> On Nov 14, 2018, at 10:32 AM, isa...@codeaurora.org wrote:
>
> Thank you and David for your feedback. The check_bogus_address() routine is
> only invoked from one place in the kernel, which is __check_object_size().
> Before invoking check_bogus_address, __check_object_size ensures that n is
> non-zero, so it is not possible to call this routine with n being 0.
> Therefore, we shouldn't run into the scenario you described. Also, in the
> case where we are copying a page's contents into a kernel space buffer and
> will not have that buffer interacting with userspace at all, this change to
> that check should still be valid, correct?
Having fixed more than one bug resulting from a "only called in one place"
routine later being called elsewhere,
I am wary, but ultimately it's likely not worth the performance hit of a check
or BUG_ON().
It's a generic math check for overflow, so it should work with any address.
Reviewed-by: William Kucharski <william.kuchar...@oracle.com>