From patchwork Wed Apr 24 22:54:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13642593 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDDE6C4345F for ; Wed, 24 Apr 2024 22:54:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A35386B008C; Wed, 24 Apr 2024 18:54:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9E62B6B0092; Wed, 24 Apr 2024 18:54:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8AF8E6B0093; Wed, 24 Apr 2024 18:54:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 691D56B008C for ; Wed, 24 Apr 2024 18:54:55 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 252271C17C9 for ; Wed, 24 Apr 2024 22:54:55 +0000 (UTC) X-FDA: 82045932150.05.2F2CD26 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) by imf19.hostedemail.com (Postfix) with ESMTP id 892BB1A000C for ; Wed, 24 Apr 2024 22:54:53 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=WBsmIf4y; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=none (imf19.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713999293; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Fbnupmf5sC5cHjxw78S7V8xP62P+Monrj9W+p/bLWt8=; b=espwqp73K+eW9eJtrTOCGgP8K2Wp+OwHH5XZd5ZyQYhYWaK+rfznfmHKTYz1ZMgoFir5mq yzwBZghMoonSvdW/rFzbtI4eKbqX/uarwy8NltfhV+V1Ocp3HorGZzXlIOcOWHpuomGOme /GuoSxhTfs21VnP0YTFuKAUdpwjnngU= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=WBsmIf4y; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=none (imf19.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713999293; a=rsa-sha256; cv=none; b=iiB281Hyev/1hrfincgadlTgqVNSObey+BNEO+L/nFH47EvfV70C+g+Y3Pzh03c1gSFLQS Iwz6y0aBj/1CuYWePqRq2K0BI1mFgfRaOe08BZufKoHth6PttvobCD76QIa3v7Voii3MVV XO9Q0lRAOOyAW5Ca3+t5X/kpfm0i6RE= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=Fbnupmf5sC5cHjxw78S7V8xP62P+Monrj9W+p/bLWt8=; b=WBsmIf4y1ShgaLYKjS/ikx9Qb+ HUcO/dwue3Iyq1bKfYVQxURMK63hgtQeNKz4QHqHvTG8vj2MC6+r2EOL7fq1UkxV5AIujgZnt1IHM 5bSim8cRGxp5i4/gNiS5lY8VXp+lQQa5AJlHQvWE/twn05T/xThQQYfKQz6kzw82Bn2bh8x6UQrYx YS3cCLbJLQpH04nia9S9HZ2HunQUON4CnhjBoyIBQXO6QUdoCo/qA3wCYPXWROsishZwyc3fRdEbD uR/ZohjwQAOIDJx8pKW0xw/9zXagvXruUROTskOziPe3d9Rg0JJB1c4NsT65E+FJDMsF26iCr1N1F oxz9DuzQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rzlVq-00000006HlV-0hva; Wed, 24 Apr 2024 22:54:50 +0000 From: Luis Chamberlain To: akpm@linux-foundation.org, ziy@nvidia.com, linux-mm@kvack.org Cc: fstests@vger.kernel.org, linux-xfs@vger.kernel.org, linux-kernel@vger.kernel.org, willy@infradead.org, hare@suse.de, john.g.garry@oracle.com, p.raghav@samsung.com, da.gomez@samsung.com, mcgrof@kernel.org Subject: [PATCH 1/2] mm/huge_memory: skip invalid debugfs file entry for folio split Date: Wed, 24 Apr 2024 15:54:48 -0700 Message-ID: <20240424225449.1498244-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240424225449.1498244-1-mcgrof@kernel.org> References: <20240424225449.1498244-1-mcgrof@kernel.org> MIME-Version: 