From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11A26C3DA6E for ; Wed, 20 Dec 2023 05:29:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A6A686B0085; Wed, 20 Dec 2023 00:29:13 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A1A1E6B0087; Wed, 20 Dec 2023 00:29:13 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 909FF6B0088; Wed, 20 Dec 2023 00:29:13 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 81D036B0085 for ; Wed, 20 Dec 2023 00:29:13 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 5572BA0447 for ; Wed, 20 Dec 2023 05:29:13 +0000 (UTC) X-FDA: 81586068186.29.DF8B384 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by imf03.hostedemail.com (Postfix) with ESMTP id A3EAD2000E for ; Wed, 20 Dec 2023 05:29:11 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=lqyxVWgg; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf03.hostedemail.com: domain of jiajun.xie.sh@gmail.com designates 209.85.215.173 as permitted sender) smtp.mailfrom=jiajun.xie.sh@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1703050151; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=bEWrGakqE+F1LdpSKKHnuv1LFOcw6TlFqunjfDsouyQ=; b=Fz2nuXITf1MM9l9J0vvpjP1CgWHpsgJJCD/f4NjdCwrGtsrw7Ld8Y66SlK54IoO9EQhbrm x6fN6VrSxq2Ut1GIKh6Rpzvzl2YzLMFr5i9xbl6Y0pwrBziKkLsLPR/bAQ+0njmVrjsQLr 7q11GRMnHZfKh5UgaHlTkYOwDFY1kkU= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=lqyxVWgg; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf03.hostedemail.com: domain of jiajun.xie.sh@gmail.com designates 209.85.215.173 as permitted sender) smtp.mailfrom=jiajun.xie.sh@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1703050151; a=rsa-sha256; cv=none; b=LfnU4FtkQMW9aFJOfdPCkn4Es8Gc7rab6Fd1Bi9w+taF0oxCN68Opr/5C1tCCFwYBkQ1jf spLSp8JG3uXTZTcx7sj9URwlD7aOsPlpKF0nuP00ssN65ck4YjFhm2gV+OB+L3k1h7FvUg h21vBhwXX3U0nRdjmx3zjU5ot+QC8bk= Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-5c229dabbb6so2177285a12.0 for ; Tue, 19 Dec 2023 21:29:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703050150; x=1703654950; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=bEWrGakqE+F1LdpSKKHnuv1LFOcw6TlFqunjfDsouyQ=; b=lqyxVWggj+FP1IUhqpFLG4uOcRn5a3bPvQfn9HNt1hsqDGH9eHKseu/H2krEVFuSgN U3lmpSaGQyUfeXxql5zNcAFbrn04Qf1JPjN0/MJMarlzsMN+Y7OMHVYl5FcPoIHaFCI6 odn5DRUpRhl8e6uMsiiJZPXMTS0QlG/7rb+b1fJg2KCDqxzozSq4n34MouOnqI6C9nxO jbs/FUq08IzoX1dM6FSli8q08uh3y9aRrW4hO6xt9eM09dfnKaqQmQGkXWXh6ikq5OFm 533DD33bx3ztvGdMQDxTtvoFRN2YSMlhG38KWbJi2g6WXEyYcbaOE3lnL/PedyoMzuwc r0tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703050150; x=1703654950; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=bEWrGakqE+F1LdpSKKHnuv1LFOcw6TlFqunjfDsouyQ=; b=H736tJFIC2CW/Gqi04rsVwKr+mT7FgGzV959ITEFdNHoxTJQfq/gmiIRCiIF7ZmD0Z Ij1JrK+BZZ9qU1YMIVOdmBiUQ3J7aTbd/X6Kbuxt/rVLr/JSQeJBkupv7nrXFQ34gCLX QvmNILKWiBFGFHYKOeNTGh0P1NAycD2J8+lUUmhJqTAs0hnUwn68xMJrU9zMOOxJSNOe 0aSv5wJ826G7TBfy9PMekSUVDMZawRl458DRRTUGjj+rjLG/2cHhkt7kYNiiu7pvZ/ME Y2aPl3vBPB8uY5aX1kZC1U4q5N4IdsA9PmJYRuHN21Q74ZUE5x40nmfUE5hQHWlOFbdF ctNQ== X-Gm-Message-State: AOJu0YycUdl/2rDcwoeIaOLo70WvzDw2ojn9MJ2QnJotHecHaj73EITK AOjOE+6Tt1X6MowCzx6NVzU= X-Google-Smtp-Source: AGHT+IEqjZJTRgn3/S6IXYZ/iWhcmRd+yjH2Er7v44/flHcMZBD2655sBYvpQalpuxIcXUCaFEe1/w== X-Received: by 2002:a17:90b:4b47:b0:28b:cc2f:4e02 with SMTP id mi7-20020a17090b4b4700b0028bcc2f4e02mr573114pjb.20.1703050150531; Tue, 19 Dec 2023 21:29:10 -0800 (PST) Received: from localhost ([101.224.17.173]) by smtp.gmail.com with ESMTPSA id h17-20020a17090adb9100b0028bd70dd5fesm333413pjv.12.2023.12.19.21.29.