From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20D96EB64DA for ; Thu, 20 Jul 2023 14:55:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9C9C2280120; Thu, 20 Jul 2023 10:55:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 952A928004C; Thu, 20 Jul 2023 10:55:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7CC12280120; Thu, 20 Jul 2023 10:55:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 6AB1928004C for ; Thu, 20 Jul 2023 10:55:25 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 33F99160190 for ; Thu, 20 Jul 2023 14:55:25 +0000 (UTC) X-FDA: 81032288610.21.047FFCB Received: from out162-62-57-210.mail.qq.com (out162-62-57-210.mail.qq.com [162.62.57.210]) by imf08.hostedemail.com (Postfix) with ESMTP id A425C16000B for ; Thu, 20 Jul 2023 14:55:21 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=foxmail.com header.s=s201512 header.b=IirFhtFd; dmarc=pass (policy=none) header.from=foxmail.com; spf=pass (imf08.hostedemail.com: domain of lilinke99@foxmail.com designates 162.62.57.210 as permitted sender) smtp.mailfrom=lilinke99@foxmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689864922; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=Qcz15XReY65YdihFG7Jmx5oPpTHAUuD8Yllv8YH9M0o=; b=TEC+9kWDJvvsg3Nc2+44LtGZqsNKR15S24gX9955TyRVhivja08NCnj+J0XSP4j4gLD4ZI GIM9m1bS+BU2OKFD0dUCn0onwJXyJHCAdRaMIlvfdgzJpX25fo8SUnUVL7g/jEyXmJrhQI AmMfXGX+mlEo3FRabBh3p1NUIdyLnd4= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=foxmail.com header.s=s201512 header.b=IirFhtFd; dmarc=pass (policy=none) header.from=foxmail.com; spf=pass (imf08.hostedemail.com: domain of lilinke99@foxmail.com designates 162.62.57.210 as permitted sender) smtp.mailfrom=lilinke99@foxmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689864922; a=rsa-sha256; cv=none; b=GzRa36E7qvWj61cdnePPrXZvXzk1fMNhvGVNPUKyNTN4PzDtKwBC8VEMBmZQFMHf4PmmVk LXB1JG8Xtac83p1iS0ColzIj73NSTB2Hm1kHvK5uJjjp+Z1zxebkuN3i/6gK1KauUaxVYZ doonFHDG4Ox7bOSeYZ10rnjVEcqYXZs= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1689864598; bh=Qcz15XReY65YdihFG7Jmx5oPpTHAUuD8Yllv8YH9M0o=; h=From:To:Cc:Subject:Date; b=IirFhtFdl9BNwuH0OPcCLSw+yozZo2YvicxzWqWW8sTU527DJB2LSwFZDJ0psxaGb zEPucDoTdvsXxIAeUGqLhxTxtOlstE8wt++rNIErEbBGD3Xxzsj8lBTUaNol9LRTsb sTNnauoFYXBJDO9zS51bSlv2mFhI9zFWZStKgOpk= Received: from linkpc.nju.edu.cn ([58.213.8.104]) by newxmesmtplogicsvrszc5-0.qq.com (NewEsmtp) with SMTP id C771E6C3; Thu, 20 Jul 2023 22:49:55 +0800 X-QQ-mid: xmsmtpt1689864595t13z8h5u9 Message-ID: X-QQ-XMAILINFO: OZZSS56D9fAjSUXlQpXDAbkBcZjcNvgtboI9mD4CSVX2bJs8NHANQ2x1u1ELe7 WK13yV3eDNEGCOyR8j4mAsv9yzxVXJckkYuIPJ08gaDljfv6hWZiKCqPWDDqvatuKB923+558zAW ebp2b5JUpQsOcbruVi9yPywy+RbH6kbZQX+Z3Xta8hfSCl0C3vd1Xsz+DJIVulP2UlHZ8QbCeITy e/1JQoE7KwRIZngya5mTfliq8Lha98Yokh22td0b4fVt9Sivf6z3xfxCQbutmPAJ+KiXimLkgQxz R5huVexGTmCKz4kSIs1L5cuOxiYfJlpalwaw8dyL7kpfkMG5SgUXdTKec69dEwXG39TJyhsPtzjf co4X2hocYHOm7/Wyls27VgiWWp78e/lVIoccb12Q9+xR/PkhwaqXc0G6N06Cs28eNmIJmwTLtXhG +d5usc+fisGdhWnu/c0lcIRolkrzVYMAJCZN6RDrXnxpPlqRw7hyfNt2ftWSY3S/K1Yn1sAUyZV0 r2P33px2RvOpEmoX3PZOd61W/AxFHNUk046MtIBt+1VwxrcnyFJhJ4FXWCY4+4eoC0dv1snN+ZCc g5XQB21HXxGaSCnAifYrMjDyY0sKzci/v0qZRgOGRFhbciI7T4KT+cufSysDg4gnLe49M3ybeN2v 3LCvYmgjCDarE1mNDl4+kh3QPYfrVGJxi5xn2fYfe4CSaHOQg2y8W40t4mTVD+Qae9FC25gYysyQ FUfw2xnIHpdrHqjdjbfEAfnY0M38tHiU1LJ/HSsqDOT0W5dHAoevnbqUDqkCN/gIp3T94ckZ87wc