From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 193A1EB64DA for ; Thu, 20 Jul 2023 23:37:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5D2BA28016D; Thu, 20 Jul 2023 19:37:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 582A728004C; Thu, 20 Jul 2023 19:37:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 44B3528016D; Thu, 20 Jul 2023 19:37:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 3548E28004C for ; Thu, 20 Jul 2023 19:37:29 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 03B7BB11E4 for ; Thu, 20 Jul 2023 23:37:28 +0000 (UTC) X-FDA: 81033604218.14.CF52E20 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by imf15.hostedemail.com (Postfix) with ESMTP id 8C60EA000D for ; Thu, 20 Jul 2023 23:37:26 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=goSWDdVj; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf15.hostedemail.com: domain of lkp@intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=lkp@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689896247; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HbT40WSK/vv/CJEfSiiJrVfg0XA6mpd9G2KQuGojwpY=; b=YwuTOY9AFvwqXqFcE/KnV6eSH82lhixd0j/6OyxNaKw/9PXx5Tr+cO6xXG61+ccnlMxLMS sBWQRepPH8JC8lzmWgOulyzhr1MFa2OsS29kZqCwjNJbIufRa8rlMw4sk/3V2B7iwP04P1 VVBo3CKI4igQx5KM63QYcu9zBWWnSS8= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=goSWDdVj; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf15.hostedemail.com: domain of lkp@intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=lkp@intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689896247; a=rsa-sha256; cv=none; b=RzPX/LalMkd4j2vlD64tuipC35jcbf/GjzdP7RuJ9UxCMcTLYwCPq0PBwGjSUXKzqzxQLL WWefJcHjOD3bzSvt3aswMe99WdKK557r+R73MHMTeoSY8bTK0u6gYAF9FfeWyW+z1wWNLo j7j+me9IfYGOTo29bJ+0yWIhNWxbgEo= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689896246; x=1721432246; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=Z2itLRjqr3PQgC+FNJyKgpaYg8xYUggoWHdV0xSSs0k=; b=goSWDdVjrC6QHW2MkPNoFwo7pGUdPBOy3Jz4eedoVx/hdF5qTmyZO3DQ 2Z9eIofXws71rTQAOacWWUAtmI5D5GuOrK9U3auFdevkLs1bw/0DUXf1s ieKFuIyFQQEqCMNdkuDbh8m68xuHi13s8UfiSX9jtUBhXs4JEO5jp+HSI iQ9WNSZotp57gTmao2VZWkrIlHygscEBetTYGBm9bGuYr9nJI7OGVCiza +adlFU7/U+2I39479jgWIFe5RuCO8jJuaQAoVanT6clmwCiv0gvQekkSz TsHSn4VFXGIZYCrcqVtd+3GzUZdwrNzbxrCBWrCRIjBOTrOXyYUlkbu4+ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="430687198" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="430687198" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 16:37:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="971223643" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="971223643" Received: from lkp-server02.sh.intel.com (HELO 36946fcf73d7) ([10.239.97.151]) by fmsmga006.fm.intel.com with ESMTP; 20 Jul 2023 16:37:12 -0700 Received: from kbuild by 36946fcf73d7 with local (Exim 4.96) (envelope-from ) id 1qMdCp-0006dG-20; Thu, 20 Jul 2023 23:37:11 +0000 Date: Fri, 21 Jul 2023 07:36:54 +0800 From: kernel test robot To: Linke Li , linux-mm@kvack.org Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev, mike.kravetz@oracle.com, muchun.song@linux.dev, nathan@kernel.org, ndesaulniers@google.com, trix@redhat.com, linux-kernel@vger.kernel.org, dan.carpenter@linaro.org, Linke Li Subject: Re: [PATCH v3] hugetlbfs: Fix integer overflow check in hugetlbfs_file_mmap() Message-ID: <202307210737.HUPwpBdW-lkp@intel.