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Dec 2023 21:29:10 -0800 (PST) From: "jiajun.xie" To: Andrew Morton Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, jiajun.xie.sh@gmail.com Subject: [PATCH v1] mm: fix unmap_mapping_range high bits shift bug Date: Wed, 20 Dec 2023 13:28:39 +0800 Message-Id: <20231220052839.26970-1-jiajun.xie.sh@gmail.com> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: A3EAD2000E X-Stat-Signature: 4sx8utdtdx4yca97qzmtypgfkhm1nnts X-HE-Tag: 1703050151-599129 X-HE-Meta: U2FsdGVkX19WnpGoUm/qLSF02k0mTErnX6ABKGJu1lhy9GDPlEu5Lwlgt+xmvmBwpUPVvWQdBMu6etv70/0KiV09CpeHaF3BGFC1subCuTRsJphBSzNgjZiZQnzDWHKTQfWYhmHTRr1eDCk+bXl1gbVg8b07vZGAi658xRAlfWC/IMP/btg2iPl9wlnBm68Ezfd0Cp2CQLdqp0Z5ePLLxLrfv+wFvucBptBxqwd0UGS+Bfwu9k1T70WXo9Df0WgauN0kc208LQ/sY07UY7kvZ1KSPQqcTDACvda7iIwPtpOqTxfmuz73SMICQ0Y/3lUEzRSOK+bYQ4rZf+CwQCRzir+iEyrfBhUnILjRVQsCK8CIycYMt2k08XqD5HoAJ1quJQLPSRyjdgk09nfrsDCvGhcjZEAaasNpMFWR/Hj6ZWj9KWKpW9rYpcWA9CAN4bz++Sk1nQbtZ2lw0nRRH5AHzI20qSv3xqhbw0nYuGPyDatBMSF8PPITVjW90dIa5c71GalIHaGMHQJ/7zErWmZZ6I1sdVZzr8Y7/pdBp97AfDUqGWht43UGAnBbfgY8ROsiEb6Wfz2KBJJACIj06v8evOP17xfhEhbrfZfdR5CEZVx+jKIrYIycgsBJDdtVx+emF3yvGUM4FxsZr//MTILkg/WB/QznmVPEyruCQVt23WWDIxx22dlNLiWmw69ZQDWnWrmDyjK71nimE5Ew6vAlZbo/jMhte/Q+C0vdTO3VB7f9wIlXLth4dIkvQp0Kvoxk1Zp0hCUSyvvM9/NXuashqpHsilVpB28OU83JmEO87dbsmbWrgSTewagMACJKvLd38Znu8lUfffQ5n1LFEF6PIIlEPyest7yCRwAgFJfsLScibjKdgiJ0K80Fx3ZiUK6+KCgd2PfRpfddRpQaAU1a0fse60rx7B/56vv+TD8EDggG19twyCeeeilJmvWADxOtlADX/ZhY7m+mJLJGYXc 8NZEWzLz VPjtcpwjdED5R8zyNZMWk2Yh+aBWOoWU4hM9Do8SP23TzuKkBtKyNQDqLsoyFI3BqHmTqEbMjfml0sUfWv7F+JqfT7289AAnrPAi9rmo1PDncubj25n7Wsex331PTfn66OXhurcMi0iqYp4eCPZq40b4F4JN9GYLp6POc0hU/GTXSdn9Yh5PiMXDZRWZCRtz5bE9iRmOETKKhCJIg8qrTORRO4vuTQY0UA+vSlSlNOH9l+WeQY3LagjZjwRPR7k5U5lNfNnZ/TKM/nHwxUOt+mHid65sp6H3Aa9EJZPwVLG2oZImUp6m1jzhD78UMasuMlOKwHL70aTwjV48lmVQOOjN3dMZNqxkJEVYbiqAtcRLApC5AerxIZ5QpLAuJR1EeO0INRF0yRPpKTXuuz8vYGTw5sEZybrzLKEEdg2dN7sG0RNM22/m7kZTvw2ha1b7bpDlOogCeyRQqDJ5MbIpFZloy/8PYYLvYFumTXw5+Nj5esSsXOJmR5Cr9G/b8vD6EcKvtByGVwqWBxH3XNop1NHULG22Ccm+H37Pon7PmmHR+LdL9lzUVe1qZ6VjgxfxE7yltROP4zDK+9DgGgObt/c64FA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Jiajun Xie The bug happens when highest bit of holebegin is 1, suppose holebign is 0x8000000111111000, after shift, hba would be 0xfff8000000111111, then vma_interval_tree_foreach would look it up fail or leads to the wrong result. error call seq e.g.: - mmap(..., offset=0x8000000111111000) |- syscall(mmap, ... unsigned long, off): |- ksys_mmap_pgoff( ... , off >> PAGE_SHIFT); here pgoff is correctly shifted to 0x8000000111111, but pass 0x8000000111111000 as holebegin to unmap would then cause terrible result, as shown below: - unmap_mapping_range(..., loff_t const holebegin) |- pgoff_t hba = holebegin >> PAGE_SHIFT; /* hba = 0xfff8000000111111 unexpectedly */ turn holebegin to be unsigned first would fix the bug. Signed-off-by: Jiajun Xie --- mm/memory.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index 5c757fba8..6e0712d06 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3624,8 +3624,8 @@ EXPORT_SYMBOL_GPL(unmap_mapping_pages); void unmap_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen, int even_cows) { - pgoff_t hba = holebegin >> PAGE_SHIFT; - pgoff_t hlen = (holelen + PAGE_SIZE - 1) >> PAGE_SHIFT; + pgoff_t hba = (pgoff_t)(holebegin) >> PAGE_SHIFT; + pgoff_t hlen = ((pgoff_t)(holelen) + PAGE_SIZE - 1) >> PAGE_SHIFT; /* Check for overflow. */ if (sizeof(holelen) > sizeof(hlen)) { -- 2.34.1