From: Baoquan He <bhe@redhat.com>
To: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
Cc: mhuang@redhat.com, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org, nasa4836@gmail.com,
akpm@linux-foundation.org, dyoung@redhat.com, vgoyal@redhat.com
Subject: Re: [PATCH V2] proc-vmcore: wrong data type casting fix
Date: Mon, 14 Mar 2016 11:50:53 +0800 [thread overview]
Message-ID: <20160314035053.GE2522@x1.redhat.com> (raw)
In-Reply-To: <20160314034722.GD2522@x1.redhat.com>
On 03/14/16 at 11:47am, Baoquan He wrote:
> On 03/14/16 at 12:25pm, HATAYAMA Daisuke wrote:
> > From: Dave Young <dyoung@redhat.com>
> > Subject: [PATCH V2] proc-vmcore: wrong data type casting fix
> > Date: Fri, 11 Mar 2016 16:42:48 +0800
> >
> > > On i686 PAE enabled machine the contiguous physical area could be large
> > > and it can cause trimming down variables in below calculation in
> > > read_vmcore() and mmap_vmcore():
> > >
> > > tsz = min_t(size_t, m->offset + m->size - *fpos, buflen);
> > >
> > > Then the real size passed down is not correct any more.
> > > Suppose m->offset + m->size - *fpos being truncated to 0, buflen >0 then
> >
> > That is, size_t and loff_t are defined as follows on i686:
> >
> > (gdb) ptype size_t
> > type = unsigned int
> > (gdb) ptype loff_t
> > type = long long int
> >
> > So casting by size_t means truncating a given value by 4GB.
> >
> > Then, if (m->offset + m->size - *fpos) is equal to or larger than 4GB,
> > and is aligned with 4GB, the resulted value is 0, and
>
> Truncating doesn't mean align. If (m->offset + m->size - *fpos) is
> larger than 4G, E.g 0x10000000f, the truncating result will be 0xf.
>
> >
> > > we will get tsz = 0. It is of course not an expected result.
>
> We won't always get "tsz=0", just get the lower 32 bit value.
OK, didn't get you still have saying in next paragraph. Ignore this
please.
>
> > >
> > > During our tests there are two problems caused by it:
> > > 1) read_vmcore will refuse to continue so makedumpfile fails.
> > > 2) mmap_vmcore will trigger BUG_ON() in remap_pfn_range().
> > >
> >
> > we reach these errors.
> >
> > If (m->offset + m->size - *fpos) is not aligned with 4GB,
> > read_vmcore() or mmap_vmcore() is performed with the truncated
> > non-zero value as size (of course, this is also not expected value but
> > the execution doesn't result in error). Then, fpos proceeds so that
> > (m->offset + m->size - *fpos) is aligned with 4GB in the next loop,
> > and we after all reach the errors.
> >
> > I think your patch description needs a bit more detail.
> >
> > It seems good to me that the patch itself.
> >
> > > Use unsigned long long in min_t instead so that the variables are not
> > > truncated.
> > >
> > > Signed-off-by: Baoquan He <bhe@redhat.com>
> > > Signed-off-by: Dave Young <dyoung@redhat.com>
> > > ---
> > > v1->v2: spelling fix in patch log
> > > fs/proc/vmcore.c | 7 +++++--
> > > 1 file changed, 5 insertions(+), 2 deletions(-)
> > >
> > > --- linux-x86.orig/fs/proc/vmcore.c
> > > +++ linux-x86/fs/proc/vmcore.c
> > > @@ -231,7 +231,9 @@ static ssize_t __read_vmcore(char *buffe
> > >
> > > list_for_each_entry(m, &vmcore_list, list) {
> > > if (*fpos < m->offset + m->size) {
> > > - tsz = min_t(size_t, m->offset + m->size - *fpos, buflen);
> > > + tsz = (size_t)min_t(unsigned long long,
> > > + m->offset + m->size - *fpos,
> > > + buflen);
> > > start = m->paddr + *fpos - m->offset;
> > > tmp = read_from_oldmem(buffer, tsz, &start, userbuf);
> > > if (tmp < 0)
> > > @@ -461,7 +463,8 @@ static int mmap_vmcore(struct file *file
> > > if (start < m->offset + m->size) {
> > > u64 paddr = 0;
> > >
> > > - tsz = min_t(size_t, m->offset + m->size - start, size);
> > > + tsz = (size_t)min_t(unsigned long long,
> > > + m->offset + m->size - start, size);
> > > paddr = m->paddr + start - m->offset;
> > > if (vmcore_remap_oldmem_pfn(vma, vma->vm_start + len,
> > > paddr >> PAGE_SHIFT, tsz,
> > >
> > --
> > Thanks.
> > HATAYAMA, Daisuke
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Baoquan He <bhe@redhat.com>
To: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
Cc: dyoung@redhat.com, akpm@linux-foundation.org,
linux-kernel@vger.kernel.org, vgoyal@redhat.com,
kexec@lists.infradead.org, nasa4836@gmail.com, mhuang@redhat.com
Subject: Re: [PATCH V2] proc-vmcore: wrong data type casting fix
Date: Mon, 14 Mar 2016 11:50:53 +0800 [thread overview]
Message-ID: <20160314035053.GE2522@x1.redhat.com> (raw)
In-Reply-To: <20160314034722.GD2522@x1.redhat.com>
On 03/14/16 at 11:47am, Baoquan He wrote:
> On 03/14/16 at 12:25pm, HATAYAMA Daisuke wrote:
> > From: Dave Young <dyoung@redhat.com>
> > Subject: [PATCH V2] proc-vmcore: wrong data type casting fix
> > Date: Fri, 11 Mar 2016 16:42:48 +0800
> >
> > > On i686 PAE enabled machine the contiguous physical area could be large
> > > and it can cause trimming down variables in below calculation in
> > > read_vmcore() and mmap_vmcore():
> > >
> > > tsz = min_t(size_t, m->offset + m->size - *fpos, buflen);
> > >
> > > Then the real size passed down is not correct any more.
