From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CE066C433EF
	for <linux-mm@archiver.kernel.org>; Mon, 28 Feb 2022 02:59:20 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 224958D0002; Sun, 27 Feb 2022 21:59:20 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 1D1788D0001; Sun, 27 Feb 2022 21:59:20 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 0C0028D0002; Sun, 27 Feb 2022 21:59:20 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.27])
	by kanga.kvack.org (Postfix) with ESMTP id F3C488D0001
	for <linux-mm@kvack.org>; Sun, 27 Feb 2022 21:59:19 -0500 (EST)
Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id B342470E
	for <linux-mm@kvack.org>; Mon, 28 Feb 2022 02:59:19 +0000 (UTC)
X-FDA: 79190682438.14.B9B66B8
Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176])
	by imf01.hostedemail.com (Postfix) with ESMTP id 2D84D40002
	for <linux-mm@kvack.org>; Mon, 28 Feb 2022 02:59:18 +0000 (UTC)
Received: by mail-yb1-f176.google.com with SMTP id h126so2834885ybc.1
        for <linux-mm@kvack.org>; Sun, 27 Feb 2022 18:59:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=34pLy5corG+HXHvvIyE030KIDUh7wwaXX8KPYqoWC0k=;
        b=FwVj6ufawxpi9pivekPtYpQj4eJVmPnKCPuxl4736Po6Y/uSYhIfoMzOaKPvSMRWVQ
         KZ+Hkhg/J80BJsFx6+KlrdIPggrxm850i3K459gfcxdjFulSiQzFG6bwa3PHlzP0rmUX
         lT6UtPnBk/aioeF7Se4Xt5/y8ZEJVKwT3//EUdyI0JNF8KOsT6EODS3St71J/OZwri4T
         6plDDOHax8EX7NNPy45F0h+dNA3FL5F42ZlzMH2d4e+LI8kNynY5D2JWgpFHGATzYCt4
         D6gAxLzpSfWc8SpHWcpQiQ8HH9wtnBmL/V9tiDAQOw5ZCraXzXy9tRSC5Dc+Aizwj40e
         AjbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=34pLy5corG+HXHvvIyE030KIDUh7wwaXX8KPYqoWC0k=;
        b=G0Ii8sNtOBhBgs+ENIv1ZDvFY1mzQdnToItXgcOjryAsX9Fmqk1Dx7RBuftepodmRP
         510jbP0jdOxuB5satYM15X9yPAeSG3KmBAjn0GpqvbHhCVXAuCUWWWKq3EqGjKkjR8DP
         g1PU1nmyXZy0iVxlFnzomnEiYBcIRdh9Y7wxcVDrRBx7dzZ0l7m6ci6iG5uVmEDbH6CN
         GBpgqbyi5E1+Z99qhS6G1c9M3OyBYOr+QhZzSqOaM78mrnjbHHg3G4kAaku1c5709SgB
         fVbu94bVrDxziKwaepoZdqmfy2jfbQRFNtQ3RtKQxh0Y5MJafJDANIg2PJx0fkoBpPYg
         1PXg==
X-Gm-Message-State: AOAM530CYQzu/MltNq1oEth2iwKdKzPTucvPgF7qPuQ/BdNv81TjGHAc
	mE/SfAQg0KiMaQ5o5JPLr2MC07n5Pe4yrbq5D64=
X-Google-Smtp-Source: ABdhPJx17uih3i6ODEN3id8kh8gZFy9yeB6zIG9sWlB4vQQnbYHTsmfDrwmGXujKHoes/ym712n0m7bo4NmvUjdoTSQ=
X-Received: by 2002:a25:c00b:0:b0:624:4382:9d0a with SMTP id
 c11-20020a25c00b000000b0062443829d0amr16841787ybf.436.1646017158396; Sun, 27
 Feb 2022 18:59:18 -0800 (PST)
MIME-Version: 1.0
References: <20220209134018.8242-1-liuyuntao10@huawei.com> <95d1dc4e-fc3b-fe3c-5d85-218a7410e966@oracle.com>
In-Reply-To: <95d1dc4e-fc3b-fe3c-5d85-218a7410e966@oracle.com>
From: Zhenguo Yao <yaozhenguo1@gmail.com>
Date: Mon, 28 Feb 2022 10:59:07 +0800
Message-ID: <CA+WzARn63QzU0h2NfPDzgk=fs5=uiHHGaXZcye+qmGyLWRoFog@mail.gmail.com>
Subject: Re: [PATCH] hugetlbfs: fix a truncation issue in hugepages parameter
To: Mike Kravetz <mike.kravetz@oracle.com>
Cc: liuyuntao <liuyuntao10@huawei.com>, Andrew Morton <akpm@linux-foundation.org>, 
	Linux Memory Management List <linux-mm@kvack.org>, linux-kernel@vger.kernel.org, wuxu.wu@huawei.com, 
	fangchuangchuang@huawei.com, windspectator@gmail.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: rspam09
X-Rspamd-Queue-Id: 2D84D40002
X-Stat-Signature: qph9ouwzwr3qg5dme343dr5inwqeprtg
Authentication-Results: imf01.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=FwVj6ufa;
	spf=pass (imf01.hostedemail.com: domain of yaozhenguo1@gmail.com designates 209.85.219.176 as permitted sender) smtp.mailfrom=yaozhenguo1@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-Rspam-User: 
X-HE-Tag: 1646017158-569429
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Mike Kravetz <mike.kravetz@oracle.com> =E4=BA=8E2022=E5=B9=B42=E6=9C=8810=
=E6=97=A5=E5=91=A8=E5=9B=9B 08:44=E5=86=99=E9=81=93=EF=BC=9A
>
> On 2/9/22 05:40, liuyuntao wrote:
> > From: Liu Yuntao <liuyuntao10@huawei.com>
> >
> > When we specify a large number for node in hugepages parameter,
> > it may be parsed to another number due to truncation in this statement:
> >       node =3D tmp;
> >
> > For example, add following parameter in command line:
> >       hugepagesz=3D1G hugepages=3D4294967297:5
> > and kernel will allocate 5 hugepages for node 1 instead of ignoring it.
> >
> > I move the validation check earlier to fix this issue, and slightly
> > simplifies the condition here.
> >
> > Fixes: b5389086ad7be0 ("hugetlbfs: extend the definition of hugepages p=
arameter to support node allocation")
> > Signed-off-by: Liu Yuntao <liuyuntao10@huawei.com>
> > ---
> >  mm/hugetlb.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> > index 61895cc01d09..0929547f6ad6 100644
> > --- a/mm/hugetlb.c
> > +++ b/mm/hugetlb.c
> > @@ -4159,10 +4159,10 @@ static int __init hugepages_setup(char *s)
> >                               pr_warn("HugeTLB: architecture can't supp=
ort node specific alloc, ignoring!\n");
> >                               return 0;
> >                       }
> > +                     if (tmp >=3D nr_online_nodes)
> > +                             goto invalid;
> >                       node =3D tmp;
>
> I am surprised none of the automated checking complained about that
> assignment.
>
> >                       p +=3D count + 1;
> > -                     if (node < 0 || node >=3D nr_online_nodes)
>
> I can't remember, but I think that check for node < 0 was added to handle
> overflow during the above assignment.  Do you remember Zhenguo Yao?
>
Sorry for my late reply.  This check for node < 0 was added
to handle node parameter overflow from the earliest version:
https://lore.kernel.org/lkml/20210820030536.25737-1-yaozhenguo1@gmail.com/
Parameter of node allocation was:  hugepages_node=3Dxx hugepages=3Dxx at th=
is
version. With the changing of the code, this check has lost its effect.

> > -                             goto invalid;
> >                       /* Parse hugepages */
> >                       if (sscanf(p, "%lu%n", &tmp, &count) !=3D 1)
> >                               goto invalid;
>
> Thanks,
>
> Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
>
> --
> Mike Kravetz