On Wed, 20 Dec 2023 13:28:39 +0800 "jiajun.xie" <jiajun.xie.sh@xxxxxxxxx> wrote: > From: Jiajun Xie <jiajun.xie.sh@xxxxxxxxx> > > The bug happens when highest bit of holebegin is 1, suppose > holebign is 0x8000000111111000, after shift, hba would be > 0xfff8000000111111, then vma_interval_tree_foreach would look > it up fail or leads to the wrong result. > > error call seq e.g.: > - mmap(..., offset=0x8000000111111000) > |- syscall(mmap, ... unsigned long, off): > |- ksys_mmap_pgoff( ... , off >> PAGE_SHIFT); > > here pgoff is correctly shifted to 0x8000000111111, > but pass 0x8000000111111000 as holebegin to unmap > would then cause terrible result, as shown below: > > - unmap_mapping_range(..., loff_t const holebegin) > |- pgoff_t hba = holebegin >> PAGE_SHIFT; > /* hba = 0xfff8000000111111 unexpectedly */ > > turn holebegin to be unsigned first would fix the bug. > Thanks. Are you able to describe the runtime effects of this (obviously bad, but it's good to spell it out) and under what circumstances it occurs?