1.0 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 892BB1A000C X-Rspam-User: X-Stat-Signature: 8bkybyar6fhmor1woomd3ymh1k58ftr5 X-HE-Tag: 1713999293-223266 X-HE-Meta: U2FsdGVkX1/dDDTiE9e4RCoEwSF1KxMcbDehJSZBRJgGiaq7HllYMRJiUwJPNRMFgDgoLTSNRFYGBsJAXWCxkyOjgpgOGMxasInLnMB9tvtj+h1VgabLcc42wygt4O8bp3AAPe5qTzK5t/348BPfk5b8j00t2EpIEzGLZXZ2nGNA9KkWjcw10EsjHNTb8M4kAuKJY4Q2Xv0wDutZ5Pir6p2P1BSZN9mVi798VDOsUOcJJ8vEfgt3Rz8JKNu9y6dHux2GOn0bUmXkjPAf6Hv3k/lSCA70sf5E3VZNQ2zULUP+RsDRc+32IMupcJgLdfCdjOKdPMtgD3rtKYAx5NNCEbzIb0wtMlJIixtMDAmOlUxA9x66YQoS77+mFow++mlbV7l9uE4QE1UzA1q7482qImjYMbf7v5ZfcDrkgEiLdjxRIVzZiFR0JunK7cMHoip82506Lq+xSL9OKdZa0nei94q5MIzRMB9H6ASAeZcK//WYI1Svl/sk8G9RMoq9lyThXPYgtK2a8dqois1H31KSfCNdqhq8W5+XmuGfmOfB44mK3Bd+kN9iwR0vJ6OFwgs4H0/xEt+9r4bmCnYHPlVWoZ4VWiMZTQESdBBzAS+S/6VUqvC0ZU6gvPdiGgaceQ+NyDx7zpS0cefqMZYF9qRUb+C47bP5TasINdz7Hpe+hBxZKOCafFe5S3pBhWOpTSML2StRBlZRoN7uYb+n4DTHdR3hjtcFcaCg/C7TqF95mmhI0FQpRMXlqq302gXLTGYMv/ju/ApQrVanLLN1K2ezuzdhKjZ/6tj4+Moh0gofnnRFQ8AgQ//HHNlB0c3w7awrBDK0ndNNQmwVZ0YFWRug6khpcSkfZnmfNOKXhK8v2FthnAWRofBOB8XZudcK/I1cEtZ8Stp7v23/k3PG7R5cO3K1OkSWD0YP3d1gOEtiuDVQKPFeRazoMLJ7pz2uYJv9B7hb8hQsWokBd21DfPG 76Y/R8Ri mDdHyZrrpUGkJuDA9/bzK9r/ZkwyudW93An3kOvJ981MDkP3CFKpslYWrXkWU+IC70WOX1p3/gZW4YTKyCRKn2AIRpUXzC75Nux0Vo25Zw9zXK+TKry6X52eoATdwTJZXrrtv28Ewpjfg4VY/VNU+OO35L/V22NJVyfNVESG1tlp/EDlqvfi90NSuUMKW6ulZkahQI5Pi2JMWJygwZgM4fIph3ujU5Sqs5yb7l631bc1ZlJ0WZzVxH1ueRlfHkQOEJJuPngY6OZZJadkVm9XUK6aQV8Rtd5GLu4/+YibkacgzP9+ooWgwv4DwYoUZuP8/9lCLJ/9VxwWedvSszNZuBLKIgfAXvvsfY6jhVUJ1t2LASxDeN50RRUtiVg/O6acBwuG6thOdtSErSbdmrfy/9C7JPO0gad4Io5uEkdcMu/rfnfOP43NCD9ZQBZzpZ8cYkVvF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: If the file entry is too long we may easily end up going out of bounds and crash after strsep() on sscanf(). To avoid this ensure we bound the string to an expected length before we use sscanf() on it. Signed-off-by: Luis Chamberlain --- mm/huge_memory.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 9e9879d2f501..8386d24a163e 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3623,6 +3623,7 @@ static ssize_t split_huge_pages_write(struct file *file, const char __user *buf, char file_path[MAX_INPUT_BUF_SZ]; pgoff_t off_start = 0, off_end = 0; size_t input_len = strlen(input_buf); + size_t max_left_over; tok = strsep(&buf, ","); if (tok) { @@ -3632,6 +3633,14 @@ static ssize_t split_huge_pages_write(struct file *file, const char __user *buf, goto out; } + max_left_over = MAX_INPUT_BUF_SZ - strlen(file_path); + if (!buf || + strnlen(buf, max_left_over) < 7 || + strnlen(buf, max_left_over) > max_left_over) { + ret = -EINVAL; + goto out; + } + ret = sscanf(buf, "0x%lx,0x%lx,%d", &off_start, &off_end, &new_order); if (ret != 2 && ret != 3) { ret = -EINVAL; From patchwork Wed Apr 24 22:54:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13642592 