From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7693CEB64DA for ; Thu, 20 Jul 2023 19:03:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E516E280152; Thu, 20 Jul 2023 15:03:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DD86D28004C; Thu, 20 Jul 2023 15:03:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C5255280152; Thu, 20 Jul 2023 15:03:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id AFA2228004C for ; Thu, 20 Jul 2023 15:03:25 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 6293512028A for ; Thu, 20 Jul 2023 19:03:25 +0000 (UTC) X-FDA: 81032913570.28.7BE4E4D Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) by imf08.hostedemail.com (Postfix) with ESMTP id 8D56916000B for ; Thu, 20 Jul 2023 19:03:22 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=RaiDUPvR; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf08.hostedemail.com: domain of ndesaulniers@google.com designates 209.85.222.170 as permitted sender) smtp.mailfrom=ndesaulniers@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689879802; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=e4r0G41HIiGcQMHB4pEZiHr5BAGtm82arbVI+LgNPL4=; b=oJqVvy7wW96m99RSYk0SAxlOD9usFCw/UH8T0Ys7981JbuXPej6vnjCBXIK4xgvLdmTQ6L PcEQfwHHiju7GtirYP9zD1CEl6s6DTUdJ6njqRqtcvWStHoSejNzfX3wmirgAoiM48VYQ+ r75w6UaUbAFnmevUhoALxWzGywJShuo= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=RaiDUPvR; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf08.hostedemail.com: domain of ndesaulniers@google.com designates 209.85.222.170 as permitted sender) smtp.mailfrom=ndesaulniers@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689879802; a=rsa-sha256; cv=none; b=4BF1sMOyVooIYCXezELuatroK+7tzfYUdSTcueUQGWp77toW+t38Mgsi4Ec+m4m89mFsll cDRzca6lf0VwnrrLAjBWdZ+w8V2TKT4G/a3egj43Lko7EC/nDXYexwAfEurLpV+QYF7l0g ZHvZmI/C0n9Ul/+b/s+GdPJIHNPKMsw= Received: by mail-qk1-f170.google.com with SMTP id af79cd13be357-76754b9eac0so114069685a.0 for ; Thu, 20 Jul 2023 12:03:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689879801; x=1690484601; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=e4r0G41HIiGcQMHB4pEZiHr5BAGtm82arbVI+LgNPL4=; b=RaiDUPvR+vvyd1OyTp20JMJCSJvrT0S6zGhWxDNzZMzS0AGy8SJBsyyhckBfm5nRE/ K959Kw6uN6SafOVgbBVZ+Oid0aF4pL3At4mcK4EYDh2N0ahdN4oxnvkMxXbT00+CocPB /HjuM6QjdsPfWVRr2V+eaIs7pkDvmDgkgh7d/Ym1sn6HWGhCcBKB0DjUUSFo9YDCmmj1 +oTy23pA1nrzKlp5cOpJCHtIu479n28nKBoerhiWnRrAbNKK2lvX/4i92s6Aqo54Ahca Dq/TtIbjm5Z2285umaAaxnlGBq18gt9npli7BW0C7g60kmtT/Dk9l9hoWtaFFjKxcuUL fgvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689879801; x=1690484601; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=e4r0G41HIiGcQMHB4pEZiHr5BAGtm82arbVI+LgNPL4=; b=k3lOnayzaAGpWwaPDDKuwajbbZl3sPIYOhLhrxae/jSL7hgBf3irFRLKVmqnSJrN+R FCBizTGJwUmaWkUh6sGQBz1ms9uB/JvZpOTZ7FQTcjxNAYiLGrVBSgJa9WcyRjttA5l1 WGLI2b4GoxpQQcubZfldB5BS9qQl/d4UE+eLd+yy0nvT8PoA2D114ZvxnM3WvLabtBEp Q3aHbCzNC/n71DCz+IJZcbQKovToEn+B813hobdkKgTl9uVZr+ed3oUvWObt8iLR6qJn l1bv/tERk6PK0PXDcnV/i3/5CWCtvENSRLaNahTbqArefCJeZ47gvBLDe2n8j18mAKxm 70mQ== X-Gm-Message-State: ABy/qLYj6S3nCIqE9Q+1z0NyIjQk8ttVY3gFVrMi1Yr/Qs5UE0Le9J9t kR23I7gFRPbpzo23vyY4RdKIlnZEQ89yGMgboa2QRQ== X-Google-Smtp-Source: APBJJlHkLrHgRt203UkLUnU1mzzoW8tKVTFkDinsOgPBv+ELiQhdC9JCY+rvznAKn+8iCDefYEeSZshxr+gK8Y2fwW8= X-Received: by 2002:a0c:e306:0:b0:635:e528:5213 with SMTP id s6-20020a0ce306000000b00635e5285213mr3710654qvl.23.1689879801348; Thu, 20 Jul 2023 12:03:21 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Nick Desaulniers Date: Thu, 20 Jul 2023 12:03:10 -0700 Message-ID: Subject: Re: [PATCH v3] hugetlbfs: Fix integer overflow check in hugetlbfs_file_mmap() To: Linke Li Cc: linux-mm@kvack.org, mike.kravetz@oracle.com, muchun.song@linux.dev, nathan@kernel.org, trix@redhat.com, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, dan.carpenter@linaro.org, Linke Li Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Stat-Signature: 8iofawmbsrg5ucjd47wmz57koxyxhm6y X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 8D56916000B X-HE-Tag: 1689879802-262396 X-HE-Meta: U2FsdGVkX1+akgReSZ4I7uFuQSalx0pxBfCCXuQlIBB609wFHKflOV91wNbP03wG/EDoAqvAQgJBMec2efQeoX/Dpd1jCv8WxUEJVjAnmUUI9JwVlT50IzZcftY7x81LLgRZThLVDY3ZEFWFJFiPChrlQnpSHH3fbsSTvswqD4aCvQgBdY4pKeXAxJzsOaz+gXfeYP/TNLRU8HX3/XLqyeekTSk3pOwgnw3b2slMy+air8+h5h8TxK6KT7kkCHV8I6xCtA5HbAuKV/S5QmLiSzo4Vy73Iu9HxywAvASw1DsvvarS48upAmFDFlZQIFcUBncfECCl/jEmTQ6646h3uUOq/Z+JzltmX2il6EqdIkpgmDYCkpgUIPHdR6nSwXh4mZQC84eZqHYHBR6ajQ1CaKKDC9VMw+HUQyuh6Ajq3AhqD+Qt2VfVrDCkstOYCIC7EmoM8ffPsSVMTFGmrNqQNJ1Fam2G7o5aH38QTEE6XwHxTg/5fbyMt3LQ4EYWuUe2T2bqU1BAwtIO7cDnxCfFTzLrYYjf8ULNGI9Mx9pwnabUil+J8mreqYQk4n2c9HXow67sJ3EdRUhPBECxZZuItvj9aYJ4/4xVWWpyL0OiLdGngYZf7A/hD471hAKaywaMq0/JUIvgHSY7uCvvT8vSXjjXkWeXabZX1jjWgnb/XDn3UpeI8AG6xIN0ko3peYUJo9XCGwp360Etm7Jx1HzVw6zty6Tk2MD+zOvWAqwxqlVJw+hCpy5B3uv9hf1e399bT+IHUwZ/xAHNhlGCk9fMy21TwZsfD0AkL/LC4xstTcCD6cWsXmpQWxv806zWuFjDmvT3a6b0LF7cWVQyMdZ23LvBb3frBAO0MfnWhHmOGq3nTjljLZktYpSWoth5GOl3ljUtEWEqUzb2Rzjb26ln1A0l2nWL1WVumOyxziZQOCr6xX7VQT5Hu35uRNBWvU9ptRCXCD+34gRK0urObZ3 SnYKEJwz rrjMsnpk8DuxCscZ+OErhIpGJZTIV9RQG+D610rP7fwDmhHD525GjM/yclPs1v4mbATnh6PuknHZKpvobsoTvHuzH/7R7g+XxhC/9kHo6I+KrQ9jkuWErxLDaXkAIxEyyyi1owTUvIaos08gpx9L/Fbxrq0xMjG6mGerX/0zzs0xGbIAwkT8d+29b+aJsIPOEVQnfmt7kJmnuEJvXxgdA64el4oTlWN/IdxdDDWsp4a5E2k9koMA1kdkRVlJXTV85zzrPoyJpFDTH6hVHgxg0BlfYV+biSBZ/RIUkXWey2xA85K/gAAJT9EhvlwDr+/WsROuVmdeB92iX3zbDXxuGd08Zwe/v/75VxnVD5pgIa+m9aH8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Jul 20, 2023 at 7:50=E2=80=AFAM Linke Li wr= ote: > > From: Linke Li > > ``` > vma_len =3D (loff_t)(vma->vm_end - vma->vm_start); > len =3D vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); > /* check for overflow */ > if (len < vma_len) > return -EINVAL; > ``` > > There is a signed integer overflow in the code, which is undefined > behavior according to the C stacnard. Although this works, it's typo: s/stacnard/standard/ I think the commit message should explicitly mention that the Linux kernel is built with -fno-strict-overflow, but IMO that kind of makes this patch moot. > still a bit ugly and static checkers will complain. > > Using macro "check_add_overflow" to do the overflow check can > effectively detect integer overflow and avoid any undefined behavior. > > Signed-off-by: Linke Li > --- > v3: fix checkpatch warning and better description. > fs/hugetlbfs/inode.c | 5 +---- > 1 file changed, 1 insertion(+), 4 deletions(-) > > diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c > index 7b17ccfa039d..326a8c0af5f6 100644 > --- a/fs/hugetlbfs/inode.c > +++ b/fs/hugetlbfs/inode.c > @@ -154,10 +154,7 @@ static int hugetlbfs_file_mmap(struct file *file, st= ruct vm_area_struct *vma) > if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) > return -EINVAL; > > - vma_len =3D (loff_t)(vma->vm_end - vma->vm_start); > - len =3D vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); > - /* check for overflow */ > - if (len < vma_len) > + if (check_add_overflow(vma_len, (loff_t)vma->vm_pgoff << PAGE_SHI= FT, &len)) > return -EINVAL; > > inode_lock(inode); > -- > 2.25.1 > --=20 Thanks, ~Nick Desaulniers