From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 274C3C0015E for ; Thu, 13 Jul 2023 15:10:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 993B6900039; Thu, 13 Jul 2023 11:10:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 94420900037; Thu, 13 Jul 2023 11:10:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 80C16900039; Thu, 13 Jul 2023 11:10:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 734B6900037 for ; Thu, 13 Jul 2023 11:10:30 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 476DB1A02D5 for ; Thu, 13 Jul 2023 15:10:30 +0000 (UTC) X-FDA: 81006925020.24.FF42190 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by imf25.hostedemail.com (Postfix) with ESMTP id F273EA00EF for ; Thu, 13 Jul 2023 15:10:15 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=mn1AOQAB; dmarc=pass (policy=none) header.from=linaro.org; spf=pass (imf25.hostedemail.com: domain of dan.carpenter@linaro.org designates 209.85.128.49 as permitted sender) smtp.mailfrom=dan.carpenter@linaro.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689261016; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Kbh8/8YR2OYwgBsozxXjeHWBOMoncqGng7RkrjUyFwA=; b=x8NGbivU+saOJtpu7iIqyCIJKBgSUCjWbIDmUh5v3ysQHkh7EkY/k1EKKtjKDEfpS6nJT7 ovGMlpD87w5tQ9WAaQqSZ2IKib57vcz16gG49bVdSSsEJL1x2JBOm2NQ/ZFPxOOgbAvhHL BrZHZ+Jex06kfHbw4fKqX8Xajlj6MvA= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=mn1AOQAB; dmarc=pass (policy=none) header.from=linaro.org; spf=pass (imf25.hostedemail.com: domain of dan.carpenter@linaro.org designates 209.85.128.49 as permitted sender) smtp.mailfrom=dan.carpenter@linaro.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689261016; a=rsa-sha256; cv=none; b=FXfsC6m4kBEfvXz38TyIGufiEanR7bNtgOtdxP1fMrTh/+Yv3zqdjQr5HVpED4EK5NiB7T luVwM7PvjCAOgdH0EdkrWhjLAvTWQV4+ky95cjorOlBLTJgjw4qEv3PZBsUvHY6r8/CfeJ 8T6rJQX0Q1lx+wjqThRyjHBBDkE3RyY= Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-3fbc0609cd6so7638375e9.1 for ; Thu, 13 Jul 2023 08:10:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1689261014; x=1691853014; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Kbh8/8YR2OYwgBsozxXjeHWBOMoncqGng7RkrjUyFwA=; b=mn1AOQABIhLQtgpaF09UwJ9IIzomZ6nEQcprYyn2FRSn4Y90dqBbK6CJg8iWhXUY49 fpxZFnAS90xWFVmKfTfkCItAJHos9W59gwcdDVqhsPuTJXrekbubqjym0xZFetMFRRct CZ5ySetSCy3vTd9EvK1enjtjdsraEoqAbP3FSY7h9XBHXHgHI7ta9ah5Xc5tvmkOBZZP 0Kk/jxK2PRHtNDyXojHbclN64FXzJ4gW4TWpXrCl/SWV3a879SatabcK5DjwX4NMCm1X LZjpAE17IWkIeKlBS76Z10TVZ6zU51CKeL9ujqSpPxRTl+f3bs16L3CNDPcd+HxY1Tlb jBhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689261014; x=1691853014; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Kbh8/8YR2OYwgBsozxXjeHWBOMoncqGng7RkrjUyFwA=; b=jid0FmXt6zFFUBC8PzSMU28PuYd4u6qMQJNRgLguVa6pd/CW9QB0c0ttZRZYYzUQjp vGKTWh7/ISHjd6PKnMVgvV3Q48XDJJ41cL4S/ojmt6E082Z/b/ami6tBcc5u2aCifsYh 3HoIdVIZd1DjwSzgEYrdcXLHEp212zASdllHCpVAINb0HsJPcudemOysXgB0Ca4bxzZv GTHAgG0DWUTWQSaQG4Z0HeM5vvusquRqK44Rwm9w15HpjdE4mW0TNJ4qrVX6pRaRGmd8 IUWvEExhdH+To1WbQcis5iA7Zij75MtyyxdmqvCAI0gKOLVOKKu/RHAP8cFRvUoxJru3 Ff9A== X-Gm-Message-State: ABy/qLbxD+KXMnw7a4EooTLfaC6FhJtCY9Cfn/+vrqVMK0KxWk5LQIxQ LE2ZGWvDAsZzabrPSO9ZeMPREQ== X-Google-Smtp-Source: APBJJlGyuz/1zMyMkHxcVsDhm5iLo+cD8ocAAMhXeNuD+fErHxdiD+gYMz9JijcyDuyzeV/gMAbBeQ== X-Received: by 2002:a05:600c:acd:b0:3fc:b86:d3fa with SMTP id c13-20020a05600c0acd00b003fc0b86d3famr1679806wmr.1.1689261014235; Thu, 13 Jul 2023 08:10:14 -0700 (PDT) Received: from localhost ([102.36.222.112]) by smtp.gmail.com with ESMTPSA id p11-20020a1c740b000000b003fbe36a4ce6sm18534778wmc.10.2023.07.13.08.10.