mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr()

The is_kmap_addr() and the is_vmalloc_addr() in the check_heap_object()
will not work, because the virt_addr_valid() will exclude the kmap and
vmalloc regions. So let's move the virt_addr_valid() below
the is_vmalloc_addr().

Signed-off-by: Yuanzheng Song <songyuanzheng@huawei.com>
Fixes: 4e140f59d285 ("mm/usercopy: Check kmap addresses properly")
Fixes: 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns")
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220505071037.4121100-1-songyuanzheng@huawei.com

diff --git a/mm/usercopy.c b/mm/usercopy.c
index ac8a093..baeacc7 100644 (file)
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -163,9 +163,6 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
 {
        struct folio *folio;
 
-       if (!virt_addr_valid(ptr))
-               return;
-
        if (is_kmap_addr(ptr)) {
                unsigned long page_end = (unsigned long)ptr | (PAGE_SIZE - 1);
 
@@ -190,6 +187,9 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
                return;
        }
 
+       if (!virt_addr_valid(ptr))
+               return;
+
        folio = virt_to_folio(ptr);
 
        if (folio_test_slab(folio)) {