Received: by 10.223.185.116 with SMTP id b49csp76703wrg; Thu, 8 Mar 2018 13:09:52 -0800 (PST) X-Google-Smtp-Source: AG47ELvz0qicS9ioCva4ODeLGzdk0QxoXE6OfB89ZFPwZ4M+6+hhf5Pe0R9LMhAJ7btQad/F08lS X-Received: by 10.98.223.93 with SMTP id u90mr27623477pfg.13.1520543392653; Thu, 08 Mar 2018 13:09:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520543392; cv=none; d=google.com; s=arc-20160816; b=XkQt1zFhwMg+IrY2QKUIqICLcXmE4gCjC3sn3DLEkST00JMGE92FThafzAXRZVqkfv AVVkXVEtxT8TGYzhnC2A4k0cqecrO89Iz/xSrPAgRvzkPrP6uFS7S7lq8W8zLc1vyfWU qOEFmXVJhVvnHf8wcTZsyGvEYdwx2iS0Q7ar7qNCpLTdsWOoH+M7+RlgCwKVIpZFYppL +eGx13LLE5691DyKmyT/grNecvYqmEiwADfzVUez8eE3zpvL73hy4XvgzAtPkIRbaUrs xM2JBFhmR0ff6UDCGGwTlyOXNB9/HfO7XvEUqXduLHnpUzZ/hAGWU1A/6sK1wZbnAZJT DK0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:references:cc:to:from:subject:dkim-signature :arc-authentication-results; bh=QSmCDa11VIq065jLuOIHKW5a9NyEwy0Ot8r8sYggY5Y=; b=oEbGkmDqZUAlqT23EbS7Hd4SwQGBddvIYiJHCDwRgpp5p4yy+ruOt6USVY7sJB12Eo VeCXGqy0fNAihjvckof7JesIg5jkoYGdyQaDuc4HDUWBawaGhwHHqEC9W3hCDW+KMlQv /UBaV55KO1Krc23mpT8O0CCmA5YEKjyXdK6A0UvoQ8AGJWbbF2QDVMGZhpF9ZV8ctY7I kljLs7m2DZf3aoHAKdpTHnblpMWlYKJ3BZbISg85FgO9rxTIJr+HOGF/EeZ2K747M7dL IkPN5U23InVvqt9Jdw6j4dy3p4U+865jbQ1LcvcVdW9VNATjDxUt+poSEbDerHqcL7HM GzAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=VBre6LHK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r9si9688776pfk.372.2018.03.08.13.09.38; Thu, 08 Mar 2018 13:09:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=VBre6LHK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751419AbeCHVIh (ORCPT + 99 others); Thu, 8 Mar 2018 16:08:37 -0500 Received: from userp2130.oracle.com ([156.151.31.86]:35108 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751124AbeCHVIf (ORCPT ); Thu, 8 Mar 2018 16:08:35 -0500 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w28L6vLZ125698; Thu, 8 Mar 2018 21:08:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : references : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2017-10-26; bh=QSmCDa11VIq065jLuOIHKW5a9NyEwy0Ot8r8sYggY5Y=; b=VBre6LHKN6ER8K6qx82xqqIIFHQNrtul8bfjO0kX2nO0UYSTpnAdOAspPCpIGFnnpDDC cU2CFU9sGrrxzU3sQh035VBa9NkA/pBYYRyAinhUwB60X5MyYBJJ/gTg2IMQ14YDWQpL I2bW2q4Qi5FfxQNpma4LDVLQXU+//yoCTwSnaKUsXGAHakMWuP/s5lgGT5IA0EUMIIhB RrHSmbB5uty0OiV26umfGcwI+RMaw7AytydurWU79hKRfQYm+p65Gekicj1yWGh0CEr1 ihBo+EySpWw5aLt3kSPXbs35mo1Fq7eGdVtcqkMnoGSOC8fNDWg20YcvS2DLJe0swbE+ XA== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp2130.oracle.com with ESMTP id 2gkcq3014q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 08 Mar 2018 21:08:25 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w28L3OIA014508 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 8 Mar 2018 21:03:24 GMT Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w28L3NCO013953; Thu, 8 Mar 2018 21:03:23 GMT Received: from [192.168.1.164] (/98.246.252.205) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 08 Mar 2018 13:03:23 -0800 Subject: Re: [PATCH] hugetlbfs: check for pgoff value overflow From: Mike Kravetz To: Yisheng Xie , linux-mm@kvack.org, linux-kernel@vger.kernel.org, bugzilla-daemon@bugzilla.kernel.org Cc: Michal Hocko , "Kirill A . Shutemov" , Nic Losby , Andrew Morton References: <20180306133135.4dc344e478d98f0e29f47698@linux-foundation.org> <20180307235923.12469-1-mike.kravetz@oracle.com> <8a0863a2-1890-11e0-1fc2-c96e1794e809@huawei.com> Message-ID: <91e7b7af-a9b5-3a13-74d4-34868e7befd9@oracle.com> Date: Thu, 8 Mar 2018 13:03:21 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8826 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=957 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803080228 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/07/2018 08:25 PM, Mike Kravetz wrote: > On 03/07/2018 05:35 PM, Yisheng Xie wrote: >> However, region_chg makes me a litter puzzle that when its return value < 0, sometime >> adds_in_progress is added like this case, while sometime it is not. so why not just >> change at the beginning of region_chg ? >> if (f > t) >> return -EINVAL; > > If region_chg returns a value < 0, this indicates an error and adds_in_progress > should not be incremented. In the case of this bug, region_chg was passed > values where f > t. Of course, this should never happen. But, because it > assumed f <= t, it returned a negative count needed huge page reservations. > The calling code interpreted the negative value as an error and a subsequent > region_add or region_abort. > > I am not opposed to adding the suggested "if (f > t)". However, the > region tracking routines are simple helpers only used by the hugetlbfs > code and the assumption is that they are being called correctly. As > such, I would prefer to leave off the check. But, this is the second > time they have been called incorrectly due to insufficient argument > checking. If we do add this to region_chg, I would also add the check > to all region_* routines for consistency. I really did not want to add the (f > t) check to the region_* routines. As mentioned we should never encounter this condition. Adding the check here says that we missed discovering an error at higher levels. Therefore, I went back and examined the callers of region_chg. There are only 2: hugetlb_reserve_pages and __vma_reservation_common. hugetlb_reserve_pages is called to set up a reservation for a mapping. __vma_reservation_common is called to check on an existing reservation, and only operates on a single huge page. With this in mind, a check in hugetlb_reserve_pages would be sufficient. Therefore, I added an explicit check to that routine and printed a warning if ever encountered. > I will send out a V2 of this patch tomorrow with the corrected overflow > checking and possibly checks added to the region_* routines. v2 will be sent shortly. In v2 I Cc stable as this is an issue for stable branches as well. -- Mike Kravetz