From: Jan Kara <jack@suse.cz>
To: Matthew Bobrowski <mbobrowski@mbobrowski.org>
Cc: coverity-bot <keescook@chromium.org>, Jan Kara <jack@suse.cz>,
Theodore Ts'o <tytso@mit.edu>,
Ritesh Harjani <riteshh@linux.ibm.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org
Subject: Re: Coverity: ext4_iomap_alloc(): Integer handling issues
Date: Tue, 12 Nov 2019 12:00:04 +0100 [thread overview]
Message-ID: <20191112110004.GF1241@quack2.suse.cz> (raw)
In-Reply-To: <20191112072239.GB15488@bobrowski>
On Tue 12-11-19 18:22:41, Matthew Bobrowski wrote:
> On Mon, Nov 11, 2019 at 05:35:44PM -0800, coverity-bot wrote:
> > This is an experimental automated report about issues detected by Coverity
> > from a scan of next-20191108 as part of the linux-next weekly scan project:
> > https://scan.coverity.com/projects/linux-next-weekly-scan
> >
> > You're getting this email because you were associated with the identified
> > lines of code (noted below) that were touched by recent commits:
> >
> > 378f32bab371 ("ext4: introduce direct I/O write using iomap infrastructure")
> >
> > Coverity reported the following:
> >
> > *** CID 1487841: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
> > /fs/ext4/inode.c: 3388 in ext4_iomap_alloc()
> > 3382 /*
> > 3383 * We use i_size instead of i_disksize here because delalloc writeback
> > 3384 * can complete at any point during the I/O and subsequently push the
> > 3385 * i_disksize out to i_size. This could be beyond where direct I/O is
> > 3386 * happening and thus expose allocated blocks to direct I/O reads.
> > 3387 */
> > vvv CID 1487841: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
> > vvv Potentially overflowing expression "1 << blkbits" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "loff_t" (64 bits, signed).
> > 3388 else if ((map->m_lblk * (1 << blkbits)) >= i_size_read(inode))
> > 3389 m_flags = EXT4_GET_BLOCKS_CREATE;
> > 3390 else if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))
> > 3391 m_flags = EXT4_GET_BLOCKS_IO_CREATE_EXT;
>
> In the event of an overflow in this specific context, I don't think it
> would matter too much to be perfectly honest. If 'blkbits' were to
> actually ever push out the signed integer to a value that couldn't be
> represented by this data type, I would expect the resulting wrapping
> behaviour to _only_ affect how filesystem blocks are allocated. In
> that case, I/O workloads would behave alot differently, and at that
> point I would hope that our filesystem related testing infrastructure
> would pick this up before allowing anything to leak out into the
> wild...
>
> Unless my trail of thought is wrong? Happy to be corrected here and
> educated on this.
Fully agreed. blkbits is never expected to be larger than 16 in this code.
So this is false positive.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2019-11-12 11:00 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 1:35 Coverity: ext4_iomap_alloc(): Integer handling issues coverity-bot
2019-11-12 7:22 ` Matthew Bobrowski
2019-11-12 11:00 ` Jan Kara [this message]
2019-11-12 20:56 ` Kees Cook
2019-11-12 21:28 ` Matthew Bobrowski
2019-11-12 22:17 ` Kees Cook
2019-11-13 4:38 ` Matthew Bobrowski
2019-11-13 9:37 ` Jan Kara
2019-11-13 18:38 ` Kees Cook
2019-11-14 8:58 ` Jan Kara
2019-11-14 18:43 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191112110004.GF1241@quack2.suse.cz \
--to=jack@suse.cz \
--cc=gustavo@embeddedor.com \
--cc=keescook@chromium.org \
--cc=linux-next@vger.kernel.org \
--cc=mbobrowski@mbobrowski.org \
--cc=riteshh@linux.ibm.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).