Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp2201959imb; Sun, 3 Mar 2019 22:05:32 -0800 (PST) X-Google-Smtp-Source: APXvYqycpC5M3B1030kjgnKlVsCuLTsbds3/uOgz6lOX4GznwA6/MM1r+Ps6QOZUaGqnhsAaGQyQ X-Received: by 2002:a65:6497:: with SMTP id e23mr16580877pgv.21.1551679532622; Sun, 03 Mar 2019 22:05:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551679532; cv=none; d=google.com; s=arc-20160816; b=K3u75G2QBEHL0VBwoMLzUvUM2chKt4c1HsN5YhHyNFYPeqAcrvp/dv2PlJzX3duGcg l5wrGNMTU6/U4ZXp093d2iLLG0Ns14NpIWw+GOxOp0SGmbWfM5Glnmc+FEudN0Sif30B Y6ITYZlp1UIUJoUPXh3n3iyGuU8R3bNBoVGwjjOVJe4C6VwXlGvS+Ke21P3eGUlnkGaD 0ksDFWp21N5qlWravBZQyAOjjZ2vOICRxU2ch3aPZn1wenVLZPo1dJNopCn+c5ZozE9P 89nEF+w/6rSX+ntOam1XMB9GrXUclfgNqe05p17xMAEzZJddKzRTE3I90KXvtEFvenU8 3ypA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-id:content-language:accept-language:in-reply-to:references :message-id:date:thread-index:thread-topic:subject:cc:to:from; bh=Zri1bsl1CEojxbqcAuO/olPk6tfvXbA+HODCcH+vxe0=; b=urTAZtBCCa306t3CMx87m56L3VhCaFW76Tyu/wUVL3kPw9/GqoP66Ssgh1JpMKdRbN 2fuhjUFDYmE6xOjingl1EvLqgFnaJPaqaykqvFn+dMCMsyQebBG3XMMp+g4WOS42aAWL FhhpSoF2+Egs7bhfG9+D2jdFApJ9PVELpqcu9ZxtPR7gF7bUsVfqzC4ckYTqegu4+jRv lrBVVmKI4i0DPMuhLMoZgzsiPjFwyUMmxiNZAEF2qEdmbtbIolKSWzEqFhNbCp+5kCuR d2C9y2ABi8mPrXClga91lC61JpOorKRkPpIUypm+kX8SoBunw70JZ4us/jWqBYTpIkkh 3GNw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u13si4646700pfa.12.2019.03.03.22.05.17; Sun, 03 Mar 2019 22:05:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726106AbfCDGD4 convert rfc822-to-8bit (ORCPT + 99 others); Mon, 4 Mar 2019 01:03:56 -0500 Received: from tyo161.gate.nec.co.jp ([114.179.232.161]:46673 "EHLO tyo161.gate.nec.co.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725938AbfCDGD4 (ORCPT ); Mon, 4 Mar 2019 01:03:56 -0500 Received: from mailgate02.nec.co.jp ([114.179.233.122]) by tyo161.gate.nec.co.jp (8.15.1/8.15.1) with ESMTPS id x2461M5a024438 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 4 Mar 2019 15:01:22 +0900 Received: from mailsv01.nec.co.jp (mailgate-v.nec.co.jp [10.204.236.94]) by mailgate02.nec.co.jp (8.15.1/8.15.1) with ESMTP id x2461MuS007092; Mon, 4 Mar 2019 15:01:22 +0900 Received: from mail02.kamome.nec.co.jp (mail02.kamome.nec.co.jp [10.25.43.5]) by mailsv01.nec.co.jp (8.15.1/8.15.1) with ESMTP id x245tpSt008051; Mon, 4 Mar 2019 15:01:22 +0900 Received: from bpxc99gp.gisp.nec.co.jp ([10.38.151.151] [10.38.151.151]) by mail01b.kamome.nec.co.jp with ESMTP id BT-MMP-2987327; Mon, 4 Mar 2019 15:00:25 +0900 Received: from BPXM23GP.gisp.nec.co.jp ([10.38.151.215]) by BPXC23GP.gisp.nec.co.jp ([10.38.151.151]) with mapi id 14.03.0319.002; Mon, 4 Mar 2019 15:00:23 +0900 From: Naoya Horiguchi To: Mike Kravetz CC: David Rientjes , Jing Xiangfeng , Andrew Morton , "mhocko@kernel.org" , "hughd@google.com" , "linux-mm@kvack.org" , "Andrea Arcangeli" , "kirill.shutemov@linux.intel.com" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH v4] mm/hugetlb: Fix unsigned overflow in __nr_hugepages_store_common() Thread-Topic: [PATCH v4] mm/hugetlb: Fix unsigned overflow in __nr_hugepages_store_common() Thread-Index: AQHUzKNmJ08QFadITkadXECqBzMSPaXvQTOAgADisACAABkvAIAAEDUAgAB2wwCAAEK9AIAA3REAgAiLHgA= Date: Mon, 4 Mar 2019 06:00:23 +0000 Message-ID: <20190304060024.GA26610@hori.linux.bs1.fc.nec.co.jp> References: <1550885529-125561-1-git-send-email-jingxiangfeng@huawei.com> <388cbbf5-7086-1d04-4c49-049021504b9d@oracle.com> <8c167be7-06fa-a8c0-8ee7-0bfad41eaba2@oracle.com> <13400ee2-3d3b-e5d6-2d78-a770820417de@oracle.com> <5C74A2DA.1030304@huawei.com> In-Reply-To: Accept-Language: en-US, ja-JP Content-Language: ja-JP X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.34.125.96] Content-Type: text/plain; charset="iso-2022-jp" Content-ID: Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-TM-AS-MML: disable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 26, 2019 at 11:32:24AM -0800, Mike Kravetz wrote: > On 2/25/19 10:21 PM, David Rientjes wrote: > > On Tue, 26 Feb 2019, Jing Xiangfeng wrote: > >> On 2019/2/26 3:17, David Rientjes wrote: > >>> On Mon, 25 Feb 2019, Mike Kravetz wrote: > >>> > >>>> Ok, what about just moving the calculation/check inside the lock as in the > >>>> untested patch below? > >>>> > >>>> Signed-off-by: