[mmotm:master 8/285] fs//hugetlbfs/inode.c:142:22: note: in expansion of macro 'PGOFF_LOFFT_MAX'

[kbuild test robot <fengguang.wu@intel.com>]

[-- Attachment #1: Type: text/plain, Size: 3537 bytes --]

tree:   git://git.cmpxchg.org/linux-mmotm.git master
head:   ead058c4ec49752a4e0323368f1d695385c66020
commit: af7abfba1161d2814301844fe11adac16910ea80 [8/285] hugetlbfs-check-for-pgoff-value-overflow-v3
config: sh-defconfig (attached as .config)
compiler: sh4-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        git checkout af7abfba1161d2814301844fe11adac16910ea80
        # save the attached .config to linux build tree
        make.cross ARCH=sh 

All warnings (new ones prefixed by >>):

   fs//hugetlbfs/inode.c: In function 'hugetlbfs_file_mmap':
>> fs//hugetlbfs/inode.c:118:36: warning: left shift count is negative [-Wshift-count-negative]
    #define PGOFF_LOFFT_MAX (PAGE_MASK << (BITS_PER_LONG - (2 * PAGE_SHIFT) - 1))
                                       ^
>> fs//hugetlbfs/inode.c:142:22: note: in expansion of macro 'PGOFF_LOFFT_MAX'
     if (vma->vm_pgoff & PGOFF_LOFFT_MAX)
                         ^~~~~~~~~~~~~~~

vim +/PGOFF_LOFFT_MAX +142 fs//hugetlbfs/inode.c

   110	
   111	/*
   112	 * Mask used when checking the page offset value passed in via system
   113	 * calls.  This value will be converted to a loff_t which is signed.
   114	 * Therefore, we want to check the upper PAGE_SHIFT + 1 bits of the
   115	 * value.  The extra bit (- 1 in the shift value) is to take the sign
   116	 * bit into account.
   117	 */
 > 118	#define PGOFF_LOFFT_MAX (PAGE_MASK << (BITS_PER_LONG - (2 * PAGE_SHIFT) - 1))
   119	
   120	static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma)
   121	{
   122		struct inode *inode = file_inode(file);
   123		loff_t len, vma_len;
   124		int ret;
   125		struct hstate *h = hstate_file(file);
   126	
   127		/*
   128		 * vma address alignment (but not the pgoff alignment) has
   129		 * already been checked by prepare_hugepage_range.  If you add
   130		 * any error returns here, do so after setting VM_HUGETLB, so
   131		 * is_vm_hugetlb_page tests below unmap_region go the right
   132		 * way when do_mmap_pgoff unwinds (may be important on powerpc
   133		 * and ia64).
   134		 */
   135		vma->vm_flags |= VM_HUGETLB | VM_DONTEXPAND;
   136		vma->vm_ops = &hugetlb_vm_ops;
   137	
   138		/*
   139		 * page based offset in vm_pgoff could be sufficiently large to
   140		 * overflow a (l)off_t when converted to byte offset.
   141		 */
 > 142		if (vma->vm_pgoff & PGOFF_LOFFT_MAX)
   143			return -EINVAL;
   144	
   145		/* must be huge page aligned */
   146		if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT))
   147			return -EINVAL;
   148	
   149		vma_len = (loff_t)(vma->vm_end - vma->vm_start);
   150		len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
   151		/* check for overflow */
   152		if (len < vma_len)
   153			return -EINVAL;
   154	
   155		inode_lock(inode);
   156		file_accessed(file);
   157	
   158		ret = -ENOMEM;
   159		if (hugetlb_reserve_pages(inode,
   160					vma->vm_pgoff >> huge_page_order(h),
   161					len >> huge_page_shift(h), vma,
   162					vma->vm_flags))
   163			goto out;
   164	
   165		ret = 0;
   166		if (vma->vm_flags & VM_WRITE && inode->i_size < len)
   167			i_size_write(inode, len);
   168	out:
   169		inode_unlock(inode);
   170	
   171		return ret;
   172	}
   173	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 14683 bytes --]