From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Mike Kravetz <mike.kravetz@oracle.com>,
Naresh Kamboju <naresh.kamboju@linaro.org>,
Jesper Juhl <jesperjuhl76@gmail.com>,
Muchun Song <songmuchun@bytedance.com>,
Linux Kernel Functional Testing <lkft@linaro.org>,
Anders Roxell <anders.roxell@linaro.org>,
Andi Kleen <ak@linux.intel.com>, Sasha Levin <sashal@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 5.15 49/83] hugetlb: check for undefined shift on 32 bit architectures
Date: Mon, 20 Feb 2023 14:36:22 +0100 [thread overview]
Message-ID: <20230220133555.378372869@linuxfoundation.org> (raw)
In-Reply-To: <20230220133553.669025851@linuxfoundation.org>
From: Mike Kravetz <mike.kravetz@oracle.com>
commit ec4288fe63966b26d53907212ecd05dfa81dd2cc upstream.
Users can specify the hugetlb page size in the mmap, shmget and
memfd_create system calls. This is done by using 6 bits within the flags
argument to encode the base-2 logarithm of the desired page size. The
routine hstate_sizelog() uses the log2 value to find the corresponding
hugetlb hstate structure. Converting the log2 value (page_size_log) to
potential hugetlb page size is the simple statement:
1UL << page_size_log
Because only 6 bits are used for page_size_log, the left shift can not be
greater than 63. This is fine on 64 bit architectures where a long is 64
bits. However, if a value greater than 31 is passed on a 32 bit
architecture (where long is 32 bits) the shift will result in undefined
behavior. This was generally not an issue as the result of the undefined
shift had to exactly match hugetlb page size to proceed.
Recent improvements in runtime checking have resulted in this undefined
behavior throwing errors such as reported below.
Fix by comparing page_size_log to BITS_PER_LONG before doing shift.
Link: https://lkml.kernel.org/r/20230216013542.138708-1-mike.kravetz@oracle.com
Link: https://lore.kernel.org/lkml/CA+G9fYuei_Tr-vN9GS7SfFyU1y9hNysnf=PB7kT0=yv4MiPgVg@mail.gmail.com/
Fixes: 42d7395feb56 ("mm: support more pagesizes for MAP_HUGETLB/SHM_HUGETLB")
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reviewed-by: Jesper Juhl <jesperjuhl76@gmail.com>
Acked-by: Muchun Song <songmuchun@bytedance.com>
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Cc: Anders Roxell <anders.roxell@linaro.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Sasha Levin <sashal@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/hugetlb.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/include/linux/hugetlb.h
+++ b/include/linux/hugetlb.h
@@ -684,7 +684,10 @@ static inline struct hstate *hstate_size
if (!page_size_log)
return &default_hstate;
- return size_to_hstate(1UL << page_size_log);
+ if (page_size_log < BITS_PER_LONG)
+ return size_to_hstate(1UL << page_size_log);
+
+ return NULL;
}
static inline struct hstate *hstate_vma(struct vm_area_struct *vma)
next prev parent reply other threads:[~2023-02-20 13:52 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-20 13:35 [PATCH 5.15 00/83] 5.15.95-rc1 review Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 01/83] mptcp: fix locking for in-kernel listener creation Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 02/83] kprobes: treewide: Cleanup the error messages for kprobes Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 03/83] riscv: kprobe: Fixup misaligned load text Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 04/83] ACPI / x86: Add support for LPS0 callback handler Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 05/83] ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 06/83] ASoC: Intel: sof_cs42l42: " Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 07/83] selftests/bpf: Verify copy_register_state() preserves parent/live fields Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 08/83] ALSA: hda: Do not unset preset when cleaning up codec Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 09/83] bpf, sockmap: Dont let sock_map_{close,destroy,unhash} call itself Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 10/83] ASoC: cs42l56: fix DT probe Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 11/83] tools/virtio: fix the vringh test for virtio ring changes Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 12/83] net/rose: Fix to not accept on connected socket Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 13/83] net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 14/83] drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 15/83] net: sched: sch: Bounds check priority Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 16/83] s390/decompressor: specify __decompress() buf len to avoid overflow Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 17/83] nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 18/83] drm/amd/display: Properly handle additional cases where DCN is not supported Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 19/83] platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 20/83] nvmem: core: add error handling for dev_set_name Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 21/83] nvmem: core: fix cleanup after dev_set_name() Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 22/83] nvmem: core: fix registration vs use race Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 23/83] nvmem: core: fix return value Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 24/83] xfs: zero inode fork buffer at allocation Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 25/83] xfs: fix potential log item leak Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 26/83] xfs: detect self referencing btree sibling pointers Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 27/83] xfs: set XFS_FEAT_NLINK correctly Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 28/83] xfs: validate v5 feature fields Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 29/83] xfs: avoid unnecessary runtime sibling pointer endian conversions Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 30/83] xfs: dont assert fail on perag references on teardown Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 