On Thu, 16 Feb 2023 at 07:06, Mike Kravetz <mike.kravetz@xxxxxxxxxx> wrote: > > Users can specify the hugetlb page size in the mmap, shmget and > memfd_create system calls. This is done by using 6 bits within the > flags argument to encode the base-2 logarithm of the desired page size. > The routine hstate_sizelog() uses the log2 value to find the > corresponding hugetlb hstate structure. Converting the log2 value > (page_size_log) to potential hugetlb page size is the simple statement: > > 1UL << page_size_log > > Because only 6 bits are used for page_size_log, the left shift can not > be greater than 63. This is fine on 64 bit architectures where a long > is 64 bits. However, if a value greater than 31 is passed on a 32 bit > architecture (where long is 32 bits) the shift will result in undefined > behavior. This was generally not an issue as the result of the > undefined shift had to exactly match hugetlb page size to proceed. > > Recent improvements in runtime checking have resulted in this undefined > behavior throwing errors such as reported below. > > Fix by comparing page_size_log to BITS_PER_LONG before doing shift. This proposed fix tested and confirmed that reported issues were fixed. > > Reported-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx> > Link: https://lore.kernel.org/lkml/CA+G9fYuei_Tr-vN9GS7SfFyU1y9hNysnf=PB7kT0=yv4MiPgVg@xxxxxxxxxxxxxx/ > Fixes: 42d7395feb56 ("mm: support more pagesizes for MAP_HUGETLB/SHM_HUGETLB") > Cc: <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx> Tested-by: Linux Kernel Functional Testing <lkft@xxxxxxxxxx> Tested-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx> > --- > include/linux/hugetlb.h | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h > index df6dd624ccfe..8b45720f9475 100644 > --- a/include/linux/hugetlb.h > +++ b/include/linux/hugetlb.h > @@ -781,7 +781,10 @@ static inline struct hstate *hstate_sizelog(int page_size_log) > if (!page_size_log) > return &default_hstate; > > - return size_to_hstate(1UL << page_size_log); > + if (page_size_log < BITS_PER_LONG) > + return size_to_hstate(1UL << page_size_log); > + > + return NULL; > } > > static inline struct hstate *hstate_vma(struct vm_area_struct *vma) > -- > 2.39.1 -- Linaro LKFT https://lkft.linaro.org
