Received: by 10.213.65.68 with SMTP id h4csp2542826imn;
        Mon, 2 Apr 2018 09:23:43 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+U8mycnW/GxVlJCfJEf+qHtOq/anAqttG8HanqtrPG/0rRInpZL2ue9Ek2E0cCORvy9dKC
X-Received: by 10.101.86.70 with SMTP id m6mr6866595pgs.349.1522686223521;
        Mon, 02 Apr 2018 09:23:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522686223; cv=none;
        d=google.com; s=arc-20160816;
        b=ZMfhU5yNy+U7OUXllMUc6dsmfN/JbqGt/fdzA1q56u2qiI3wtF0nYVFtLoqguBGyXM
         Aom1BTvPXSP9LszqXH9qWWJaPZo8FwGBRr9El3iGg9qruqXxbuV6KtT3avAzfKs184H+
         usede33Gd2MkUQhZPLmZ8KbcpFEBX3Bn3IDcf+TzmYwjkMkLQNWAstk/BWeWhkfVQYWH
         fSnGsOpeHoiuMi/zIFqAKmtIMxxv4f0W2n8X+Gum6oQL/I3hllBPYgjaOPEjuMjUIZRd
         TaOSrZVw/lxR+NSDHCqmV43TV34/YlQuWlyCiixjKY6VAue/d0awLQjPwbJ/WJXgZOKx
         9NCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=dxPbLOLhsr1NgpONYuWV8seMdH9KslY+6mq62CtBqAc=;
        b=n9ZhsrV5DvNlLX+sL7sBbExFxQGZhQ7QLL+d/oW0hxGO94oyWm3LHaq9XL1gDP3SSm
         XNfqVtLXW8EItL5B49jZrbXCpA8BBRe1g5V1I9/xq+uYytQ6UhnBRqRp67vzF37W3tUu
         mNs3jWXvMLCxUk6O7AdSpC0UgygYHTOyIuxdTsYVwI3MNmLCRUrGP2xp9eXl02QmzSlX
         48q1iNr3Jj7KAmXrcvbe+Nt7OqZDjTXdDZ01I0J3L7mXsO9rR6Jdm8sclUFKgXS/EMbr
         8eCGcjOK8NrZaHTVm5Lg30v1+VoIF3UDr3Ttt8p8atyvdWCrxIFpYkTL7/W7VOU6lRPc
         Z+/g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=gbSBhCf8;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e8si396534pgt.769.2018.04.02.09.23.29;
        Mon, 02 Apr 2018 09:23:43 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=gbSBhCf8;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752928AbeDBQVF (ORCPT <rfc822;shmalave.kernel@gmail.com>
        + 99 others); Mon, 2 Apr 2018 12:21:05 -0400
Received: from mail-pl0-f66.google.com ([209.85.160.66]:35203 "EHLO
        mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752879AbeDBQVC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 Apr 2018 12:21:02 -0400
Received: by mail-pl0-f66.google.com with SMTP id 61-v6so2760645plb.2
        for <linux-kernel@vger.kernel.org>; Mon, 02 Apr 2018 09:21:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=dxPbLOLhsr1NgpONYuWV8seMdH9KslY+6mq62CtBqAc=;
        b=gbSBhCf8j42v/f0cMmDCvQkPn2h2n6g+2dDmok1UPe/GcHUc1OWAbGKxaRFxWqzYOK
         1XJkbj8bL12I1DEnT6LPYb/7v1SadoPYcx1LpP220EXertjkAGymWSXudRvKZ2TgNX/D
         sjdBss7UE/s8ZGgu90JxmseSoWfDI/1B9VyaI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=dxPbLOLhsr1NgpONYuWV8seMdH9KslY+6mq62CtBqAc=;
        b=DBc0AYTR7XO2dK5LadnrZHa/a6VU/Lj3SfKevKb4lE9oXyspXGyGPPLxroK6PE+uth
         fsyIXfLztPSbkM4eg4KsF/0GDxJneqwcbEi6rhL2ofpiDlIdqrH4l0jft48LIcmDx1QH
         oDhoGTFiETJd9Yrsxb0r9TKKho2vCrMU6G4+9iYo27lWiYjsyZpIa6ktUPUUPkGF5VO4
         ZsF5cI56cKngX/7ODlFcvdsAsCUA+PndJjifENFbtgCXF1nyFlpOOjNtGXxNh/WiRHnt
         0PB2hiwBDK+veHOgxTKC6JjsplKUzN3NO11K29uyK0ujB2TkUJuTLUhfy5kZ350DllYJ
         yyyQ==
X-Gm-Message-State: AElRT7GQWD2+dx1qhkZZVuKeBqYlHPNzBuwtRf7/5YtateM9JyeLiRzg
