From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6771C0015E for ; Mon, 24 Jul 2023 03:47:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1A7836B0074; Sun, 23 Jul 2023 23:47:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 158606B0075; Sun, 23 Jul 2023 23:47:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 01FE06B0078; Sun, 23 Jul 2023 23:47:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id E77116B0074 for ; Sun, 23 Jul 2023 23:47:52 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id AFECCB1E7A for ; Mon, 24 Jul 2023 03:47:52 +0000 (UTC) X-FDA: 81045121584.12.3EE6DF4 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf30.hostedemail.com (Postfix) with ESMTP id 8DBBD80004 for ; Mon, 24 Jul 2023 03:47:50 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=LfM3ELlr; spf=none (imf30.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690170470; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rD2o03oywrQbl03nygg5NeYhEzEaqLbdSS7VHYFYy9w=; b=kck5ivW7F17kBH0ArrgcIA9BYzq8ELAyLf4QAjfg4zvIB4rCjhl+yXKuLnoxJl/g+/Yz+V V058cbhGCGBr674rQOr06+7Tk7raPwO7QIwwKf26vz/dmV6idawmq1uRVra9tRwgXt9gT1 WVqi6rjsv0hrkzO+yr1eCHjaVl/wqDQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690170470; a=rsa-sha256; cv=none; b=ZbAzEDQZKKIxMIxiw1ALqXAzy5ELGZpDI41YJ9ibRqcJMxk8HOfHHx+hWFrok3dIcECqmO qbbYHoZxdfh6nRTxuy02ikjCOv6EyXSLayH+WPoz3CG5Tt78LSlAsMcsJNjhdG5gO92+2s I/PcTa/6YK3UN4rErhl0RlBlIw7K0Ko= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=LfM3ELlr; spf=none (imf30.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=rD2o03oywrQbl03nygg5NeYhEzEaqLbdSS7VHYFYy9w=; b=LfM3ELlrfQ44a5QhE4f8IlLt4J pqhy94V9ujXzJO0JWGNlp5zfCtXFBJ9LiZ18EudChMCbDbe5nkHDXLSZPFvUxtrNzYXiql0lz2abW juQHJ+qZCJGrxzjxANsYvrf0Dw9tr8odFnYLJf2JB9hN+WWOOGZV41VhTm7HIr8hjchcrfstkBjYr H3hMr6QW5fu0m6DOpnzFQ6k/nHyW65lEqps2Y3WRVHX7odGb3JiBDBAClo2elqw+kz+aK46uzpAYg 0aIGeqmdUMr0bJD5kNMCr0NCKqULbf/jhR/JBMwz7aJwQOE79LjFbIAizyXnnl5T/+Js9GaGb7ysI 39mBamkg==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1qNmXl-003x0r-9s; Mon, 24 Jul 2023 03:47:33 +0000 Date: Mon, 24 Jul 2023 04:47:33 +0100 From: Matthew Wilcox To: Linke Li Cc: linux-mm@kvack.org, mike.kravetz@oracle.com, muchun.song@linux.dev, nathan@kernel.org, ndesaulniers@google.com, trix@redhat.com, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, dan.carpenter@linaro.org, Linke Li Subject: Re: [PATCH v3] hugetlbfs: Fix integer overflow check in hugetlbfs_file_mmap() Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 8DBBD80004 X-Rspam-User: X-Stat-Signature: 7c8izcb1zxd8dnirqz3fgddgmpwnwrh4 X-Rspamd-Server: rspam03 X-HE-Tag: 1690170470-257272 X-HE-Meta: U2FsdGVkX1/c3JDWUbt17l2ayqbezAP5DR0IZYjOnMk+8RoUo911FSsFc99XUOUvrKVheMvkvLVzfyb8ZA652QX6fPXozFdCn3uGKijnv1m5tGPqqX8XM5YaqT3sPcS2LxlMVa0pmRxvbZHZWwUvooLBnTP+sDxC7JRAEUPNFHUAT0y6qvowVItYiG4ccP0Vc5c5Ib1GC0JdjGAxZJsf0jGFSym7SSDC4sr126puGuyx+piIqvOssR+DfwWAP83Rlbs8jKa2fmUiJtP+tV9bKjeCneREY5VqazWEEn/FN/U64dI6YwiFY2ckNXRYgPRRkW5i4wlX78bfPezOG+j9SJZRK8EOXDTFb1sguxVdLrAret0SSjTzphQ18oL2YgCFUvaP1UGwrrgVwstXpCE6xi+VNWCMDIsS9OrTeKH6fFj7Dy+MC5093I6kRTbKiA+zKHSaJDcraa3sMVxQVbTowOaiwID89wDXjknXS2TXmVI2ELlN8eBj+wanE59TirrmPK4MttIASsk7SXRTAAvVuW0ViGuwVpGexA6+OhNSz7q+J5NkR5E4TSiklcW08qLepRcaGgnrMn543BnjcbkghNEBT/QFayrPHtTtZ1rHmFzRHkoZ0v0Rj4anyP9fFwHrvxmYD2/HOI86LyVlFqujCItluC0hFp+5heDOlMkhO82byZcoDuTjKjE2G5aVJgr7dIvHeNeGjekyBlRbkD/SaSmHaSDQlcpxjuEhzn0Bus8EPD54l7NMiN0D+CkCsyYqL1qnJADYvt7bcDqagP/Wrdbq7vR49ZY3hKBYEfEMtXlELZK2up4nQVADzncJwB4hnkyxi3Mwr3O0RXDcW5yt+ef0tqYHza2WgaSQLRhRerMEFGcukVu6TqwbWlK60idmnUSJL/Lco7qC+nIfxNsluaNHyZk1muzI+/q8WieKno5Xux8F+Yu7Jrs3ezt85OuYHITpwxtMdyTNdDeAWMt dPFYTcG1 DJBF+gNcfDbbVdwSnT2PYvuLoIzGiIR8zjhKiuF4GlLObXdKRADqSdVMe7eGVcOOsk+obmlIMgo2ngRkl6mpBUif5CVWpyjdIqa1ULAiJCVRc8h0kYPdNi3uGa6ft/VoBPkw/7WG3zBJVNvl9dlvaLJp8lS/gQ8wDlBmxfBCk44fSgQYJ1/KSO8Gh7IMssNLZMdEFBXpK5S4VAlY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Jul 20, 2023 at 10:49:52PM +0800, Linke Li wrote: > +++ b/fs/hugetlbfs/inode.c > @@ -154,10 +154,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) > if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) > return -EINVAL; > > - vma_len = (loff_t)(vma->vm_end - vma->vm_start); > - len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); > - /* check for overflow */ > - if (len < vma_len) > + if (check_add_overflow(vma_len, (loff_t)vma->vm_pgoff << PAGE_SHIFT, &len)) > return -EINVAL; Doesn't this check duplicate that performed by file_mmap_ok()? Can't we just delete the check, or is there a code path that leads here while avoiding file_mmap_ok()?