Re: [PATCH v2] hugetlbfs: Fix integer overflow check in hugetlbfs_file_mmap()

[Dan Carpenter]

On Thu, Jul 20, 2023 at 09:49:39PM +0800, Linke Li wrote:
> From: Linke Li <lilinke99@xxxxxxxxx>
> 
> ```
> 	vma_len = (loff_t)(vma->vm_end - vma->vm_start);
> 	len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
> 	/* check for overflow */
> 	if (len < vma_len)
> 		return -EINVAL;
> ```
> 
> There is a signed integer overflow in the code, which is undefined
> behavior according to the C stacnard. Although kernel disables some
> optimizations by using the "-fno-strict-overflow" option, there is
> still a risk.

It's not a risk.  Better to say, "although this works, it's still a bit
ugly and static checkers will complain".

I wouldn't have commented on the commit message except that this patch
checkpatch warning so you're going to have to redo it anyway.  Run
scripts/checkpatch.pl on your patches before sending them.

WARNING: please, no spaces at the start of a line
#49: FILE: fs/hugetlbfs/inode.c:158:
+    if (check_add_overflow(vma_len, (loff_t)vma->vm_pgoff << PAGE_SHIFT, &len))$

WARNING: suspect code indent for conditional statements (4, 16)
#49: FILE: fs/hugetlbfs/inode.c:158:
+    if (check_add_overflow(vma_len, (loff_t)vma->vm_pgoff << PAGE_SHIFT, &len))
                return -EINVAL;

total: 0 errors, 2 warnings, 10 lines checked

regards,
dan carpenter