From nobody Mon Apr 6 09:14:34 2026 Received: from mailgw.kylinos.cn (mailgw.kylinos.cn [124.126.103.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E028F3BED37 for ; Thu, 26 Mar 2026 08:48:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=124.126.103.232 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774514886; cv=none; b=aDk2TSx0RRsP+VEVyqN+aEJSuGEpT7Zpq9LX2On08KTVXxnN/VACNEYYp6QJ3Tivj4MDejqUiwL6Cg3EG+P/okDMTZCBmO4gak73fUsFmsvqj2xpbmQzORQ90suV0APAKu0qK9E+UMhFUoRZ3bd/E1fzheU6OJ3S8MpbiJ2LtfA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774514886; c=relaxed/simple; bh=AvoYEtnGjBzQYX8KIGihI+pBbdkXrOlbffYRV4pbUrU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=bWUtAtJCe6Cw0amvcNodVmuvOUqCN5BXQZUvW2PeW6LWBANt79ZbHjZLjOHgXlejV2t5T2KC8ynoyJqKg5FAotmbiKb+cMIk4dFt8CMV/cibpUp7XL/+GPBHTGI+j7N5arJ/vJGjej/1vLIu4Ud27xcUVVq/Db7nzjJsNZIq8yA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kylinos.cn; spf=pass smtp.mailfrom=kylinos.cn; arc=none smtp.client-ip=124.126.103.232 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kylinos.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kylinos.cn X-UUID: 7f2d37c428f011f1a21c59e7364eecb8-20260326 X-CTIC-Tags: HR_CC_COUNT, HR_CC_DOMAIN_COUNT, HR_CC_NO_NAME, HR_CTE_8B, HR_CTT_MISS HR_DATE_H, HR_DATE_WKD, HR_DATE_ZONE, HR_FROM_NAME, HR_SJ_DIGIT_LEN HR_SJ_LANG, HR_SJ_LEN, HR_SJ_LETTER, HR_SJ_NOR_SYM, HR_SJ_PHRASE HR_SJ_PHRASE_LEN, HR_SJ_WS, HR_TO_COUNT, HR_TO_DOMAIN_COUNT, HR_TO_NO_NAME IP_TRUSTED, SRC_TRUSTED, DN_TRUSTED, SA_EXISTED, SN_EXISTED SPF_NOPASS, DKIM_NOPASS, DMARC_NOPASS, UD_TRUSTED, CIE_BAD CIE_GOOD, CIE_GOOD_SPF, GTI_FG_BS, GTI_RG_INFO, GTI_C_BU AMN_GOOD, ABX_MISS_RDNS X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.3.11,REQID:a72e581e-92dd-4fdb-a9b0-1a082cb00933,IP:10, URL:25,TC:0,Content:-25,EDM:0,RT:0,SF:-5,FILE:0,BULK:0,RULE:Release_Ham,AC TION:release,TS:5 X-CID-INFO: VERSION:1.3.11,REQID:a72e581e-92dd-4fdb-a9b0-1a082cb00933,IP:10,UR L:25,TC:0,Content:-25,EDM:0,RT:0,SF:-5,FILE:0,BULK:0,RULE:Release_Ham,ACTI ON:release,TS:5 X-CID-META: VersionHash:89c9d04,CLOUDID:1467e7590ec80c26cdec8a7899216632,BulkI D:260326164801FNQ8KTQP,BulkQuantity:0,Recheck:0,SF:17|19|38|66|78|81|82|10 2|127|850|898,TC:nil,Content:0|15|50,EDM:-3,IP:-2,URL:11|94|81|1,File:nil, RT:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO,DKR:0,D KP:0,BRR:0,BRE:0,ARC:0 X-CID-BVR: 2,SSN|SDN X-CID-BAS: 2,SSN|SDN,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR,TF_CID_SPAM_FAS,TF_CID_SPAM_FSD,TF_CID_SPAM_ULN X-CID-RHF: D41D8CD98F00B204E9800998ECF8427E X-UUID: 7f2d37c428f011f1a21c59e7364eecb8-20260326 X-User: duanchenghao@kylinos.cn Received: from localhost.localdomain [(183.242.174.21)] by mailgw.kylinos.cn (envelope-from ) (Generic MTA) with ESMTP id 1230445524; Thu, 26 Mar 2026 16:48:01 +0800 From: Chenghao Duan To: pasha.tatashin@soleen.com, rppt@kernel.org, pratyush@kernel.org, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: jianghaoran@kylinos.cn, duanchenghao@kylinos.cn Subject: [PATCH v3 7/7] mm/memfd_luo: fix integer overflow in memfd_luo_preserve_folios Date: Thu, 26 Mar 2026 16:47:27 +0800 Message-Id: <20260326084727.118437-8-duanchenghao@kylinos.cn> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260326084727.118437-1-duanchenghao@kylinos.cn> References: <20260326084727.118437-1-duanchenghao@kylinos.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In memfd_luo_preserve_folios(), two variables had types that could cause silent data loss with large files: 1. 'size' was declared as 'long', truncating the 64-bit result of i_size_read(). On 32-bit systems a 4GB file would be truncated to 0, causing the function to return early and discard all data. 2. 'max_folios' was declared as 'unsigned int', causing overflow for sparse files larger than 4TB. For example, a 16TB+4KB file would calculate 0x100000001 folios but truncate to 1 when assigned to max_folios, causing memfd_pin_folios() to pin only the first folio. Fix by changing both variables to 'u64' to match the types returned by i_size_read() and the folio count calculations. This issue was identified by the AI review. https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos= .cn Signed-off-by: Chenghao Duan Reviewed-by: Pasha Tatashin --- mm/memfd_luo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c index f8e8f99b1848..4b4fa2f658d9 100644 --- a/mm/memfd_luo.c +++ b/mm/memfd_luo.c @@ -88,8 +88,8 @@ static int memfd_luo_preserve_folios(struct file *file, { struct inode *inode =3D file_inode(file); struct memfd_luo_folio_ser *folios_ser; - unsigned int max_folios; - long i, size, nr_pinned; + u64 size, max_folios; + long i, nr_pinned; struct folio **folios; int err =3D -EINVAL; pgoff_t offset; --=20 2.25.1