Received: by 2002:a05:7412:d024:b0:f9:90c9:de9f with SMTP id bd36csp204611rdb; Wed, 20 Dec 2023 09:53:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IGcFc2IY9Osgw5O3Eq00jZyd9+YBWSW1BYrwf5vkg2xUmkL0NKDwBSHlOWAhbF5T6lEJnso X-Received: by 2002:a05:6808:d51:b0:3b8:b063:5046 with SMTP id w17-20020a0568080d5100b003b8b0635046mr23002683oik.71.1703094830752; Wed, 20 Dec 2023 09:53:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703094830; cv=none; d=google.com; s=arc-20160816; b=rj+uxGLiMNPcR2/zE5/fqOM0aW+r4euQR1ReGZJnO0k3etVLUwhkkz4MoGua7191Hl RItiVUsmjQMqEpwxnbfOAV4LvoB86zi7yiF6YmYFfiHQkqCrKMOKc4KQn73MrCqtzifU hDLSkyCStnfxbouOUwp+F+427atMOrPBGOtZRktTB+xv5VyHsH86jFSfpQSB78MNxxeG GGt3Y8nCSZnhzSJPRfZbvPe2o+AT09T/WtgajG9wrWKBEBJ+J/ryec5wAfwXzDqnjzgb uXR0/1tDCe5PsyLobqpgmi8sgJWIMq5MqruhqjUmyDeibJsIQ7JyvEj0RcbnXJ0ULLC0 MF+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=T3KylSSFOIpaK9UWyY0htlQXYAQpBJA76TCHuj6I0us=; fh=6a1ZT8fNFdj6TzOUFL2zUuRMnhVd1cxq0tKdCrHXLD0=; b=j/dOu7gq0wjmzD8QX6p8ZffQvI408o+krf6yClictJ2IQd+BA8DN0Nji6kQH7tONmP 2bY/PD/JWR62Tkc6/KP+I7hOF2g0lnIKaA0RIEdwV4Bbclnj+VuLqgQqHdgUTQqKjLJf vmtvJ9HpMBEZXlcM4PopcO9vaaNBurgOEeMFa+tniVjOb6KKCccek3kEpWBgDIJS+M2S rwOf8BygzIUHY2GPzGU5YKKKMfWpEB+H2jVHxToNHXuxiTCe/ZL+C48H+QrSQmpnqaCA yUwyINfvBazLk1ndc5B/gZquI4pUD5msvo2krFExHRdqkUIPKR7wnblDRP+PdXvUbpbz 3P1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=sP5UEEYa; spf=pass (google.com: domain of linux-kernel+bounces-7366-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-7366-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id k10-20020a0c970a000000b0067f02b93d86si189840qvd.35.2023.12.20.09.53.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 09:53:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-7366-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=sP5UEEYa; spf=pass (google.com: domain of linux-kernel+bounces-7366-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-7366-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 780F01C259AB for ; Wed, 20 Dec 2023 17:53:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9DA62481BD; Wed, 20 Dec 2023 17:53:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="sP5UEEYa" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0138481A0 for ; Wed, 20 Dec 2023 17:53:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2ED69C433C7; Wed, 20 Dec 2023 17:53:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1703094824; bh=e8oEkJKfdldneCNIZ5sBcHKLKmVjreR/mRRznuu6iSA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=sP5UEEYaq/A5kWYdBz/UGiN0vKghTrvtaQt26anQNDthrOeXYfwb6cPp3jMERMZWG e0YEIUaYd3nHH2g91iiZlF5m0bvd5cmPG0nVkhvIPQM9mpGYlz0UWMjxcfm3EU+fwz qWTtxYA9cbdJc9vmbCjLNfShj5EzZYJFrdKeD/zo= Date: Wed, 20 Dec 2023 09:53:43 -0800 From: Andrew Morton To: "jiajun.xie" Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v1] mm: fix unmap_mapping_range high bits shift bug Message-Id: <20231220095343.326584f605e8ce995ac151d0@linux-foundation.org> In-Reply-To: <20231220052839.26970-1-jiajun.xie.sh@gmail.com> References: <20231220052839.26970-1-jiajun.xie.sh@gmail.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 20 Dec 2023 13:28:39 +0800 "jiajun.xie" wrote: > From: Jiajun Xie > > The bug happens when highest bit of holebegin is 1, suppose > holebign is 0x8000000111111000, after shift, hba would be > 0xfff8000000111111, then vma_interval_tree_foreach would look > it up fail or leads to the wrong result. > > error call seq e.g.: > - mmap(..., offset=0x8000000111111000) > |- syscall(mmap, ... unsigned long, off): > |- ksys_mmap_pgoff( ... , off >> PAGE_SHIFT); > > here pgoff is correctly shifted to 0x8000000111111, > but pass 0x8000000111111000 as holebegin to unmap > would then cause terrible result, as shown below: > > - unmap_mapping_range(..., loff_t const holebegin) > |- pgoff_t hba = holebegin >> PAGE_SHIFT; > /* hba = 0xfff8000000111111 unexpectedly */ > > turn holebegin to be unsigned first would fix the bug. > Thanks. Are you able to describe the runtime effects of this (obviously bad, but it's good to spell it out) and under what circumstances it occurs?