On 10/22/2014 02:44 PM, Andrew Morton wrote:
> On Wed, 22 Oct 2014 09:42:46 +0400 Andrey Ryabinin <a.ryabinin@xxxxxxxxxxx> wrote:
>
>> > On 10/21/2014 10:15 PM, Sasha Levin wrote:
>>> > > hstate_sizelog() would shift left an int rather than long, triggering
>>> > > undefined behaviour and passing an incorrect value when the requested
>>> > > page size was more than 4GB, thus breaking >4GB pages.
>> >
>>> > >
>>> > > Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx>
>>> > > ---
>>> > > include/linux/hugetlb.h | 3 ++-
>>> > > 1 file changed, 2 insertions(+), 1 deletion(-)
>>> > >
>>> > > diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
>>> > > index 65e12a2..57e0dfd 100644
>>> > > --- a/include/linux/hugetlb.h
>>> > > +++ b/include/linux/hugetlb.h
>>> > > @@ -312,7 +312,8 @@ static inline struct hstate *hstate_sizelog(int page_size_log)
>>> > > {
>>> > > if (!page_size_log)
>>> > > return &default_hstate;
>>> > > - return size_to_hstate(1 << page_size_log);
>>> > > +
>>> > > + return size_to_hstate(1UL << page_size_log);
>> >
>> > That still could be undefined on 32-bits. Either use 1ULL or reduce SHM_HUGE_MASK on 32bits.
>> >
> But
>
> struct hstate *size_to_hstate(unsigned long size)
True, but "(1 << page_size_log)" produces an integer rather than long because "1"
is an int and not long.
#include <stdio.h>
int main(void)
{
unsigned long a, b;
a = 1 << 32;
b = 1UL << 32;
printf("a: %lu b: %lu\n", a, b);
}
$ ./a.out
a: 0 b: 4294967296
With the patch, size_to_hstate() gets the unsigned long it expects.
Thanks,
Sasha
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>