From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Dan Rue <dan.rue@linaro.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Anders Roxell <anders.roxell@linaro.org>,
Michal Hocko <mhocko@kernel.org>,
Yisheng Xie <xieyisheng1@huawei.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Nic Losby <blurbdust@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.15 35/53] hugetlbfs: fix bug in pgoff overflow checking
Date: Tue, 17 Apr 2018 17:59:00 +0200 [thread overview]
Message-ID: <20180417155724.841264329@linuxfoundation.org> (raw)
In-Reply-To: <20180417155723.091120060@linuxfoundation.org>
4.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Kravetz <mike.kravetz@oracle.com>
commit 5df63c2a149ae65a9ec239e7c2af44efa6f79beb upstream.
This is a fix for a regression in 32 bit kernels caused by an invalid
check for pgoff overflow in hugetlbfs mmap setup. The check incorrectly
specified that the size of a loff_t was the same as the size of a long.
The regression prevents mapping hugetlbfs files at offsets greater than
4GB on 32 bit kernels.
On 32 bit kernels conversion from a page based unsigned long can not
overflow a loff_t byte offset. Therefore, skip this check if
sizeof(unsigned long) != sizeof(loff_t).
Link: http://lkml.kernel.org/r/20180330145402.5053-1-mike.kravetz@oracle.com
Fixes: 63489f8e8211 ("hugetlbfs: check for pgoff value overflow")
Reported-by: Dan Rue <dan.rue@linaro.org>
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Yisheng Xie <xieyisheng1@huawei.com>
Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Nic Losby <blurbdust@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/hugetlbfs/inode.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -148,10 +148,14 @@ static int hugetlbfs_file_mmap(struct fi
/*
* page based offset in vm_pgoff could be sufficiently large to
- * overflow a (l)off_t when converted to byte offset.
+ * overflow a loff_t when converted to byte offset. This can
+ * only happen on architectures where sizeof(loff_t) ==
+ * sizeof(unsigned long). So, only check in those instances.
*/
- if (vma->vm_pgoff & PGOFF_LOFFT_MAX)
- return -EINVAL;
+ if (sizeof(unsigned long) == sizeof(loff_t)) {
+ if (vma->vm_pgoff & PGOFF_LOFFT_MAX)
+ return -EINVAL;
+ }
/* must be huge page aligned */
if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT))
next prev parent reply other threads:[~2018-04-17 16:04 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-17 15:58 [PATCH 4.15 00/53] 4.15.18-stable review Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 01/53] drm/i915/edp: Do not do link training fallback or prune modes on EDP Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 02/53] netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 03/53] cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 04/53] rds: MP-RDS may use an invalid c_path Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 05/53] slip: Check if rstate is initialized before uncompressing Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 06/53] vhost: fix vhost_vq_access_ok() log check Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 07/53] l2tp: fix races in tunnel creation Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 08/53] l2tp: fix race in duplicate tunnel detection Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 09/53] ip_gre: clear feature flags when incompatible o_flags are set Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 10/53] vhost: Fix vhost_copy_to_user() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 11/53] lan78xx: Correctly indicate invalid OTP Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 12/53] media: v4l2-compat-ioctl32: dont oops on overlay Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 13/53] media: v4l: vsp1: Fix header display list status check in continuous mode Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 14/53] ipmi: Fix some error cleanup issues Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 15/53] parisc: Fix out of array access in match_pci_device() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 16/53] parisc: Fix HPMC handler by increasing size to multiple of 16 bytes Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 17/53] Drivers: hv: vmbus: do not mark HV_PCIE as perf_device Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 18/53] PCI: hv: Serialize the present and eject work items Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 19/53] PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 20/53] KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 21/53] perf/core: Fix use-after-free in uprobe_perf_close() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 22/53] x86/mce/AMD: Get address from already initialized block Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 23/53] hwmon: (ina2xx) Fix access to uninitialized mutex Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 25/53] x86/apic: Fix signedness bug in APIC ID validity checks Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 26/53] sunrpc: remove incorrect HMAC request initialization Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 27/53] f2fs: fix heap mode to reset it back Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 28/53] block: Change a rcu_read_{lock,unlock}_sched() pair into rcu_read_{lock,unlock}() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 29/53] nvme: Skip checking heads without namespaces Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 30/53] lib: fix stall in __bitmap_parselist() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 31/53] blk-mq: order getting budget and driver tag Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 32/53] blk-mq: dont keep offline CPUs mapped to hctx 0 Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 33/53] ovl: fix lookup with middle layer opaque dir and absolute path redirects Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 34/53] xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling Greg Kroah-Hartman
2018-04-17 15:59 ` Greg Kroah-Hartman [this message]
2018-04-17 15:59 ` [PATCH 4.15 36/53] nfsd: fix incorrect umasks Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 37/53] scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 38/53] apparmor: fix logging of the existence test for signals Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 39/53] apparmor: fix display of .ns_name for containers Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 40/53] apparmor: fix resource audit messages when auditing peer Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 41/53] block/loop: fix deadlock after loop_set_status Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 42/53] nfit: fix region registration vs block-data-window ranges Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 43/53] s390/qdio: dont retry EQBS after CCQ 96 Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 44/53] s390/qdio: dont merge ERROR output buffers Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 45/53] s390/ipl: ensure loadparm valid flag is set Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 46/53] s390/compat: fix setup_frame32 Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 47/53] get_user_pages_fast(): return -EFAULT on access_ok failure Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 48/53] mm/gup_benchmark: handle gup failures Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 49/53] getname_kernel() needs to make sure that ->name != ->iname in long case Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 50/53] Bluetooth: Fix connection if directed advertising and privacy is used Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 51/53] Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 52/53] rtl8187: Fix NULL pointer dereference in priv->conf_mutex Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 53/53] ovl: set lower layer st_dev only if setting lower st_ino Greg Kroah-Hartman
2018-04-17 21:04 ` [PATCH 4.15 00/53] 4.15.18-stable review Shuah Khan
2018-04-18 5:22 ` Naresh Kamboju
2018-04-18 15:39 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180417155724.841264329@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=anders.roxell@linaro.org \
--cc=blurbdust@gmail.com \
--cc=dan.rue@linaro.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=xieyisheng1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).