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Jul 2023 08:10:12 -0700 (PDT) Date: Thu, 13 Jul 2023 18:10:08 +0300 From: Dan Carpenter To: linke li Cc: Mike Kravetz , David Hildenbrand , Linke Li , linux-mm@kvack.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, trix@redhat.com, ndesaulniers@google.com, nathan@kernel.org, muchun.song@linux.dev Subject: Re: [PATCH] hugetlbfs: Fix integer overflow check in hugetlbfs_file_mmap() Message-ID: <6c3191e1-23fd-4f9e-9b5e-321c51599897@moroto.mountain> References: <65f4c60a-9534-56dc-099f-ee7a96e0ccaf@redhat.com> <20230712235813.GE6354@monkey> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: F273EA00EF X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: zh19h7hypy5o9eox9ohqzmqzjm83t6fc X-HE-Tag: 1689261015-618707 X-HE-Meta: U2FsdGVkX18oHqW4HxXMpqOUvr1x/+AxqIpN7iekAz3hbYew4CpjUMtxMUKqCt2Fza/hZERMgRPZUKot94vOSn/pbqyZIVC508HYPORACsT3L0l+lmTHfA7rHJGdvmX1ltxyJYoxhpxUMWUzWjWLG/EDNY/ERbpE/B0H7gYI7Bfhkjd8pPDHBY+M9kmhu7QvpXIzwGBBQneN8gJUYOZqFGBbh6c1AR8io/yQtTonQyHGtpXQJfljggQlK4f8hkoZGAoHZhjM0hPgvANKkvHjp8ArclcZMyrlzP2zPCeNSYYE3XQ8XMHRP1gGpEnebR7CNfVaUqWSM6e3f0ZGOKZuwRSGDsZyd5rS+3ldy2sfxuomPiWhRWeHXlJTI4VjpVhhVdJQyZMt1nA2KFbUB0HWbwclF6NfGos1s++SgwIu6dkoBcfc71v5npPsEWWkvEgml16uKVItINq5NXBzETZWDXwqQ1ns46kjTU7QImS2+xJjJoB1bko7lLdEgDbMrB/yNXNFieLD9SgsEdDenzddYvCmYDw8IKbK/W4KCy+HdJgy0yAaUOzBeMctDJZ5ifl/1R1D1wCaZw7eYs6brj/OmPjFP+LHufZcIAdZepGyceR1kQXuPWtSxh2poxyWtEGJ87whMOTygLWijZABBgIVgs3jk7ZmD9MHPIGr3J1fRFhCFRN+oVkTip4rCEcoQcoZCg8OJdrvnvIve1JpLyZw66bjD8fQTwMB9gTNjQD1vqBQ5Gwx6mt6JLszR7esEkI3R3vJTWfYfjgw6FUC5WoVo187qsfMlYlXuWcWkD6MdiMe7tYndtXP1SlTtZS3jECvDXH/vtxOaPMh+OjAHlWdFqWw7GqVJ5U1bDY3Q+8PXqmmpxn3uXsKHh2QRCyhjY0lhIjdqUTx0wg/1QxRPD/9M9fCJ/eAf+8x0iIcGQ9VeWQtSHQxaMs3QmsUtOW/eSyXnW6R52gb1hfq/gc8k+g iH3r0C+x AFNrbnmfoHu9IfXWvJXLAyZxwKcdlWxs8yaR32GV13R2mDVaKZw9pIXk3ySb6ybmbByqmwwHd00le87xwGUbAtIzp1rCbg/+ubQ3Emb7QJP403lUFtWWUyb3e1uYUnmr4j0JfBANACYeQbSwaxAX3FYAjFo1B9CYpoLUazI59qdWTIi58c0wTbX4+076eTQWxKGg9l6ugl+482RJwM3zl3hLzymtCjIYA8ulGHIeD8wTJJHSL5SUjaGp8I6Y6sR5KjtSr8Tr5KzlWo2pcrKQKEXaxvSi0Nycv11kF1Ka/j+/T2fzMUuU9X/wfzYw4zHAcb12jH52Ra/P5ANI3sXcaSgQRJTRK49jbmVRP X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Jul 13, 2023 at 03:57:00PM +0800, linke li wrote: > > However, if this is a real issue it would make more > > sense to look for and change all such checks rather than one single occurrence. > > Hi, Mike. I have checked the example code you provided, and the > difference between > those codes and the patched code is that those checks are checks for > unsigned integer > overflow, which is well-defined. Only undefined behavior poses a > security risk. So they > don't need any modifications. I have only found one occurrence of > signed number > overflow so far. I used to have a similar check to that but I eventually deleted it because I decided that the -fno-strict-overflow option works. It didn't produce a lot of warnings. Historically we have done a bad job at open coding integer overflow checks. Some that I wrote turned out to be incorrect. And even when I write them correctly a couple times people have "fixed" them even harder without CCing me or asking me why I wrote them the way I did. What about using the check_add_overflow() macro? diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 7b17ccfa039d..c512165736e0 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -155,9 +155,8 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) return -EINVAL; vma_len = (loff_t)(vma->vm_end - vma->vm_start); - len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); - /* check for overflow */ - if (len < vma_len) + if (check_add_overflow(vma_len, (loff_t)vma->vm_pgoff << PAGE_SHIFT, + &len)) return -EINVAL; inode_lock(inode);