From: Andrew Morton <akpm@linux-foundation.org>
To: Wupeng Ma <mawupeng1@huawei.com>
Cc: <willy@infradead.org>, <linux-fsdevel@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>
Subject: Re: [PATCH] mm: Return early in truncate_pagecache if newsize overflows
Date: Thu, 23 Mar 2023 14:40:53 -0700 [thread overview]
Message-ID: <20230323144053.68add73fe29ee56fa5c628c6@linux-foundation.org> (raw)
In-Reply-To: <20230306113317.2295343-1-mawupeng1@huawei.com>
On Mon, 6 Mar 2023 19:33:17 +0800 Wupeng Ma <mawupeng1@huawei.com> wrote:
> From: Ma Wupeng <mawupeng1@huawei.com>
>
> Our own test reports a UBSAN in truncate_pagecache:
>
> UBSAN: Undefined behaviour in mm/truncate.c:788:9
> signed integer overflow:
> 9223372036854775807 + 1 cannot be represented in type 'long long int'
>
> Call Trace:
> truncate_pagecache+0xd4/0xe0
> truncate_setsize+0x70/0x88
> simple_setattr+0xdc/0x100
> notify_change+0x654/0xb00
> do_truncate+0x108/0x1a8
> do_sys_ftruncate+0x2ec/0x4a0
> __arm64_sys_ftruncate+0x5c/0x80
>
> For huge file which pass LONG_MAX to ftruncate, truncate_pagecache() will
> be called to truncate with newsize be LONG_MAX which will lead to
> overflow for holebegin:
>
> loff_t holebegin = round_up(newsize, PAGE_SIZE);
>
> Since there is no meaning to truncate a file to LONG_MAX, return here
> to avoid burn a bunch of cpu cycles.
>
> ...
>
> --- a/mm/truncate.c
> +++ b/mm/truncate.c
> @@ -730,6 +730,9 @@ void truncate_pagecache(struct inode *inode, loff_t newsize)
> struct address_space *mapping = inode->i_mapping;
> loff_t holebegin = round_up(newsize, PAGE_SIZE);
>
> + if (holebegin < 0)
> + return;
> +
It's awkward to perform an operation which might experience overflow
and to then test the possibly-overflowed result! In fact it might
still generate the UBSAN warning, depending on what the compiler
decides to do with it all.
So wouldn't it be better to check the input argument *before*
performing these operations on it? Preferably with a code comment
which explains the reason for the check, please.
prev parent reply other threads:[~2023-03-23 21:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-06 11:33 Wupeng Ma
2023-03-23 11:56 ` mawupeng
2023-03-23 21:40 ` Andrew Morton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230323144053.68add73fe29ee56fa5c628c6@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mawupeng1@huawei.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox