From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D09BBC77B7C for ; Fri, 5 May 2023 16:28:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 06F0A6B0072; Fri, 5 May 2023 12:28:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 01F5F6B0075; Fri, 5 May 2023 12:28:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E76CB6B0078; Fri, 5 May 2023 12:28:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from mail-qk1-f182.google.com (mail-qk1-f182.google.com [209.85.222.182]) by kanga.kvack.org (Postfix) with ESMTP id CD82B6B0072 for ; Fri, 5 May 2023 12:28:00 -0400 (EDT) Received: by mail-qk1-f182.google.com with SMTP id af79cd13be357-74db3642400so175453485a.2 for ; Fri, 05 May 2023 09:28:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683304080; x=1685896080; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=+mSPknR16kIGlVDljDxjdovg3C/2kikvnxEREd5Lm74=; b=ePeyCuKYSd5TqXx3ZaOe6A/v3p94hC1a7UCv7N+xX5nTDqzOeARF3ns0BmL6PuwX6u /OFZPK7c9yaPxpl995Obgeh1y1sFrZttv0+rTOh3c7A+/8+hvXihKskEh0OZIDiD9cJw qJkMqvXP/B7HMWi7pcE5n06e5enjHd73b/lHgrwGLX+UUIavmqGvaBzFVlRB8JBPhbDJ Wd9JhkZClV/7FxePE1OoOq4Iy/cFlFzbqP3RbX41uSqRIH7p5ewwFSzY00sPFuMHYxqr DG9aEe/o/tyKsoAzHHg0/PRVKSbPjI5NYOIR3gMOCfz73bDA0UZcNvWNXnlmgfFJXgw2 CnPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683304080; x=1685896080; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+mSPknR16kIGlVDljDxjdovg3C/2kikvnxEREd5Lm74=; b=ktGtw8wd5LK2MPrbGfUgPdew9bSgsUFe/W/QMjqDZ0fdytRe21HJW+7zXq/wVp5Nd1 XpIeKia+w5jpvC8YH3fLLKo+qZNzQg1vTKYg3j8p0SwINoZ7XmHDgXGJEK9LfxF1TbWG ktdWhAO79vG9RI5kMw0p1FLIr//EfXaFNtJZB+/JeyyKbHmA1nKz+/2hMX52wIU12SKk wDpomoLj77ocx+kLbRqxrXLscnsHxpBxymLfTzEuqhaWGSSee4RuAsCMmHqB7XKO06df EjZP7CvXszgT6QzV2HfqBzRNyZkp257jb9hw6xDYVnzA/6jCAKkgz+FU9f6eZS+mwsfE wjxg== X-Gm-Message-State: AC+VfDyOQU6fbDwBAtj6Wsi0u0d51soXw/QlprlVtmIbH+E+RDIl2vGG h1uFOJqXyZ1tmeRU/RZ377nv2qUrFnfbOCPZV2g= X-Google-Smtp-Source: ACHHUZ7nSyfIMoQtkCEHu8c/zxpVf9tLo4DQB80OEJiCDzUIpgohfKOM3YUgHjuE50U711DL+22bg2K6ssyfc3yFkpE= X-Received: by 2002:a05:6214:dce:b0:614:9b92:cac1 with SMTP id 14-20020a0562140dce00b006149b92cac1mr3564651qvt.47.1683304080056; Fri, 05 May 2023 09:28:00 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Nhat Pham Date: Fri, 5 May 2023 09:27:49 -0700 Message-ID: Subject: Re: [bug report] cachestat: implement cachestat syscall To: Dan Carpenter Cc: linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000770, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, May 5, 2023 at 1:44=E2=80=AFAM Dan Carpenter wrote: > > Hello Nhat Pham, > > The patch 5c289a59b1d0: "cachestat: implement cachestat syscall" from > May 2, 2023, leads to the following Smatch static checker warning: > > mm/filemap.c:4282 __do_sys_cachestat() > warn: potential integer overflow from user (local copy) 'csr.off = + csr.len' > > mm/filemap.c > 4250 SYSCALL_DEFINE4(cachestat, unsigned int, fd, > 4251 struct cachestat_range __user *, cstat_range, > 4252 struct cachestat __user *, cstat, unsigned int, f= lags) > 4253 { > 4254 struct fd f =3D fdget(fd); > 4255 struct address_space *mapping; > 4256 struct cachestat_range csr; > 4257 struct cachestat cs; > 4258 pgoff_t first_index, last_index; > 4259 > 4260 if (!f.file) > 4261 return -EBADF; > 4262 > 4263 if (copy_from_user(&csr, cstat_range, > > csr comes from the user. > > 4264 sizeof(struct cachestat_range))) { > 4265 fdput(f); > 4266 return -EFAULT; > 4267 } > 4268 > 4269 /* hugetlbfs is not supported */ > 4270 if (is_file_hugepages(f.file)) { > 4271 fdput(f); > 4272 return -EOPNOTSUPP; > 4273 } > 4274 > 4275 if (flags !=3D 0) { > 4276 fdput(f); > 4277 return -EINVAL; > 4278 } > 4279 > 4280 first_index =3D csr.off >> PAGE_SHIFT; > 4281 last_index =3D > 4282 csr.len =3D=3D 0 ? ULONG_MAX : (csr.off + csr.len= - 1) >> PAGE_SHIFT; > ^^^^^^^^^^^^^^^^^^^^^= ^ > This can integer overflow. Do we need some checking to ensure that > first_index < last_index? If first_index < last_index, it won't crash. The folio walk won't do anything, so the user will just receive all-zeros stats. I think this is fine. Is there anything I could do to make the checker happy? :) > > 4283 memset(&cs, 0, sizeof(struct cachestat)); > 4284 mapping =3D f.file->f_mapping; > 4285 filemap_cachestat(mapping, first_index, last_index, &cs); > 4286 fdput(f); > 4287 > 4288 if (copy_to_user(cstat, &cs, sizeof(struct cachestat))) > 4289 return -EFAULT; > 4290 > 4291 return 0; > 4292 } > > regards, > dan carpenter