From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 618A1C6FD1C for ; Thu, 23 Mar 2023 21:40:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BB7616B007B; Thu, 23 Mar 2023 17:40:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B67476B007D; Thu, 23 Mar 2023 17:40:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A55EA6B007E; Thu, 23 Mar 2023 17:40:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 9345D6B007B for ; Thu, 23 Mar 2023 17:40:58 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 5EEC014075C for ; Thu, 23 Mar 2023 21:40:58 +0000 (UTC) X-FDA: 80601483396.10.F0D6BB1 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf24.hostedemail.com (Postfix) with ESMTP id 810AD180018 for ; Thu, 23 Mar 2023 21:40:56 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=HoiYXx2m; spf=pass (imf24.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1679607656; a=rsa-sha256; cv=none; b=miBLQwY22qDYPKxgYnfb2zKpF70I+vDmir56ky211ZLrbO8Y+1leE8GvHoxfSSmNsxGZ4u pb/KcncgfYnDVqk46Q6nzscGkJp67TtoA10OmajLtXNErc2B+PuwZc386iZW4p8g+DUZMu zgW7725n7KD7hDnpKjfMLP6yiFTHSsQ= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=HoiYXx2m; spf=pass (imf24.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1679607656; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KIo8/5u0ZVg0wuFgzYGlqhXEytZuc4iEXVok5TR4eGA=; b=X431z4nBD+8lJBdrE/gyJPd8HA6z7EkKHtWMGcfRDubHCCWzLgzWLJqdyTaKQapaalXMpW qugzrA5CHMj35UTJ1CipShfzbEA3U4/u5Pcj81D430IW+bRpYj0+HJoQ1csnZoSroci9OK E1BahiuEh1e3sXAbQWtPxuOeEARfxks= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5F50262864; Thu, 23 Mar 2023 21:40:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9D503C433EF; Thu, 23 Mar 2023 21:40:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1679607654; bh=WsYCeM7s6lyRPKbV9vmbt4mh8ZQCMbecPZuKeMMG3HE=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=HoiYXx2mpjTpQMUGFzwOnnMCyhZtWaKvQ55jxMRfvvFZUtsTOaKrRm08s7KclD4Wl S63XG/n55U2xIwLrg+14sTUN+tHzxtWbaPsEyYi5OSiwRbqvM1gBQjLcVID9EIUz3t 6ySf1k2jZrRYuPc0XlHiZB8d5WjDh6trrdPVnaSU= Date: Thu, 23 Mar 2023 14:40:53 -0700 From: Andrew Morton To: Wupeng Ma Cc: , , , Subject: Re: [PATCH] mm: Return early in truncate_pagecache if newsize overflows Message-Id: <20230323144053.68add73fe29ee56fa5c628c6@linux-foundation.org> In-Reply-To: <20230306113317.2295343-1-mawupeng1@huawei.com> References: <20230306113317.2295343-1-mawupeng1@huawei.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Queue-Id: 810AD180018 X-Rspamd-Server: rspam01 X-Stat-Signature: zbcjmskhkrim4raoo4jsxe7nox3ejfu9 X-HE-Tag: 1679607656-557850 X-HE-Meta: U2FsdGVkX1/coOXqU/Y7QGiryxcBzwgUrXGZcpHwEqObTUWwj8UCZXsBC/gfMffUkv3MuCqKc5jFudi4Eaf9xD8zw//q0S3jDzg29UTsNRwmIqMOQXty18PcRF4leMTorxjZC09hje35I5DxxX3yETddx7Hz8XHalVU/jUaVM4fhhbRLOiiC4PQUfuXGbY9Dt8XOlwBOudb8rUvilO8cu6EC5o9Eeg8H/EfBPnrPFwmKYFXUzG30vhj7Mr3vY0r20wYHyz/lh3fuxBbVyfUBvTlCMSqNdJGlZ9X+Gp03d1xzkg783H69sUCywF//sQAHDl6hLiZv2u2W2N8koAUJ+8HVCzwpshrjBH2rJG4/hNHAY5d8N/d9syq6Xgky4O8PL0Dzlfy7fssWan3t8wmIkNvMmkWPoIxNn4m9af34pSBegJe7eCzXGvNC+UOASuDCLP62FIcKKSOgIZrnGgnGm9J+2tWUpZC1fg01mGuCKr+YFE7brSUZveyVPlqojTqKOdm2uOchE19UMtpl098fZJN/0PZ01PmWHsUTVW4Y3/c2hBOl/A7Y6omF8peRkZi6AK78fxJpLZpzjIDpwwSFpfYjXDYWGQ4Gj1efFmjMydDKe9dUi/cI/UbLamMRcRipXmzNmYkQEhaZPDV+9a6I8vo6/6gm7Z0dA7br9el5XaRlASqSxyYCn0+dNIZOywY6bW5aB5Lz1rBHoZ3xrMDdugsjTaIHjsbBQtMQuKA6rrMo0SkJEWQnOrhuQjBy4oKELcL/eJyL1U84Ty9Y4YnU0bj9f0NZiKp0p71ArjSjCYr0wlk2rqI/RoVJQuKaTqTDb2/43itQXPABVaMDWq0ZOEK7w1moHhBaXEzwe0VXjXnONMtnt10scwPmn7cXt9E+FOQoB3owp5fC3XVDQSBMm4yMizWy65qAbvrkkMgrmv4RjM6rD1dNLNu4VQQDYVxFmbRxo0gpHJA9cRCi0Pl 7sUfyIZf /0hIG9CQ6qSonbLu+2IAhGdvUwdgOtcN0Rmhy1d+kvvVn8e75PgW729RKqhkJp6dBMUW5H60wmDPbRljGteVOzwVBCwbfmZkxknmUDT4S+jezn6KMTP9jfS5EG1eHtRZqh9XTtsdYMkuHaJbUnBs/dwMR7ezPhQ2KdRnsstiZIMKU7O6463ziWyf/7+goOOnFurgfBy0c604icVWeJjui633YlTgAIr925R/13XaEEr5+OPta7G0T97dnbauEK+AnZzfyX4CAO/3uI2ryLnyDxbxqI2AmsNEFBLkRNv/YPHk0qLkDWk9Is2G/EqBXopNJ6J0ScE763fCl1aYK4k2HB7BouLXB0ymEkVx1X7qbg0mp/HBe8hiM/siKX8ufl4vHDVhm1JZjuhNCsADVKznsKCVRX/UNuVeWuqpT X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, 6 Mar 2023 19:33:17 +0800 Wupeng Ma wrote: > From: Ma Wupeng > > Our own test reports a UBSAN in truncate_pagecache: > > UBSAN: Undefined behaviour in mm/truncate.c:788:9 > signed integer overflow: > 9223372036854775807 + 1 cannot be represented in type 'long long int' > > Call Trace: > truncate_pagecache+0xd4/0xe0 > truncate_setsize+0x70/0x88 > simple_setattr+0xdc/0x100 > notify_change+0x654/0xb00 > do_truncate+0x108/0x1a8 > do_sys_ftruncate+0x2ec/0x4a0 > __arm64_sys_ftruncate+0x5c/0x80 > > For huge file which pass LONG_MAX to ftruncate, truncate_pagecache() will > be called to truncate with newsize be LONG_MAX which will lead to > overflow for holebegin: > > loff_t holebegin = round_up(newsize, PAGE_SIZE); > > Since there is no meaning to truncate a file to LONG_MAX, return here > to avoid burn a bunch of cpu cycles. > > ... > > --- a/mm/truncate.c > +++ b/mm/truncate.c > @@ -730,6 +730,9 @@ void truncate_pagecache(struct inode *inode, loff_t newsize) > struct address_space *mapping = inode->i_mapping; > loff_t holebegin = round_up(newsize, PAGE_SIZE); > > + if (holebegin < 0) > + return; > + It's awkward to perform an operation which might experience overflow and to then test the possibly-overflowed result! In fact it might still generate the UBSAN warning, depending on what the compiler decides to do with it all. So wouldn't it be better to check the input argument *before* performing these operations on it? Preferably with a code comment which explains the reason for the check, please.