From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD3A0C2B9F4 for ; Tue, 22 Jun 2021 20:04:58 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 3E92661027 for ; Tue, 22 Jun 2021 20:04:58 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3E92661027 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id D3FE86B0036; Tue, 22 Jun 2021 16:04:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CEF6C6B006C; Tue, 22 Jun 2021 16:04:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BB9696B006E; Tue, 22 Jun 2021 16:04:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 73C896B0036 for ; Tue, 22 Jun 2021 16:04:56 -0400 (EDT) Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 9E580211B1 for ; Tue, 22 Jun 2021 20:04:56 +0000 (UTC) X-FDA: 78282438192.18.A979DB9 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by imf30.hostedemail.com (Postfix) with ESMTP id 32F54E0004EC for ; Tue, 22 Jun 2021 20:04:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1624392295; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=t//12EkE3p9xiFhM+ud5nQO8P8IYV8TooPn5f0ckEg4=; b=feryE5H5Aoxg7oINTTw1u7+J3aTv1eNbhMJKDhoQqznMJbPsZYkOQr5La67dtYQPj/bkpj zSQg9YKyfYVBLgpafsEJRK5pZomRYTmnrsyoNfLk+dEdS5j4S9ssRqt9lh0B2jiJgox2VR eeE0ye0Rxbq+JUBsB+A3AtTMXA8uEO8= Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-499-RYBjC7WeMuG96cM1Pguwxg-1; Tue, 22 Jun 2021 16:04:52 -0400 X-MC-Unique: RYBjC7WeMuG96cM1Pguwxg-1 Received: by mail-qv1-f71.google.com with SMTP id ea18-20020ad458b20000b0290215c367b5d3so347154qvb.3 for ; Tue, 22 Jun 2021 13:04:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=t//12EkE3p9xiFhM+ud5nQO8P8IYV8TooPn5f0ckEg4=; b=Zg6/Dsp68QSBZ+mPbDy0T281pLHdvONQChZ9xkX1toT54EcIIc9NkK2ZhdfRHlYafY UHKrL3hHhWj6rRK2YCiqdMFHWJ1un8YncE+kRg0S8Mrq0Pemzkwl0Mr8H7Hcsll8XzGR zg75hh5Y3fKtbDDXlO7QXlq8CUJOR3NMM4ss+Xg0FGl8+LlArscQaMq+AXtXt8AcBAGc OXwjpaERjqh3uUe09kxMI+KG7szJgKOcZ9IbUGgm0rQ08APH1rOZkDdvo53BNIzhlHdF LZ76dbbqo7l920Gu2zeKk45MNuigDeP0Hq/ig2UTwRu9qRH6APMoIjEjH6ImNja327xw g/pw== X-Gm-Message-State: AOAM5316lr/94tNwmuRKn7Z1OFy0N8WiPAxtcV+ZdQgmQt23vteVv7QQ Cth7bHKqoQ/gz2P31UnZAGPD6UfhnxgnwfZTOtViBKKRQ4sM4NWIfj7L1arBpR0hTviIzKLzZtK 0AoRyNjjPqH0= X-Received: by 2002:a05:622a:1701:: with SMTP id h1mr510292qtk.36.1624392291945; Tue, 22 Jun 2021 13:04:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxT8MDYD6s0TuLkbco4tP6pDikcdfgljaa/ExfUeY4l2jTjYthsc/h+B1687QdwWDTF4HSvMA== X-Received: by 2002:a05:622a:1701:: with SMTP id h1mr510273qtk.36.1624392291690; Tue, 22 Jun 2021 13:04:51 -0700 (PDT) Received: from t490s (bras-base-toroon474qw-grc-65-184-144-111-238.dsl.bell.ca. [184.144.111.238]) by smtp.gmail.com with ESMTPSA id i67sm13904118qkd.90.2021.06.22.13.04.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Jun 2021 13:04:51 -0700 (PDT) Date: Tue, 22 Jun 2021 16:04:49 -0400 From: Peter Xu To: Dan Carpenter Cc: Andrew Morton , Alistair Popple , Stephen Rothwell , linux-mm@kvack.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH] mm/rmap: fix signedness bug in make_device_exclusive_range() Message-ID: References: MIME-Version: 1.0 In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 32F54E0004EC Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=feryE5H5; spf=none (imf30.hostedemail.com: domain of peterx@redhat.com has no SPF policy when checking 216.205.24.124) smtp.mailfrom=peterx@redhat.com; dmarc=pass (policy=none) header.from=redhat.com X-Stat-Signature: i9r84jftjxhe9hi48b46sbqg5b6ohu6p X-HE-Tag: 1624392296-945950 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Jun 22, 2021 at 10:03:00PM +0300, Dan Carpenter wrote: > The get_user_pages_remote() function returns a long type, but we are > using "unsigned long i;" as the list iterator. If "npages" is -ENOMEM, > the comparison "i < npages" is type promoted and "npages" becomes a very > high positive value. The loop will then iterate until the kernel > crashes. > > There are two ways to fix this. Declare "i" as a long type or add an > explicit check for get_user_pages_remote() error returns. Either > approach will work so let's do both. > > Fixes: fa1e686e5f53 ("mm: device exclusive memory access") > Signed-off-by: Dan Carpenter > --- > mm/rmap.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/mm/rmap.c b/mm/rmap.c > index e5210dde0c4d..fb5c59b95826 100644 > --- a/mm/rmap.c > +++ b/mm/rmap.c > @@ -2187,11 +2187,14 @@ int make_device_exclusive_range(struct mm_struct *mm, unsigned long start, > void *owner) > { > long npages = (end - start) >> PAGE_SHIFT; > - unsigned long i; > + long i; > > npages = get_user_pages_remote(mm, start, npages, > FOLL_GET | FOLL_WRITE | FOLL_SPLIT_PMD, > pages, NULL, NULL); > + if (npages < 0) > + return npages; > + > for (i = 0; i < npages; i++, start += PAGE_SIZE) { > if (!trylock_page(pages[i])) { > put_page(pages[i]); > -- > 2.30.2 Ouch.. The check should be enough, imho; looping over an long seems a tiny little bit odd, but still looks okay. Reviewed-by: Peter Xu Thanks, -- Peter Xu