kernel: Fix possible overflow in k_mem_map

k_mem_map additionally allocates two guard pages that are not mapped.
These pages are not being accounted when checking the provided size and
when they are added an overflow can happen and the mapped memory is not
correct.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2024-03-14 15:17:51 -07:00 committed by Anas Nashif
commit e2f3840380

View file

@ -16,6 +16,8 @@
#include <zephyr/toolchain.h>
#include <zephyr/linker/linker-defs.h>
#include <zephyr/sys/bitarray.h>
#include <zephyr/sys/check.h>
#include <zephyr/sys/math_extras.h>
#include <zephyr/timing/timing.h>
#include <zephyr/logging/log.h>
LOG_MODULE_DECLARE(os, CONFIG_KERNEL_LOG_LEVEL);
@ -575,6 +577,11 @@ void *k_mem_map(size_t size, uint32_t flags)
__ASSERT((flags & K_MEM_CACHE_MASK) == 0U,
"%s does not support explicit cache settings", __func__);
CHECKIF(size_add_overflow(size, CONFIG_MMU_PAGE_SIZE * 2, &total_size)) {
LOG_ERR("too large size %zu passed to %s", size, __func__);
return NULL;
}
key = k_spin_lock(&z_mm_lock);
/* Need extra for the guard pages (before and after) which we