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F9D7C10F15 for ; Wed, 24 Apr 2024 22:54:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 039CE6B0085; Wed, 24 Apr 2024 18:54:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EF2E46B0092; Wed, 24 Apr 2024 18:54:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CA2DD6B0093; Wed, 24 Apr 2024 18:54:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 986516B008A for ; Wed, 24 Apr 2024 18:54:54 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 436AFA0397 for ; Wed, 24 Apr 2024 22:54:54 +0000 (UTC) X-FDA: 82045932108.13.3FA9B40 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) by imf18.hostedemail.com (Postfix) with ESMTP id 39AC11C0006 for ; Wed, 24 Apr 2024 22:54:52 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=GLOJ7n9M; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=none (imf18.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713999292; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=muDeZ0tlWt27kuip/KmoQCU5uSua2F4Lkz04HVCl3SI=; b=p2+q5MRvTeNQZ4r+dL7Mjow4XFNVOk9jcySqQjnzbjbDT8lDtd/XeNAO54RTPmKS9hWT0i hMolbHAkMdgGPSPf6Xm0rbW4TJgLDjlM1+YvXeHGM1z4Ove7IxXoj+9gavn9Q7jIbE5Y7W dRZQv56698/Sw36pHboLOAqEYV4PKd8= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=GLOJ7n9M; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=none (imf18.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713999292; a=rsa-sha256; cv=none; b=ofxdM3c9Aznp4DzxCTbkwRTmKQAkiL4kxP0EpnNNqalr5vMfimLSiCHHsQlB0oI+LuJ7oW f8apZtSI4viryyxVrLubc4fEBQp1osb/JahL6fk5q3nj3vvlwqRsX/b0w5hR/I9iADEZ4r f80em37Wvjf+hcG39CSSNNVOBNd5ofo= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=muDeZ0tlWt27kuip/KmoQCU5uSua2F4Lkz04HVCl3SI=; b=GLOJ7n9MsnX8cT7Ol0Jq3B7oke XakDrBz62nFCW1+7tSom1DWnxTdrx9vfGaOdqMPsIZ3ASsJb27N+95zaDfI9JcOOHneo4BZzRhLfP 23kOwiSO5Fm9sTN/ITMOdHhWZ9K9WlMoCGYyaAimCi2UjGE7sbQS808i1stHQBDY66QLmwe/Nvuii jQzyEow4oaq8dhWNg8SajN1NXgQTpBYs9ZhstehX7hnHSa9c3k73IhGttYUG9rOPirt9ejCJiCo4i Ft/vzmSmsCm85YZBlmV+Yx0Z0CiUcXMJ08/mdpkYv5gyGp5+4fSPGZzZjSoj6QXDk8Teij6FTM8xc Jz3b6GVg==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rzlVq-00000006HlX-16Z2; Wed, 24 Apr 2024 22:54:50 +0000 From: Luis Chamberlain To: akpm@linux-foundation.org, ziy@nvidia.com, linux-mm@kvack.org Cc: fstests@vger.kernel.org, linux-xfs@vger.kernel.org, linux-kernel@vger.kernel.org, willy@infradead.org, hare@suse.de, john.g.garry@oracle.com, p.raghav@samsung.com, da.gomez@samsung.com, mcgrof@kernel.org Subject: [PATCH 2/2] mm/huge_memory: cap max length on debugfs file entry folio split Date: Wed, 24 Apr 2024 15:54:49 -0700 Message-ID: <20240424225449.1498244-3-mcgrof@kernel.