From: Andrew Morton <akpm@linux-foundation.org>
To: Luo Meng <luomeng12@huawei.com>
Cc: <hughd@google.com>, <linux-mm@kvack.org>, <yukuai3@huawei.com>
Subject: Re: [PTACH] tmpfs: Fix undefined-behaviour in shmem_reconfigure()
Date: Fri, 13 May 2022 14:15:47 -0700 [thread overview]
Message-ID: <20220513141547.efed1057ef60c6d4eec7be2b@linux-foundation.org> (raw)
In-Reply-To: <20220513025225.2678727-1-luomeng12@huawei.com>
On Fri, 13 May 2022 10:52:25 +0800 Luo Meng <luomeng12@huawei.com> wrote:
> When shmem_reconfigure() calls __percpu_counter_compare(), the second
> parameter is unsigned int.
Actually unsigned long long.
> But when define __percpu_counter_compare(),
> the second parameter is signed int.
Actually s64.
> So the abs of count - rhs, UBSAN shows the following warning:
>
Here's my amended paragraph:
: When shmem_reconfigure() calls __percpu_counter_compare(), the second
: parameter is unsigned long long. But in the definition of
: __percpu_counter_compare(), the second parameter is s64. So when
: __percpu_counter_compare() executes abs(count - rhs), UBSAN shows the
: following warning:
> ...
>
> Signed-off-by: Luo Meng <luomeng12@huawei.com>
> ---
> mm/shmem.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 4b2fea33158e..15733c480318 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -3487,6 +3487,10 @@ static int shmem_reconfigure(struct fs_context *fc)
>
> raw_spin_lock(&sbinfo->stat_lock);
> inodes = sbinfo->max_inodes - sbinfo->free_inodes;
> + if (ctx->blocks > S64_MAX) {
> + err = "The number of blocks too large";
Should be "is too large". But to match the other error messages'
style, we can use simply "Number of blocks too large".
> + goto out;
> + }
> if ((ctx->seen & SHMEM_SEEN_BLOCKS) && ctx->blocks) {
> if (!sbinfo->max_blocks) {
> err = "Cannot retroactively limit size";
I suppose that's a reasonable fix. I prefer "get the darned types
right" but shmem_options.blocks should be unsigned (can't have a
negative block count) and changing percpu_counter() would be tough.
--- a/mm/shmem.c~tmpfs-fix-undefined-behaviour-in-shmem_reconfigure-fix
+++ a/mm/shmem.c
@@ -3477,7 +3477,7 @@ static int shmem_reconfigure(struct fs_c
raw_spin_lock(&sbinfo->stat_lock);
inodes = sbinfo->max_inodes - sbinfo->free_inodes;
if (ctx->blocks > S64_MAX) {
- err = "The number of blocks too large";
+ err = "Number of blocks too large";
goto out;
}
if ((ctx->seen & SHMEM_SEEN_BLOCKS) && ctx->blocks) {
_
prev parent reply other threads:[~2022-05-13 21:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-13 2:52 Luo Meng
2022-05-13 21:15 ` Andrew Morton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220513141547.efed1057ef60c6d4eec7be2b@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=linux-mm@kvack.org \
--cc=luomeng12@huawei.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox