From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9ABAEC3F2D1 for ; Thu, 5 Mar 2020 04:48:15 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 50BD92072D for ; Thu, 5 Mar 2020 04:48:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=lca.pw header.i=@lca.pw header.b="B+rC3aCe" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 50BD92072D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lca.pw Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id CD8D96B0003; Wed, 4 Mar 2020 23:48:14 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C8A966B0005; Wed, 4 Mar 2020 23:48:14 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B9F076B0007; Wed, 4 Mar 2020 23:48:14 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0153.hostedemail.com [216.40.44.153]) by kanga.kvack.org (Postfix) with ESMTP id A3AA46B0003 for ; Wed, 4 Mar 2020 23:48:14 -0500 (EST) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 33814381E for ; Thu, 5 Mar 2020 04:48:14 +0000 (UTC) X-FDA: 76560076908.02.offer51_64fa2caedc23e X-HE-Tag: offer51_64fa2caedc23e X-Filterd-Recvd-Size: 4476 Received: from mail-qv1-f65.google.com (mail-qv1-f65.google.com [209.85.219.65]) by imf28.hostedemail.com (Postfix) with ESMTP for ; Thu, 5 Mar 2020 04:48:13 +0000 (UTC) Received: by mail-qv1-f65.google.com with SMTP id b13so1865541qvt.11 for ; Wed, 04 Mar 2020 20:48:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lca.pw; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=bR0yHX0jt6RtU935MOjekAD7bW6X/oaFERrZJKbX81c=; b=B+rC3aCeemmKXHBSwju8vpHFCDXJcRs2zcFIZabqMKtnfwyC5IFe4UBlPY5IdtlbNT 1TyZfkxYuwzKwN0UMI8cCtJb36E2zFRjAVnc0eTu/XkdwYPFezn/waq+VXkI+VqRmYnU n5Um4fRTCPyM9+n/57/Kx2tFyn3M9rwprh2/LZ9DPO1FiqsAsrfikh2KWR9wnIKxWeKi wQuv8uUejauid1qLg6ALj5Gl8V2WZ9t8GxEn4fMgbfQ68WJ41HfHuFXnXVo8/TisXRLL WU552JRA4VWKoyjVV+yCz4b1HxFOcjwfXTk29A3DP/yP+yFI6w8eE1hHRmZI3KKRG/Kg 1B9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=bR0yHX0jt6RtU935MOjekAD7bW6X/oaFERrZJKbX81c=; b=h89KSozRQS4jpUI2X8VOZ7W6EAfJXlKtSgZQ88CX1LXCri70cdY3TJSTZrBoPuhzQd EyyYTQLExl8Emz/3WLd14XkGaZb+tkyeE/TiECsnaeXm1cK2fM7ff7lQtMZAb0Lv/SFu HSKbsLkSv7lWcWMAJRxft+57fqRFV0Zpg9Dj6ju/Bi5kEe4iBbDiMF9oFeXgOHWm7bKO jhc3of3/WvzW3UoeLLp2tdFi4V3Du9s5Qws4EN9apVoIlBzbTx4yCKtG1wlfUYzykYZG g0q4jJr0uAe5ZxnCmYa9NYuriADbCZj1KrHDl4NnOoN82LKJftJDpit9AVJ33DeBp/LB m8YA== X-Gm-Message-State: ANhLgQ2vQsDGh7ccwRPkGM+SpcjpTSPCX+onohygkF/c8OZtBo1MMCU0 5qnpPiz9HgsEK26AGgO+tKE1dg== X-Google-Smtp-Source: ADFU+vv4UwakNttileojs5+Urm6yioCkCkSY1Y4lDvERapnfL62VOgXHTglEEbpPG2qMx2Kb88J8Iw== X-Received: by 2002:a0c:b669:: with SMTP id q41mr673037qvf.20.1583383693207; Wed, 04 Mar 2020 20:48:13 -0800 (PST) Received: from localhost.localdomain (pool-71-184-117-43.bstnma.fios.verizon.net. [71.184.117.43]) by smtp.gmail.com with ESMTPSA id f13sm10558859qkm.42.2020.03.04.20.48.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Mar 2020 20:48:12 -0800 (PST) From: Qian Cai To: mpe@ellerman.id.au, akpm@linux-foundation.org Cc: rashmicy@gmail.com, linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Qian Cai Subject: [PATCH -next] powerpc/mm/ptdump: fix an undefined behaviour Date: Wed, 4 Mar 2020 23:47:59 -0500 Message-Id: <20200305044759.1279-1-cai@lca.pw> X-Mailer: git-send-email 2.21.0 (Apple Git-122.2) MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Booting a power9 server with hash MMU could trigger an undefined behaviour because pud_offset(p4d, 0) will do, 0 >> (PAGE_SHIFT:16 + PTE_INDEX_SIZE:8 + H_PMD_INDEX_SIZE:10) UBSAN: shift-out-of-bounds in arch/powerpc/mm/ptdump/ptdump.c:282:15 shift exponent 34 is too large for 32-bit type 'int' CPU: 6 PID: 1 Comm: swapper/0 Not tainted 5.6.0-rc4-next-20200303+ #13 Call Trace: dump_stack+0xf4/0x164 (unreliable) ubsan_epilogue+0x18/0x78 __ubsan_handle_shift_out_of_bounds+0x160/0x21c walk_pagetables+0x2cc/0x700 walk_pud at arch/powerpc/mm/ptdump/ptdump.c:282 (inlined by) walk_pagetables at arch/powerpc/mm/ptdump/ptdump.c:311 ptdump_check_wx+0x8c/0xf0 mark_rodata_ro+0x48/0x80 kernel_init+0x74/0x194 ret_from_kernel_thread+0x5c/0x74 Fixes: 8eb07b187000 ("powerpc/mm: Dump linux pagetables") Signed-off-by: Qian Cai --- Notes for maintainers: This is on the top of the linux-next commit "powerpc: add support for folded p4d page tables" which is in the Andrew's tree. arch/powerpc/mm/ptdump/ptdump.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/mm/ptdump/ptdump.c b/arch/powerpc/mm/ptdump/ptd= ump.c index 9d6256b61df3..b530f81398a7 100644 --- a/arch/powerpc/mm/ptdump/ptdump.c +++ b/arch/powerpc/mm/ptdump/ptdump.c @@ -279,7 +279,7 @@ static void walk_pmd(struct pg_state *st, pud_t *pud,= unsigned long start) =20 static void walk_pud(struct pg_state *st, p4d_t *p4d, unsigned long star= t) { - pud_t *pud =3D pud_offset(p4d, 0); + pud_t *pud =3D pud_offset(p4d, 0UL); unsigned long addr; unsigned int i; =20 --=20 2.21.0 (Apple Git-122.2)