> > > Suppose m->offset + m->size - *fpos being truncated to 0, buflen >0 then
> >
> > That is, size_t and loff_t are defined as follows on i686:
> >
> > (gdb) ptype size_t
> > type = unsigned int
> > (gdb) ptype loff_t
> > type = long long int
> >
> > So casting by size_t means truncating a given value by 4GB.
> >
> > Then, if (m->offset + m->size - *fpos) is equal to or larger than 4GB,
> > and is aligned with 4GB, the resulted value is 0, and
>
> Truncating doesn't mean align. If (m->offset + m->size - *fpos) is
> larger than 4G, E.g 0x10000000f, the truncating result will be 0xf.
>
> >
> > > we will get tsz = 0. It is of course not an expected result.
>
> We won't always get "tsz=0", just get the lower 32 bit value.
OK, didn't get you still have saying in next paragraph. Ignore this
please.
>
> > >
> > > During our tests there are two problems caused by it:
> > > 1) read_vmcore will refuse to continue so makedumpfile fails.
> > > 2) mmap_vmcore will trigger BUG_ON() in remap_pfn_range().
> > >
> >
> > we reach these errors.
> >
> > If (m->offset + m->size - *fpos) is not aligned with 4GB,
> > read_vmcore() or mmap_vmcore() is performed with the truncated
> > non-zero value as size (of course, this is also not expected value but
> > the execution doesn't result in error). Then, fpos proceeds so that
> > (m->offset + m->size - *fpos) is aligned with 4GB in the next loop,
> > and we after all reach the errors.
> >
> > I think your patch description needs a bit more detail.
> >
> > It seems good to me that the patch itself.
> >
> > > Use unsigned long long in min_t instead so that the variables are not
> > > truncated.
> > >
> > > Signed-off-by: Baoquan He <bhe@redhat.com>
> > > Signed-off-by: Dave Young <dyoung@redhat.com>
> > > ---
> > > v1->v2: spelling fix in patch log
> > > fs/proc/vmcore.c | 7 +++++--
> > > 1 file changed, 5 insertions(+), 2 deletions(-)
> > >
> > > --- linux-x86.orig/fs/proc/vmcore.c
> > > +++ linux-x86/fs/proc/vmcore.c
> > > @@ -231,7 +231,9 @@ static ssize_t __read_vmcore(char *buffe
> > >
> > > list_for_each_entry(m, &vmcore_list, list) {
> > > if (*fpos < m->offset + m->size) {
> > > - tsz = min_t(size_t, m->offset + m->size - *fpos, buflen);
> > > + tsz = (size_t)min_t(unsigned long long,
> > > + m->offset + m->size - *fpos,
> > > + buflen);
> > > start = m->paddr + *fpos - m->offset;
> > > tmp = read_from_oldmem(buffer, tsz, &start, userbuf);
> > > if (tmp < 0)
> > > @@ -461,7 +463,8 @@ static int mmap_vmcore(struct file *file
> > > if (start < m->offset + m->size) {
> > > u64 paddr = 0;
> > >
> > > - tsz = min_t(size_t, m->offset + m->size - start, size);
> > > + tsz = (size_t)min_t(unsigned long long,
> > > + m->offset + m->size - start, size);
> > > paddr = m->paddr + start - m->offset;
> > > if (vmcore_remap_oldmem_pfn(vma, vma->vm_start + len,
> > > paddr >> PAGE_SHIFT, tsz,
> > >
> > --
> > Thanks.
> > HATAYAMA, Daisuke
next prev parent reply other threads:[~2016-03-14 3:51 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-11 8:42 [PATCH V2] proc-vmcore: wrong data type casting fix Dave Young
2016-03-11 8:42 ` Dave Young
2016-03-11 20:27 ` Andrew Morton
2016-03-11 20:27 ` Andrew Morton
2016-03-12 4:49 ` Dave Young
2016-03-12 4:49 ` Dave Young
2016-03-12 12:43 ` Xunlei Pang
2016-03-12 12:43 ` Xunlei Pang
2016-03-12 13:59 ` Baoquan He
2016-03-12 13:59 ` Baoquan He
2016-03-13 6:11 ` Xunlei Pang
2016-03-13 6:11 ` Xunlei Pang
2016-03-14 2:41 ` Baoquan He
2016-03-14 2:41 ` Baoquan He
2016-03-14 3:25 ` HATAYAMA Daisuke
2016-03-14 3:25 ` HATAYAMA Daisuke
2016-03-14 3:31 ` Dave Young
2016-03-14 3:31 ` Dave Young
2016-03-14 3:47 ` Baoquan He
2016-03-14 3:47 ` Baoquan He
2016-03-14 3:50 ` Baoquan He [this message]
2016-03-14 3:50 ` Baoquan He
2016-03-14 4:36 ` HATAYAMA Daisuke
2016-03-14 4:36 ` HATAYAMA Daisuke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160314035053.GE2522@x1.redhat.com \
--to=bhe@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=d.hatayama@jp.fujitsu.com \
--cc=dyoung@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhuang@redhat.com \
--cc=nasa4836@gmail.com \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.