whDh2UQM9hUmHNViQUtqMrej+SXeUqOAnidi8kYkX8lJNgxRl1q4UgckBo/wUEkxgoU173THyEa6 dCY/CjCVB0l72tXVQhEhxGNfJHwwRwo3SRR1vKjEn38tloekLkxKflBhfjymJEZA82KyB8qDbVyb 5Styfq46VPidF5EUBC8WJh14BmtZlx+HUHB6DGdRVY90HUnEjnhv6KIM+W9js3rj0HyIKQBKs= X-QQ-XMRINFO: MPJ6Tf5t3I/ycC2BItcBVIA= From: Linke Li To: linux-mm@kvack.org Cc: mike.kravetz@oracle.com, muchun.song@linux.dev, nathan@kernel.org, ndesaulniers@google.com, trix@redhat.com, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, dan.carpenter@linaro.org, Linke Li Subject: [PATCH v3] hugetlbfs: Fix integer overflow check in hugetlbfs_file_mmap() Date: Thu, 20 Jul 2023 22:49:52 +0800 X-OQ-MSGID: <20230720144952.127328-1-lilinke99@foxmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: A425C16000B X-Stat-Signature: t3wmigu3n5u1p3ipiqzrgt8topmdmoii X-Rspam-User: X-HE-Tag: 1689864921-898216 X-HE-Meta: U2FsdGVkX1/gCsQOwTo3xRxOVSrGRt+fOLRQaw2hMHlnR05s7fWHZ4rN8zQ6YiEK/yxg6a6NwgifzZgWcm5gECZZBUfVp4/z8B3dL7IVfDY1w7Xc2mSg9iF4iOCrWSGKHwKDTL6+wL61VrQANyABsBwwcTIdepW0PL8aONksdrppTpmqCypFa3G58SEa+vP3QXIAEkQbNwyRdeJsUQHX5l2bYkJ85X12wVbLS2gfVaw9C4vZZQtsIn/no5yYjDkXBoxqAiPFHV30jxqTybE30AfcirZIvHqYHGmXyE5EtwPF92T97Jg9O5dyUV+x1cX2IS5Mb2HOQohbMK/iYgK1nhHjlc1a8vlg4+Cv/z2v+BcQjJ+Bb3jesWOFuN3hRlTqXRHxoBBAkEAt0zv4t0xeSpIEDb4o/ygXfHfv8XbVuU8+jXkOAXd8Y7zcx63JH7WKokjVIxIYUSFMRHavOb149U9tkR8sjPhKBVLoLCOy2uZ8xFk2hhBo+7m7trLXecbpx6wcWLYKrLxyZZfqX+fLWarftIgnrLma3RQGnIBYDq0kXNvaZ6B7nRveGVXQZWWBzR43l6tQyM5r0A550XRQx0Kashb8c5X3VV4u/FhjMUasmvIsBCWGhPrQlDt2qsJkSPSx8qpPGiz8Fgx/9PA/S7E3v70zSAz4yLgOR80cQfbqOqUyczvVnqJjnlcD1R3k9pPTEEFZHQi729pchn8HHtVhqDE5kIo1UVeSVP290Nk18HWW4eYWJnJkWiOWTpgY2LgHe5tDNqc4b+tM8R8OWzHLiqC0Hk9hqL9MxI+PmMaZskW7WjuDxHaBMiB/R9B7N807jVvRoBwpaDuJ5Tr64DTgAbYWsqHyleUCzwkmBQXr88ql/X/QbEYvvYUWr4r3wN/fxif4ICWUg1iScApyQagLkUUrAOxr8yTFULETsah/3AY1+EJm9iW1JREYLjqJzJerrWa+SVZ7CHdhSGx PMEEQ3GL u3GmY0ngjV8YbrQwUMLKEFkOYxDGjXy5wrJk1ppesi9z8D1u4TQS9Nx2LSqmVl8j9CeGsNcTaEtrjtMTOGm2+GBvti0xjQqt7RGXfGkqqDE/AIbDzQMF02UKQJZifC7LSLMmPkjJyNwkloKyTPyNehmrJkD6T9EN+9Tt+CLq3Uk+hU/rRJ0tXzPot/e8x1mFVXeiyy7ybMrY4keQss6XHJvb77w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000584, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Linke Li ``` vma_len = (loff_t)(vma->vm_end - vma->vm_start); len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); /* check for overflow */ if (len < vma_len) return -EINVAL; ``` There is a signed integer overflow in the code, which is undefined behavior according to the C stacnard. Although this works, it's still a bit ugly and static checkers will complain. Using macro "check_add_overflow" to do the overflow check can effectively detect integer overflow and avoid any undefined behavior. Signed-off-by: Linke Li --- v3: fix checkpatch warning and better description. fs/hugetlbfs/inode.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 7b17ccfa039d..326a8c0af5f6 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -154,10 +154,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) return -EINVAL; - vma_len = (loff_t)(vma->vm_end - vma->vm_start); - len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); - /* check for overflow */ - if (len < vma_len) + if (check_add_overflow(vma_len, (loff_t)vma->vm_pgoff << PAGE_SHIFT, &len)) return -EINVAL; inode_lock(inode); -- 2.25.1