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 8C60EA000D X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: dqazzbitqr3tet3ydt7w47w9ih7xss16 X-HE-Tag: 1689896246-500095 X-HE-Meta: U2FsdGVkX19zbXdJbBlPfKTA3Svs2jKNEYJiqnHWAXvcaeUQVakdVuHoB1GRPEG5iDTQ2evSvvEdaT/FLdHY8zxlZgdDcCJOUwJ2kX5sYEY+udc+tI2eeqLFZ9UUMEy7AXON4pD9enqGE2HO+VG8DUwdYYrzJrDcltNLgp/I7jfFnt+46uN5OF9PIT2L7BX3+AfpC3TaDeZaxOF5qYerL4vigu+s3tQSpaqpp1WNT3gr4GxqhD/PCFABnUMuT2GIyXe5dMjiRt0IP5qAbpeqLmD64FRheAO4o8Xv1OOU3JcEwUHNag1BiMVXSA+mGqXnwc8wzi2PC4a0D+mMQM9w0UP284Dgf0YAdq2eUQdISAWlOay1y+S75Bk0MHrqslQyvIVI/oihjh20hhj33aV4oqiuoc1jkr+J8PaONGv4G8wxrkAOOrWrzLdTk7UsJCa/EoR44aviOq0jurRw7NN0dzvmbbNsl6xsGmlIKPUpNA99gTuHBeo7XZKRk8T63RLU+Po9LLu99CxDS7HjG/9slPM1lSn49Hh42tv9qXzHKBvTSV7UghN/z45lJBrEqI8l71tZUoMHYsAMPtiqDggatLlQpPpzMlXLs4dikTLdiDc0skBUjgmYLHFg/jdC24mYu49cFWO3H/5KioFkjPq04FW1UX4UNVzXtSjOx3IbgfFqonicn2cSN8RK2D7kXT3u7SjKcUoyngEr+TP8FUP4I5JhdTH8T/DglyV51YLhgkb+I9j1Jm78Z3rDv/9td34+KXuGgR89boHAAznQNuPMfzjURAhOauKt0TGBzHwmTGsKn9Kxlm0A0NJlul+iO0XCQ6V9DwRUDJWzoeoBSGpgsYDpON6keOBzfXOcZjuViAyqg8w12z4jafJM40IOGBAuUGx1nKycg3Lnm0HQLIm8poYKG3W08a5PDoVN9IT86WdoL8b5uMoszc9pDnRnK4fTy1h6e5Nghz8k5PMM8l9 vg5KG8c7 Nd954n1QJG81laZioJaBv2DuA4zo//hywUHnP0T76hwO/XXt72CgBzBsreyqprPMSpvpXVPtAjRVrCJVs18GWk3tDC/zvQYctllcT/SqHSc0nSkda8IfGOYPDwNTgs6aD4xkq9HBrYzBIP9bcLzyro3I8+kEEeoG8cbYKSixnXR5Vnx+a9pZXmgwolLUyjGM9UAymORgZr4J3Ib/Sy1CGfIIkNS9L1vq7f4ZaAgaDgd/INgmZ80iiBi1iy8Ln6ew+K4j3FbA5I8eV9960DdjCKRrXyf5T4gtxKN3qmnMEu5ivM+rv/BKj3M/GtYNfAenoZMdvfA0OPZlSz+RvgPCewOWEN6VDuwswBCiQ1PGV6iNOvgh+qmXYaokVRbs/JJsM7Dbw83gso8VHkZZYJfXjL8nVzgfiidqXaVr/zesKfB/KNeRywy+IvDrxlg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi Linke, kernel test robot noticed the following build warnings: [auto build test WARNING on linus/master] [also build test WARNING on v6.5-rc2 next-20230720] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Linke-Li/hugetlbfs-Fix-integer-overflow-check-in-hugetlbfs_file_mmap/20230720-225128 base: linus/master patch link: https://lore.kernel.org/r/tencent_C2D6865561F23A8141BB145149ACC682B408%40qq.com patch subject: [PATCH v3] hugetlbfs: Fix integer overflow check in hugetlbfs_file_mmap() config: s390-randconfig-r024-20230720 (https://download.01.org/0day-ci/archive/20230721/202307210737.HUPwpBdW-lkp@intel.com/config) compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project.git 4a5ac14ee968ff0ad5d2cc1ffa0299048db4c88a) reproduce: (https://download.01.org/0day-ci/archive/20230721/202307210737.HUPwpBdW-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot | Closes: https://lore.kernel.org/oe-kbuild-all/202307210737.HUPwpBdW-lkp@intel.com/ All warnings (new ones prefixed by >>): >> fs/hugetlbfs/inode.c:157:25: warning: variable 'vma_len' is uninitialized when used here [-Wuninitialized] 157 | if (check_add_overflow(vma_len, (loff_t)vma->vm_pgoff << PAGE_SHIFT, &len)) | ^~~~~~~ include/linux/overflow.h:67:47: note: expanded from macro 'check_add_overflow' 67 | __must_check_overflow(__builtin_add_overflow(a, b, d)) | ^ fs/hugetlbfs/inode.c:123:21: note: initialize the variable 'vma_len' to silence this warning 123 | loff_t len, vma_len; | ^ | = 0 1 warning generated. vim +/vma_len +157 fs/hugetlbfs/inode.c 108 109 /* 110 * Mask used when checking the page offset value passed in via system 111 * calls. This value will be converted to a loff_t which is signed. 112 * Therefore, we want to check the upper PAGE_SHIFT + 1 bits of the 113 * value. The extra bit (- 1 in the shift value) is to take the sign 114 * bit into account. 115 */ 116 #define PGOFF_LOFFT_MAX \ 117 (((1UL << (PAGE_SHIFT + 1)) - 1) << (BITS_PER_LONG - (PAGE_SHIFT + 1))) 118 119 static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) 120 { 121 struct inode *inode = file_inode(file); 122 struct hugetlbfs_inode_info *info = HUGETLBFS_I(inode); 123 loff_t len, vma_len; 124 int ret; 125 struct hstate *h = hstate_file(file); 126 127 /* 128 * vma address alignment (but not the pgoff alignment) has 129 * already been checked by prepare_hugepage_range. If you add 130 * any error returns here, do so after setting VM_HUGETLB, so 131 * is_vm_hugetlb_page tests below unmap_region go the right 132 * way when do_mmap unwinds (may be important on powerpc 133 * and ia64). 134 */ 135 vm_flags_set(vma, VM_HUGETLB | VM_DONTEXPAND); 136 vma->vm_ops = &hugetlb_vm_ops; 137 138 ret = seal_check_future_write(info->seals, vma); 139 if (ret) 140 return ret; 141 142 /* 143 * page based offset in vm_pgoff could be sufficiently large to 144 * overflow a loff_t when converted to byte offset. This can 145 * only happen on architectures where sizeof(loff_t) == 146 * sizeof(unsigned long). So, only check in those instances. 147 */ 148 if (sizeof(unsigned long) == sizeof(loff_t)) { 149 if (vma->vm_pgoff & PGOFF_LOFFT_MAX) 150 return -EINVAL; 151 } 152 153 /* must be huge page aligned */ 154 if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) 155 return -EINVAL; 156 > 157 if (check_add_overflow(vma_len, (loff_t)vma->vm_pgoff << PAGE_SHIFT, &len)) 158 return -EINVAL; 159 160 inode_lock(inode); 161 file_accessed(file); 162 163 ret = -ENOMEM; 164 if (!hugetlb_reserve_pages(inode, 165 vma->vm_pgoff >> huge_page_order(h), 166 len >> huge_page_shift(h), vma, 167 vma->vm_flags)) 168 goto out; 169 170 ret = 0; 171 if (vma->vm_flags & VM_WRITE && inode->i_size < len) 172 i_size_write(inode, len); 173 out: 174 inode_unlock(inode); 175 176 return ret; 177 } 178 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki