| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Feb 2022 10:59:07 +0800
From: Zhenguo Yao <yaozhenguo1@...il.com>
To: Mike Kravetz <mike.kravetz@...cle.com>
Cc: liuyuntao <liuyuntao10@...wei.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linux Memory Management List <linux-mm@...ck.org>,
linux-kernel@...r.kernel.org, wuxu.wu@...wei.com,
fangchuangchuang@...wei.com, windspectator@...il.com
Subject: Re: [PATCH] hugetlbfs: fix a truncation issue in hugepages parameter
Mike Kravetz <mike.kravetz@...cle.com> 于2022年2月10日周四 08:44写道:
>
> On 2/9/22 05:40, liuyuntao wrote:
> > From: Liu Yuntao <liuyuntao10@...wei.com>
> >
> > When we specify a large number for node in hugepages parameter,
> > it may be parsed to another number due to truncation in this statement:
> > node = tmp;
> >
> > For example, add following parameter in command line:
> > hugepagesz=1G hugepages=4294967297:5
> > and kernel will allocate 5 hugepages for node 1 instead of ignoring it.
> >
> > I move the validation check earlier to fix this issue, and slightly
> > simplifies the condition here.
> >
> > Fixes: b5389086ad7be0 ("hugetlbfs: extend the definition of hugepages parameter to support node allocation")
> > Signed-off-by: Liu Yuntao <liuyuntao10@...wei.com>
> > ---
> > mm/hugetlb.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> > index 61895cc01d09..0929547f6ad6 100644
> > --- a/mm/hugetlb.c
> > +++ b/mm/hugetlb.c
> > @@ -4159,10 +4159,10 @@ static int __init hugepages_setup(char *s)
> > pr_warn("HugeTLB: architecture can't support node specific alloc, ignoring!\n");
> > return 0;
> > }
> > + if (tmp >= nr_online_nodes)
> > + goto invalid;
> > node = tmp;
>
> I am surprised none of the automated checking complained about that
> assignment.
>
> > p += count + 1;
> > - if (node < 0 || node >= nr_online_nodes)
>
> I can't remember, but I think that check for node < 0 was added to handle
> overflow during the above assignment. Do you remember Zhenguo Yao?
>
Sorry for my late reply. This check for node < 0 was added
to handle node parameter overflow from the earliest version:
https://lore.kernel.org/lkml/20210820030536.25737-1-yaozhenguo1@gmail.com/
Parameter of node allocation was: hugepages_node=xx hugepages=xx at this
version. With the changing of the code, this check has lost its effect.
> > - goto invalid;
> > /* Parse hugepages */
> > if (sscanf(p, "%lu%n", &tmp, &count) != 1)
> > goto invalid;
>
> Thanks,
>
> Reviewed-by: Mike Kravetz <mike.kravetz@...cle.com>
>
> --
> Mike Kravetz
Powered by blists - more mailing lists