        CbU2IQ3/vYfqUOC+K1gPGb5ti8yR3KvxQlFvz5dlWQ==
X-Received: by 10.99.55.93 with SMTP id g29mr6715077pgn.161.1522686061887;
 Mon, 02 Apr 2018 09:21:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.159.140 with HTTP; Mon, 2 Apr 2018 09:21:01 -0700 (PDT)
In-Reply-To: <20180330145402.5053-1-mike.kravetz@oracle.com>
References: <20180329041656.19691-1-mike.kravetz@oracle.com> <20180330145402.5053-1-mike.kravetz@oracle.com>
From:   Anders Roxell <anders.roxell@linaro.org>
Date:   Mon, 2 Apr 2018 18:21:01 +0200
Message-ID: <CADYN=9+FzfFt8kKjw-hnHx7CdPbTsH0OsNs1TAGHa6Hi7ndbZQ@mail.gmail.com>
Subject: Re: [PATCH v2] hugetlbfs: fix bug in pgoff overflow checking
To:     Mike Kravetz <mike.kravetz@oracle.com>
Cc:     linux-mm@kvack.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Michal Hocko <mhocko@kernel.org>,
        Yisheng Xie <xieyisheng1@huawei.com>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
        Nic Losby <blurbdust@gmail.com>, Dan Rue <dan.rue@linaro.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        stable@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 30 March 2018 at 16:54, Mike Kravetz <mike.kravetz@oracle.com> wrote:
> This is a fix for a regression in 32 bit kernels caused by an
> invalid check for pgoff overflow in hugetlbfs mmap setup.  The
> check incorrectly specified that the size of a loff_t was the
> same as the size of a long.  The regression prevents mapping
> hugetlbfs files at offsets greater than 4GB on 32 bit kernels.
>
> On 32 bit kernels conversion from a page based unsigned long can
> not overflow a loff_t byte offset.  Therefore, skip this check
> if sizeof(unsigned long) != sizeof(loff_t).
>
> Fixes: 63489f8e8211 ("hugetlbfs: check for pgoff value overflow")
> Cc: <stable@vger.kernel.org>
> Reported-by: Dan Rue <dan.rue@linaro.org>
> Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>

Tested-by: Anders Roxell <anders.roxell@linaro.org>

> ---
>  fs/hugetlbfs/inode.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
> index b9a254dcc0e7..d508c7844681 100644
> --- a/fs/hugetlbfs/inode.c
> +++ b/fs/hugetlbfs/inode.c
> @@ -138,10 +138,14 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma)
>
>         /*
>          * page based offset in vm_pgoff could be sufficiently large to
> -        * overflow a (l)off_t when converted to byte offset.
> +        * overflow a loff_t when converted to byte offset.  This can
> +        * only happen on architectures where sizeof(loff_t) ==
> +        * sizeof(unsigned long).  So, only check in those instances.
>          */
> -       if (vma->vm_pgoff & PGOFF_LOFFT_MAX)
> -               return -EINVAL;
> +       if (sizeof(unsigned long) == sizeof(loff_t)) {
> +               if (vma->vm_pgoff & PGOFF_LOFFT_MAX)
> +                       return -EINVAL;
> +       }
>
>         /* must be huge page aligned */
>         if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT))
> --
> 2.13.6
>