Mike Kravetz > > > > >>> > >>> Looks good; Jing, could you test that this fixes your case? > >> > >> Yes, I have tested this patch, it can also fix my case. > > > > Great! > > > > Reported-by: Jing Xiangfeng > > Tested-by: Jing Xiangfeng > > Acked-by: David Rientjes > > Thanks Jing and David! > > Here is the patch with an updated commit message and above tags: > > From: Mike Kravetz > Date: Tue, 26 Feb 2019 10:43:24 -0800 > Subject: [PATCH] hugetlbfs: fix potential over/underflow setting node specific > nr_hugepages > > The number of node specific huge pages can be set via a file such as: > /sys/devices/system/node/node1/hugepages/hugepages-2048kB/nr_hugepages > When a node specific value is specified, the global number of huge > pages must also be adjusted. This adjustment is calculated as the > specified node specific value + (global value - current node value). > If the node specific value provided by the user is large enough, this > calculation could overflow an unsigned long leading to a smaller > than expected number of huge pages. > > To fix, check the calculation for overflow. If overflow is detected, > use ULONG_MAX as the requested value. This is inline with the user > request to allocate as many huge pages as possible. > > It was also noticed that the above calculation was done outside the > hugetlb_lock. Therefore, the values could be inconsistent and result > in underflow. To fix, the calculation is moved to within the routine > set_max_huge_pages() where the lock is held. > > Reported-by: Jing Xiangfeng > Signed-off-by: Mike Kravetz > Tested-by: Jing Xiangfeng > Acked-by: David Rientjes Looks good to me with improved comments. Thanks everyone. Reviewed-by: Naoya Horiguchi > --- > mm/hugetlb.c | 34 ++++++++++++++++++++++++++-------- > 1 file changed, 26 insertions(+), 8 deletions(-) > > diff --git a/mm/hugetlb.c b/mm/hugetlb.c > index b37e3100b7cc..a7e4223d2df5 100644 > --- a/mm/hugetlb.c > +++ b/mm/hugetlb.c > @@ -2274,7 +2274,7 @@ static int adjust_pool_surplus(struct hstate *h, > nodemask_t *nodes_allowed, > } > > #define persistent_huge_pages(h) (h->nr_huge_pages - h->surplus_huge_pages) > -static int set_max_huge_pages(struct hstate *h, unsigned long count, > +static int set_max_huge_pages(struct hstate *h, unsigned long count, int nid, > nodemask_t *nodes_allowed) > { > unsigned long min_count, ret; > @@ -2289,6 +2289,23 @@ static int set_max_huge_pages(struct hstate *h, unsigned > long count, > goto decrease_pool; > } > > + spin_lock(&hugetlb_lock); > + > + /* > + * Check for a node specific request. Adjust global count, but > + * restrict alloc/free to the specified node. > + */ > + if (nid != NUMA_NO_NODE) { > + unsigned long old_count = count; > + count += h->nr_huge_pages - h->nr_huge_pages_node[nid]; > + /* > + * If user specified count causes overflow, set to > + * largest possible value. > + */ > + if (count < old_count) > + count = ULONG_MAX; > + } > + > /* > * Increase the pool size > * First take pages out of surplus state. Then make up the > @@ -2300,7 +2317,6 @@ static int set_max_huge_pages(struct hstate *h, unsigned > long count, > * pool might be one hugepage larger than it needs to be, but > * within all the constraints specified by the sysctls. > */ > - spin_lock(&hugetlb_lock); > while (h->surplus_huge_pages && count > persistent_huge_pages(h)) { > if (!adjust_pool_surplus(h, nodes_allowed, -1)) > break; > @@ -2421,16 +2437,18 @@ static ssize_t __nr_hugepages_store_common(bool > obey_mempolicy, > nodes_allowed = &node_states[N_MEMORY]; > } > } else if (nodes_allowed) { > + /* Node specific request */ > + init_nodemask_of_node(nodes_allowed, nid); > + } else { > /* > - * per node hstate attribute: adjust count to global, > - * but restrict alloc/free to the specified node. > + * Node specific request, but we could not allocate > + * node mask. Pass in ALL nodes, and clear nid. > */ > - count += h->nr_huge_pages - h->nr_huge_pages_node[nid]; > - init_nodemask_of_node(nodes_allowed, nid); > - } else > + nid = NUMA_NO_NODE; > nodes_allowed = &node_states[N_MEMORY]; > + } > > - err = set_max_huge_pages(h, count, nodes_allowed); > + err = set_max_huge_pages(h, count, nid, nodes_allowed); > if (err) > goto out; > > -- > 2.17.2 > >