Return(0)); } diff --git a/kernel/src/syscall/mmap.rs b/kernel/src/syscall/mmap.rs index 47b9228dd..8e6f34cee 100644 --- a/kernel/src/syscall/mmap.rs +++ b/kernel/src/syscall/mmap.rs @@ -57,6 +57,9 @@ fn do_sys_mmap( if len == 0 { return_errno_with_message!(Errno::EINVAL, "mmap len cannot be zero"); } + if len > usize::MAX - PAGE_SIZE + 1 { + return_errno_with_message!(Errno::ENOMEM, "mmap len align overflow"); + } let len = len.align_up(PAGE_SIZE); diff --git a/kernel/src/syscall/mprotect.rs b/kernel/src/syscall/mprotect.rs index af9c28c63..5543db9ac 100644 --- a/kernel/src/syscall/mprotect.rs +++ b/kernel/src/syscall/mprotect.rs @@ -22,6 +22,9 @@ pub fn sys_mprotect(addr: Vaddr, len: usize, perms: u64, ctx: &Context) -> Resul if len == 0 { return Ok(SyscallReturn::Return(0)); } + if len > usize::MAX - PAGE_SIZE + 1 { + return_errno_with_message!(Errno::ENOMEM, "len align overflow"); + } let len = len.align_up(PAGE_SIZE); let end = addr.checked_add(len).ok_or(Error::with_message( diff --git a/kernel/src/syscall/munmap.rs b/kernel/src/syscall/munmap.rs index fb879c81e..fea54ff65 100644 --- a/kernel/src/syscall/munmap.rs +++ b/kernel/src/syscall/munmap.rs @@ -14,6 +14,9 @@ pub fn sys_munmap(addr: Vaddr, len: usize, ctx: &Context) -> Result usize::MAX - PAGE_SIZE + 1 { + return_errno_with_message!(Errno::ENOMEM, "munmap len align overflow"); + } let root_vmar = ctx.process.root_vmar(); let len = len.align_up(PAGE_SIZE);