From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B54D3C02181 for ; Fri, 24 Jan 2025 06:20:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B09BB28003F; Fri, 24 Jan 2025 01:20:07 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id AB880280025; Fri, 24 Jan 2025 01:20:07 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9A78128003F; Fri, 24 Jan 2025 01:20:07 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 7C8F0280025 for ; Fri, 24 Jan 2025 01:20:07 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id DF3F9C0D66 for ; Fri, 24 Jan 2025 06:20:06 +0000 (UTC) X-FDA: 83041345212.03.78073DB Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 1ECFC40009 for ; Fri, 24 Jan 2025 06:20:04 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=sKClBrQE; dmarc=none; spf=pass (imf01.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1737699605; a=rsa-sha256; cv=none; b=llzPqBNOS6HsDvwcqsdWEHLRg8Cuae0nQk0U4+fumdb/8MhLQWD58iNUQ2O4fsWDRmOSFF RFHv/ZE/E6lt7iqvoxofn/ghWN1QlRIqd3ls69Zzj0gNomolgZ3rQX2Tu6L62yG4rW0e6T bvbkEpkJcsc0h1wTBZkqFusSW4PVilE= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=sKClBrQE; dmarc=none; spf=pass (imf01.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1737699605; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gpiEgo5042GqnDhWrMtsEtj2iS3Ei++Gn2LzEtpHkZc=; b=uzaiwy6UvYe4QFttII7Da0O0ag6N3lD568UH1/bXXCCxVnVkPG6t/FRS8BzQXD9QqDbkZp iGBS1hbW5jMUrwtCAFcJTt0KfwXPnQHoWp4XYEgMCY/shqtkCDd8voVULJzrtDqpb2U59J NFufud4VnVbmgWV3KrYVFEUfTs7Cjs4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 8720D5C431F; Fri, 24 Jan 2025 06:19:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3F496C4CEE0; Fri, 24 Jan 2025 06:20:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1737699603; bh=kX5nzk24H8vhTxZtLP2fc/Z5oTaG7kCuiTNecNt9uXw=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=sKClBrQEzJ/OA2xTdjynW/UjFSDNA7lsFEc5l93mAxXVoGNGmh+Njdz0DGtlh8/aF 028kJ9lMh4Q5QiyeypwewkBAbCUSpMkVK/ZI+ybIc0UBHEHAUscN7okMR+5agJ8Dkj uxkVRQauwirEGfgJSnXQw2S7LJ9veawWm02t9o1M= Date: Thu, 23 Jan 2025 22:20:02 -0800 From: Andrew Morton To: Liu Shixin Cc: Kefeng Wang , Kemeng Shi , Baolin Wang , Mel Gorman , David Hildenbrand , Matthew Wilcox , Nanyong Sun , , Subject: Re: [PATCH] mm/compaction: fix UBSAN shift-out-of-bounds warning Message-Id: <20250123222002.8897374343971b0b8e877307@linux-foundation.org> In-Reply-To: <20250123021029.2826736-1-liushixin2@huawei.com> References: <20250123021029.2826736-1-liushixin2@huawei.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 1ECFC40009 X-Stat-Signature: ipkmu7rxq7jkota1zq7n6k4uerm9mntz X-Rspam-User: X-HE-Tag: 1737699604-258298 X-HE-Meta: U2FsdGVkX1/V2B0EqlywVh6RUDTKJEuIaMcTpSdpj1Lc32oKBOwrwL1NdsWWu1zHEpI8Cgc2ZpACU6mmd2Q5b06vGYKahgMK0L/GiV+e3sI9W+kajWghowuydZngE5gjxUtIqQewPkhn3FaVzU3+0JiN+FkbSQWLYX2TAMCq4+JK7ukvDlzzvULWtEyKEMG0soYM7A6CYD8fycKe0Md0nne8EnQAC6EXiwUe4GgJcM5skP1lra+lVaIBMhiBw5WDlNhYMFoH9AgA3ICC7Vgg2DW1kRYXufOF/4Reztv77gceWHsT4RI+3087aJzigd9Fk99uI5EopxpPF4u/96C82vJiKhsk/hlgwVhUWdRqeoQEv7EXTT12tCVBPLdB5hq8L+GSnsxdSgRxeVOpl4/ik+iyIX8qB3gh1SI6S47nRzxAQvwVktP85lnpgEQlTFOxs4hkgcYerjLkX2+HklYj5IGVv+bIu+ucZ+WjrYixxklAK64elERfQuHzwWUc8aPQoMT/R+CVUwIHLKwim2h8TGbopm7yEvCUcdkOYz//QBGoS9hcoiVMaHoFYJ5yHT6RGq/23Rnc91aoeAQ5pBFm4D3/Zmx6wI2kWYql+ZpN8/X60UBsR6jbBponkZsmLu8fYIyXMw+lDE36rcvhkEdPlIUzeT5uPsGRHu+ETWLf2a+RkRZKC98h7CCCVKmAld8+4a8c1X0jUcJxBDDe+XFS+hlHqRCU8UST612iGaGKKzdwDKKhwHFlK1m2ps69fMXQlTvpGB4wq1eXTuznAlAnXIkSetAJK46zkcxF7xJiji1G7sjS3wW5e1sFDUeWJBhXyzMBo/AFZAXZ46DK5hJVpeBowgWGxOuLJIBDLymzVsMRknyOYAi44xaYvNz/Fu/FyRCjiMKYJKtCR5lw+xcPAkUVY94ycclWJE5eZF1MH7fN5TGGQU8RfrfirUKr2w8p37AqSRIeJ5SsfJNeRly X4KH1FPy 6s8rDR1E7/iIDxDi2aoD6M0UEReCxaMMxnfHdPX4ibux8yrFnopHfWIDuI2aZI1uSv81fDFnX7gWniJq3rhew7fBIt53HN+xakl57KY7QLFmUpEGD6+uV4cNUMDay0ItDCwtrR7Regw6YB4F0/IHZS8nqxaPEe30ZgODfF5+BZvU26gSFoaroeKjF3f/HpQwAezkqS2ndLW0OLhkXk9+euN9+0sUvxipAeYKnhW0cXFi2MY8vzKZobMwioDXqkWowgB9uapnlnmtwCa1Wn2GGG4357Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000042, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, 23 Jan 2025 10:10:29 +0800 Liu Shixin wrote: > syzkaller reported a UBSAN shift-out-of-bounds warning of (1UL << order) A Link: to the syzcaller report would be great, please. > in isolate_freepages_block(). The bogus compound_order can be any value > because it is union with flags. Add back the MAX_PAGE_ORDER check to fix > the warning. OK, I'd never noticed compound_order()'s restrictions before. It looks like a crazy thing - what use is it if it can return "wild return values"? Can someone please explain what's going on here and suggest what we can do about it? For example, should we have a compound_order_not_wild() which is called with refcounted pages and which cannot return "wild" numbers? Or something else. > --- a/mm/compaction.c > +++ b/mm/compaction.c > @@ -630,7 +630,8 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, > if (PageCompound(page)) { > const unsigned int order = compound_order(page); > > - if (blockpfn + (1UL << order) <= end_pfn) { > + if ((order <= MAX_PAGE_ORDER) && > + (blockpfn + (1UL << order) <= end_pfn)) { > blockpfn += (1UL << order) - 1; > page += (1UL << order) - 1; > nr_scanned += (1UL << order) - 1; isolate_migratepages_block()'s if (skip_isolation_on_order(order, cc->order)) { doesn't check for "wild" values, but it seems that skip_isolation_on_order() will handle it.