lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 15 Sep 2017 22:52:20 -0400
Cc:     Michal Hocko <>,,,,,
Subject: [PATCH 1/2] mm/memory_hotplug: Change
 pfn_to_section_nr/section_nr_to_pfn macro to inline function

pfn_to_section_nr() and section_nr_to_pfn() are defined as macro.
pfn_to_section_nr() has no issue even if it is defined as macro.
But section_nr_to_pfn() has overflow issue if sec is defined as int.

section_nr_to_pfn() just shifts sec by PFN_SECTION_SHIFT. If sec
is defined as unsigned long, section_nr_to_pfn() returns pfn as 64
bit value. But if sec is defined as int, section_nr_to_pfn() returns
pfn as 32 bit value.

__remove_section() calculates start_pfn using section_nr_to_pfn() and
scn_nr defined as int. So if hot-removed memory address is over 16TB,
overflow issue occurs and section_nr_to_pfn() does not calculate
correct pfn.

To make callers use proper arg, the patch changes the macros to
inline functions.

Signed-off-by: Yasuaki Ishimatsu <>
 include/linux/mmzone.h | 10 ++++++++--
 mm/memory_hotplug.c    |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
index ef6a13b..6ae12b2 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
@@ -1073,8 +1073,14 @@ static inline unsigned long early_pfn_to_nid(unsigned long pfn)
 #error Allocator MAX_ORDER exceeds SECTION_SIZE

-#define pfn_to_section_nr(pfn) ((pfn) >> PFN_SECTION_SHIFT)
-#define section_nr_to_pfn(sec) ((sec) << PFN_SECTION_SHIFT)
+static inline unsigned long pfn_to_section_nr(unsigned long pfn)
+	return pfn >> PFN_SECTION_SHIFT;
+static inline unsigned long section_nr_to_pfn(unsigned long sec)
+	return sec << PFN_SECTION_SHIFT;

diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
index b63d7d1..38c3c37 100644
--- a/mm/memory_hotplug.c
+++ b/mm/memory_hotplug.c
@@ -798,7 +798,7 @@ static int __remove_section(struct zone *zone, struct mem_section *ms,
 		return ret;

 	scn_nr = __section_nr(ms);
-	start_pfn = section_nr_to_pfn(scn_nr);
+	start_pfn = section_nr_to_pfn((unsigned long)scn_nr);
 	__remove_zone(zone, start_pfn);

 	sparse_remove_one_section(zone, ms, map_offset);

Powered by blists - more mailing lists