31/83] xfs: assert in xfs_btree_del_cursor should take into account error Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 32/83] xfs: purge dquots after inode walk fails during quotacheck Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 33/83] xfs: dont leak btree cursor when insrec fails after a split Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 34/83] mptcp: do not wait for bare sockets timeout Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 35/83] aio: fix mremap after fork null-deref Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 36/83] drm/amd/display: Fail atomic_check early on normalize_zpos error Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 37/83] platform/x86: amd-pmc: Export Idlemask values based on the APU Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 38/83] platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 39/83] platform/x86: amd-pmc: Correct usage of SMU version Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 40/83] platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 41/83] netfilter: nft_tproxy: restrict to prerouting hook Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 42/83] tcp: Fix listen() regression in 5.15.88 Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 43/83] mmc: jz4740: Work around bug on JZ4760(B) Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 44/83] mmc: sdio: fix possible resource leaks in some error paths Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 45/83] mmc: mmc_spi: fix error handling in mmc_spi_probe() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 46/83] ALSA: hda/conexant: add a new hda codec SN6180 Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 47/83] ALSA: hda/realtek - fixed wrong gpio assigned Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 48/83] sched/psi: Fix use-after-free in ep_remove_wait_queue() Greg Kroah-Hartman
2023-02-20 13:36 ` Greg Kroah-Hartman [this message]
2023-02-20 13:36 ` [PATCH 5.15 50/83] of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 51/83] selftest/lkdtm: Skip stack-entropy test if lkdtm is not available Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 52/83] Revert "mm: Always release pages to the buddy allocator in memblock_free_late()." Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 53/83] net: Fix unwanted sign extension in netdev_stats_to_stats64() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 54/83] revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 55/83] ixgbe: allow to increase MTU to 3K with XDP enabled Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 56/83] i40e: add double of VLAN header when computing the max MTU Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 57/83] net: bgmac: fix BCM5358 support by setting correct flags Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 58/83] net: ethernet: ti: am65-cpsw: Add RX DMA Channel Teardown Quirk Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 59/83] sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 60/83] net/sched: tcindex: update imperfect hash filters respecting rcu Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 61/83] dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 62/83] net/usb: kalmia: Dont pass act_len in usb_bulk_msg error path Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 63/83] net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 64/83] net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 65/83] bnxt_en: Fix mqprio and XDP ring checking logic Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 66/83] net: stmmac: Restrict warning on disabling DMA store and fwd mode Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 67/83] net: mpls: fix stale pointer if allocation fails during device rename Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 68/83] ixgbe: add double of VLAN header when computing the max MTU Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 69/83] ipv6: Fix datagram socket connection with DSCP Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 70/83] ipv6: Fix tcp " Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 71/83] nilfs2: fix underflow in second superblock position calculations Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 72/83] mm/filemap: fix page end in filemap_get_read_batch Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 73/83] drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 74/83] drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 75/83] flow_offload: fill flags to action structure Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 76/83] net/sched: act_ctinfo: use percpu stats Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 77/83] i40e: Add checking for null for nlmsg_find_attr() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 78/83] net/sched: tcindex: search key must be 16 bits Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 79/83] kvm: initialize all of the kvm_debugregs structure before sending it to userspace Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 80/83] alarmtimer: Prevent starvation by small intervals and SIG_IGN Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 81/83] ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 82/83] net: sched: sch: Fix off by one in htb_activate_prios() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 83/83] platform/x86/amd: pmc: add CONFIG_SERIO dependency Greg Kroah-Hartman
2023-02-21 4:10 ` [PATCH 5.15 00/83] 5.15.95-rc1 review Bagas Sanjaya
2023-02-21 7:09 ` Naresh Kamboju
2023-02-21 12:04 ` Ron Economos
2023-02-21 14:57 ` Sudip Mukherjee (Codethink)
2023-02-21 16:21 ` Guenter Roeck
2023-02-21 20:10 ` Florian Fainelli
2023-02-21 23:48 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230220133555.378372869@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=anders.roxell@linaro.org \
--cc=jesperjuhl76@gmail.com \
--cc=lkft@linaro.org \
--cc=mike.kravetz@oracle.com \
--cc=naresh.kamboju@linaro.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=songmuchun@bytedance.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).