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240424225449.1498244-1-mcgrof@kernel.org> References: <20240424225449.1498244-1-mcgrof@kernel.org> MIME-Version: 1.0 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 39AC11C0006 X-Rspam-User: X-Stat-Signature: 66y7hnfzi3x9ofjuk6emab9zay8izzu7 X-HE-Tag: 1713999292-395945 X-HE-Meta: U2FsdGVkX1/gYVkPRu3mYpoT8jxS/ZQskExph7SL8E0oYQ66TbPVX/t7MK2jC0sE1df2rller0+zou5Ac1Y5uM20nJZaGLODMlmjesBWABXWfa3oFhcudPmCWoJE6a1X3ArQV0TtL/w+3vpEWOpet9+iUjPUYJDfk3RoFtJPYHYz4YiIAQEd+rxHrz7AdqFxQ7RaPAg7g8HmrPvl5pN7iuzzM1u+66HcdR7yT71x1T+x/pFe2D70D7BdWgX1s9ibw+O8kciZ0jDT1j2UxWRFBZlCaklJIVBuBkmXZwuiq80uriEFeK6N27EDWh1+API31HMNtTani3rNgnO8f50adOeCgFG1U+tX4aoLPKTEcDWGmzTRx5VXLV+GdAZTDomgZesxdl9rgnPK6tJDF8QPQzbRs7S7TeGfvcSWwi4BeZ3RETQrqNfUgE0ahUcpXIZ/uuLwbUnrv3EgDNdcuhLt+NGyRnMJ4gAmtF698Qek4cE4sbc/i01Ynx+ZE/h1SWquwJ61j/ehytS82bPI6Jcr8bgFGuAqga8U6JZWxWBahVpFc8ZpudOTWyjPU4pb6EqSPME2d8VfDRG8POAyKtjn01xOGhciC+41wOmgLTqHNR2S5ZDbZqVPZdIZYBNUk1aj/h/UnkOSLtUCgbT6r3k4xRBvQT1FgPj+3c/JjP+LuLbAIlBdSaBtXX63QOm7CFx8IdeyeGnZc4KKNTOGZSLAzakLqLmUbtScKQJxZU1B00gYZwxrDeM2+bxUdAIKGeutbONcFddwRcOcfrcnCGHoCgJTdRKr2l/cZnj7uXcnPUpF4RunIhvtpumQ5hHVQe021GMKeLOXOXnsiuZLWLFSLtonwoQonq1P4KazHApd3c7TMz94vrjZwNDjkzxd3xsNAj+llrBir/PLI/RP7aGJJ9rlW15DZVHnuAWJ2WzQgKm/8BrTboEaFZp3kLcb/HJlzXCIpnBLccZBE1iV6Gu ttXnt3zR XDkVRzLboH7cLZJZp2HdDou8zFKaU1Sih488HTLjZqxCt8gRGU7OqPfoSapb9iq4npTEomnSzdZCUwlZyEEx0qAVE/QMM65QAhPpYTr/ni94VunVqvMvvrFp8n3NPF4h/bWWtm9gJ8YCp3VAp2yd4/xxvyOgG/Tixw7VjCb0rdF9TQM6JEqRdBEqAqCOqVMn/CxtvABFD5xn3LXZ/cwtHFgVw1dPbmGmP4ctUttCc6wHRuQvDGcGW0KxvsMYPICSk39c+LGsDthrVo4YWiBTHtZ42HD6jaQzB13hFPzBalRbdXyatl5396OGCfxTf6NNgbOnwqN+t9dlPdHFrHmvHRK323vmpW+IDruiTeoFTbIGglLNB/dN9Rh3dW4REMwc8CwTA4PFVh0ceB/osap5ccaKfcXQj+RFtQzTsSBdxziKKZ9lk1LSE9iJInXfhMoecO5bn X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Don't allow to query beyond a mapped file's length. Since this is just a debugfs interface allow userspace to be lazy and use a large value so we can just use the entire file. Without this we can end up wasting cycles looking for folios which just don't exist for no good reason. Signed-off-by: Luis Chamberlain --- mm/huge_memory.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 8386d24a163e..86a8c7b3b8dc 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3535,7 +3535,7 @@ static int split_huge_pages_in_file(const char *file_path, pgoff_t off_start, struct file *candidate; struct address_space *mapping; int ret = -EINVAL; - pgoff_t index; + pgoff_t index, fsize; int nr_pages = 1; unsigned long total = 0, split = 0; @@ -3547,11 +3547,14 @@ static int split_huge_pages_in_file(const char *file_path, pgoff_t off_start, if (IS_ERR(candidate)) goto out; + mapping = candidate->f_mapping; + fsize = i_size_read(mapping->host); + if (off_end > fsize) + off_end = fsize; + pr_debug("split file-backed THPs in file: %s, page offset: [0x%lx - 0x%lx]\n", file_path, off_start, off_end); - mapping = candidate->f_mapping; - for (index = off_start; index < off_end; index += nr_pages) { struct folio *folio = filemap_get_folio(mapping, index);