From: Andrew Morton <akpm@linux-foundation.org>
To: Mike Kravetz <mike.kravetz@oracle.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
bugzilla-daemon@bugzilla.kernel.org,
Michal Hocko <mhocko@kernel.org>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Nic Losby <blurbdust@gmail.com>,
Yisheng Xie <xieyisheng1@huawei.com>,
stable@vger.kernel.org
Subject: Re: [PATCH v2] hugetlbfs: check for pgoff value overflow
Date: Thu, 8 Mar 2018 15:53:39 -0800 [thread overview]
Message-ID: <20180308155339.de99d2ddde514e3980e3ef96@linux-foundation.org> (raw)
In-Reply-To: <a5e3c0c4-d41e-6ffd-935d-63cce2527d0f@oracle.com>
On Thu, 8 Mar 2018 15:37:57 -0800 Mike Kravetz <mike.kravetz@oracle.com> wrote:
> Here are a couple options for computing the mask. I changed the name
> you suggested to make it more obvious that the mask is being used to
> check for loff_t overflow.
>
> If we want to explicitly comptue the mask as in code above.
> #define PGOFF_LOFFT_MAX \
> (((1UL << (PAGE_SHIFT + 1)) - 1) << (BITS_PER_LONG - (PAGE_SHIFT + 1)))
>
> Or, we use PAGE_MASK
> #define PGOFF_LOFFT_MAX (PAGE_MASK << (BITS_PER_LONG - (2 * PAGE_SHIFT) - 1))
Sounds good.
> In either case, we need a big comment explaining the mask and
> how we have that extra bit +/- 1 because the offset will be converted
> to a signed value.
Yup.
> > Also, we later to
> >
> > len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
> > /* check for overflow */
> > if (len < vma_len)
> > return -EINVAL;
> >
> > which is ungainly: even if we passed the PGOFF_T_MAX test, there can
> > still be an overflow which we still must check for. Is that avoidable?
> > Probably not...
>
> Yes, it is required. That check takes into account the length argument
> which is added to page offset. So, yes you can pass the first check and
> fail this one.
Well I was sort of wondering if both checks could be done in a single
operation, but I guess not.
next prev parent reply other threads:[~2018-03-08 23:53 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-199037-27@https.bugzilla.kernel.org/>
2018-03-06 21:31 ` [Bug 199037] New: Kernel bug at mm/hugetlb.c:741 Andrew Morton
2018-03-06 21:46 ` Mike Kravetz
2018-03-07 0:31 ` Mike Kravetz
2018-03-07 2:49 ` Nic Losby
2018-03-07 4:19 ` Mike Kravetz
2018-03-07 16:39 ` Mike Kravetz
2018-03-07 23:59 ` [PATCH] hugetlbfs: check for pgoff value overflow Mike Kravetz
2018-03-08 0:57 ` Nic Losby
2018-03-08 1:35 ` Yisheng Xie
2018-03-08 4:25 ` Mike Kravetz
2018-03-08 21:03 ` Mike Kravetz
2018-03-08 21:05 ` [PATCH v2] " Mike Kravetz
2018-03-08 22:15 ` Andrew Morton
2018-03-08 23:37 ` Mike Kravetz
2018-03-08 23:53 ` Andrew Morton [this message]
2018-03-09 0:27 ` [PATCH v3] " Mike Kravetz
2018-03-09 1:05 ` Andrew Morton
2018-03-16 10:17 ` Michal Hocko
2018-03-16 16:19 ` Mike Kravetz
2018-03-16 16:53 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180308155339.de99d2ddde514e3980e3ef96@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=blurbdust@gmail.com \
--cc=bugzilla-daemon@bugzilla.kernel.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=stable@vger.kernel.org \
--cc=xieyisheng1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox