* [PATCH] xfs: fix signed integer overflow
@ 2016-09-09 6:38 ` Xie XiuQi
0 siblings, 0 replies; 10+ messages in thread
From: Xie XiuQi @ 2016-09-09 6:38 UTC (permalink / raw)
To: david; +Cc: xfs, linux-kernel
Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
[ 31.910858] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:889:25
[ 31.911252] signed integer overflow:
[ 31.911478] -2147483648 - 1 cannot be represented in type 'int'
[ 31.911846] CPU: 1 PID: 1011 Comm: tuned Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1
[ 31.911857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011
[ 31.911866] 1ffff1004069cd3b 0000000076bec3fd ffff8802034e69a0 ffffffff81ee3140
[ 31.911883] ffff8802034e69b8 ffffffff81ee31fd ffffffffa0ad79e0 ffff8802034e6b20
[ 31.911898] ffffffff81ee46e2 0000002d515470c0 0000000000000001 0000000041b58ab3
[ 31.911913] Call Trace:
[ 31.911932] [<ffffffff81ee3140>] dump_stack+0x1e/0x20
[ 31.911947] [<ffffffff81ee31fd>] ubsan_epilogue+0x12/0x55
[ 31.911964] [<ffffffff81ee46e2>] handle_overflow+0x1ba/0x215
[ 31.912083] [<ffffffff81ee4798>] __ubsan_handle_sub_overflow+0x2a/0x31
[ 31.912204] [<ffffffffa08676fb>] xfs_buf_item_log+0x34b/0x3f0 [xfs]
[ 31.912314] [<ffffffffa0880490>] xfs_trans_log_buf+0x120/0x260 [xfs]
[ 31.912402] [<ffffffffa079a890>] xfs_btree_log_recs+0x80/0xc0 [xfs]
[ 31.912490] [<ffffffffa07a29f8>] xfs_btree_delrec+0x11a8/0x2d50 [xfs]
[ 31.913589] [<ffffffffa07a86f9>] xfs_btree_delete+0xc9/0x260 [xfs]
[ 31.913762] [<ffffffffa075b5cf>] xfs_free_ag_extent+0x63f/0xe20 [xfs]
[ 31.914339] [<ffffffffa075ec0f>] xfs_free_extent+0x2af/0x3e0 [xfs]
[ 31.914641] [<ffffffffa0801b2b>] xfs_bmap_finish+0x32b/0x4b0 [xfs]
[ 31.914841] [<ffffffffa083c2e7>] xfs_itruncate_extents+0x3b7/0x740 [xfs]
[ 31.915216] [<ffffffffa08342fa>] xfs_setattr_size+0x60a/0x860 [xfs]
[ 31.915471] [<ffffffffa08345ea>] xfs_vn_setattr+0x9a/0xe0 [xfs]
[ 31.915590] [<ffffffff8149ad38>] notify_change+0x5c8/0x8a0
[ 31.915607] [<ffffffff81450f22>] do_truncate+0x122/0x1d0
[ 31.915640] [<ffffffff8147beee>] do_last+0x15de/0x2c80
[ 31.915707] [<ffffffff8147d777>] path_openat+0x1e7/0xcc0
[ 31.915802] [<ffffffff81480824>] do_filp_open+0xa4/0x160
[ 31.915848] [<ffffffff81453127>] do_sys_open+0x1b7/0x3f0
[ 31.915879] [<ffffffff81453392>] SyS_open+0x32/0x40
[ 31.915897] [<ffffffff81f08989>] system_call_fastpath+0x16/0x1b
[ 240.086809] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:866:34
[ 240.086820] signed integer overflow:
[ 240.086830] -2147483648 - 1 cannot be represented in type 'int'
[ 240.086846] CPU: 1 PID: 12969 Comm: rm Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1
[ 240.086857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011
[ 240.086868] 1ffff10040491def 00000000e2ea59c1 ffff88020248ef40 ffffffff81ee3140
[ 240.086885] ffff88020248ef58 ffffffff81ee31fd ffffffffa0ad79e0 ffff88020248f0c0
[ 240.086901] ffffffff81ee46e2 0000002d02488000 0000000000000001 0000000041b58ab3
[ 240.086915] Call Trace:
[ 240.086938] [<ffffffff81ee3140>] dump_stack+0x1e/0x20
[ 240.086953] [<ffffffff81ee31fd>] ubsan_epilogue+0x12/0x55
[ 240.086971] [<ffffffff81ee46e2>] handle_overflow+0x1ba/0x215
...
Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
---
fs/xfs/xfs_buf_item.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
index e455f90..3a27997 100644
--- a/fs/xfs/xfs_buf_item.c
+++ b/fs/xfs/xfs_buf_item.c
@@ -865,7 +865,7 @@ xfs_buf_item_log_segment(
*/
if (bit) {
end_bit = MIN(bit + bits_to_set, (uint)NBWORD);
- mask = ((1 << (end_bit - bit)) - 1) << bit;
+ mask = ((1U << (end_bit - bit)) - 1) << bit;
*wordp |= mask;
wordp++;
bits_set = end_bit - bit;
@@ -888,7 +888,7 @@ xfs_buf_item_log_segment(
*/
end_bit = bits_to_set - bits_set;
if (end_bit) {
- mask = (1 << end_bit) - 1;
+ mask = (1U << end_bit) - 1;
*wordp |= mask;
}
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH] xfs: fix signed integer overflow
@ 2016-09-09 6:38 ` Xie XiuQi
0 siblings, 0 replies; 10+ messages in thread
From: Xie XiuQi @ 2016-09-09 6:38 UTC (permalink / raw)
To: david; +Cc: linux-kernel, xfs
Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
[ 31.910858] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:889:25
[ 31.911252] signed integer overflow:
[ 31.911478] -2147483648 - 1 cannot be represented in type 'int'
[ 31.911846] CPU: 1 PID: 1011 Comm: tuned Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1
[ 31.911857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011
[ 31.911866] 1ffff1004069cd3b 0000000076bec3fd ffff8802034e69a0 ffffffff81ee3140
[ 31.911883] ffff8802034e69b8 ffffffff81ee31fd ffffffffa0ad79e0 ffff8802034e6b20
[ 31.911898] ffffffff81ee46e2 0000002d515470c0 0000000000000001 0000000041b58ab3
[ 31.911913] Call Trace:
[ 31.911932] [<ffffffff81ee3140>] dump_stack+0x1e/0x20
[ 31.911947] [<ffffffff81ee31fd>] ubsan_epilogue+0x12/0x55
[ 31.911964] [<ffffffff81ee46e2>] handle_overflow+0x1ba/0x215
[ 31.912083] [<ffffffff81ee4798>] __ubsan_handle_sub_overflow+0x2a/0x31
[ 31.912204] [<ffffffffa08676fb>] xfs_buf_item_log+0x34b/0x3f0 [xfs]
[ 31.912314] [<ffffffffa0880490>] xfs_trans_log_buf+0x120/0x260 [xfs]
[ 31.912402] [<ffffffffa079a890>] xfs_btree_log_recs+0x80/0xc0 [xfs]
[ 31.912490] [<ffffffffa07a29f8>] xfs_btree_delrec+0x11a8/0x2d50 [xfs]
[ 31.913589] [<ffffffffa07a86f9>] xfs_btree_delete+0xc9/0x260 [xfs]
[ 31.913762] [<ffffffffa075b5cf>] xfs_free_ag_extent+0x63f/0xe20 [xfs]
[ 31.914339] [<ffffffffa075ec0f>] xfs_free_extent+0x2af/0x3e0 [xfs]
[ 31.914641] [<ffffffffa0801b2b>] xfs_bmap_finish+0x32b/0x4b0 [xfs]
[ 31.914841] [<ffffffffa083c2e7>] xfs_itruncate_extents+0x3b7/0x740 [xfs]
[ 31.915216] [<ffffffffa08342fa>] xfs_setattr_size+0x60a/0x860 [xfs]
[ 31.915471] [<ffffffffa08345ea>] xfs_vn_setattr+0x9a/0xe0 [xfs]
[ 31.915590] [<ffffffff8149ad38>] notify_change+0x5c8/0x8a0
[ 31.915607] [<ffffffff81450f22>] do_truncate+0x122/0x1d0
[ 31.915640] [<ffffffff8147beee>] do_last+0x15de/0x2c80
[ 31.915707] [<ffffffff8147d777>] path_openat+0x1e7/0xcc0
[ 31.915802] [<ffffffff81480824>] do_filp_open+0xa4/0x160
[ 31.915848] [<ffffffff81453127>] do_sys_open+0x1b7/0x3f0
[ 31.915879] [<ffffffff81453392>] SyS_open+0x32/0x40
[ 31.915897] [<ffffffff81f08989>] system_call_fastpath+0x16/0x1b
[ 240.086809] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:866:34
[ 240.086820] signed integer overflow:
[ 240.086830] -2147483648 - 1 cannot be represented in type 'int'
[ 240.086846] CPU: 1 PID: 12969 Comm: rm Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1
[ 240.086857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011
[ 240.086868] 1ffff10040491def 00000000e2ea59c1 ffff88020248ef40 ffffffff81ee3140
[ 240.086885] ffff88020248ef58 ffffffff81ee31fd ffffffffa0ad79e0 ffff88020248f0c0
[ 240.086901] ffffffff81ee46e2 0000002d02488000 0000000000000001 0000000041b58ab3
[ 240.086915] Call Trace:
[ 240.086938] [<ffffffff81ee3140>] dump_stack+0x1e/0x20
[ 240.086953] [<ffffffff81ee31fd>] ubsan_epilogue+0x12/0x55
[ 240.086971] [<ffffffff81ee46e2>] handle_overflow+0x1ba/0x215
...
Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
---
fs/xfs/xfs_buf_item.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
index e455f90..3a27997 100644
--- a/fs/xfs/xfs_buf_item.c
+++ b/fs/xfs/xfs_buf_item.c
@@ -865,7 +865,7 @@ xfs_buf_item_log_segment(
*/
if (bit) {
end_bit = MIN(bit + bits_to_set, (uint)NBWORD);
- mask = ((1 << (end_bit - bit)) - 1) << bit;
+ mask = ((1U << (end_bit - bit)) - 1) << bit;
*wordp |= mask;
wordp++;
bits_set = end_bit - bit;
@@ -888,7 +888,7 @@ xfs_buf_item_log_segment(
*/
end_bit = bits_to_set - bits_set;
if (end_bit) {
- mask = (1 << end_bit) - 1;
+ mask = (1U << end_bit) - 1;
*wordp |= mask;
}
}
--
1.8.3.1
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] xfs: fix signed integer overflow
2016-09-09 6:38 ` Xie XiuQi
@ 2016-09-09 6:42 ` Joe Perches
-1 siblings, 0 replies; 10+ messages in thread
From: Joe Perches @ 2016-09-09 6:42 UTC (permalink / raw)
To: Xie XiuQi, david; +Cc: xfs, linux-kernel
On Fri, 2016-09-09 at 14:38 +0800, Xie XiuQi wrote:
> Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
trivia: misleading commit message
1U is for unsigned int not unsigned long int
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] xfs: fix signed integer overflow
@ 2016-09-09 6:42 ` Joe Perches
0 siblings, 0 replies; 10+ messages in thread
From: Joe Perches @ 2016-09-09 6:42 UTC (permalink / raw)
To: Xie XiuQi, david; +Cc: linux-kernel, xfs
On Fri, 2016-09-09 at 14:38 +0800, Xie XiuQi wrote:
> Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
trivia: misleading commit message
1U is for unsigned int not unsigned long int
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] xfs: fix signed integer overflow
2016-09-09 6:42 ` Joe Perches
@ 2016-09-09 7:16 ` Xie XiuQi
-1 siblings, 0 replies; 10+ messages in thread
From: Xie XiuQi @ 2016-09-09 7:16 UTC (permalink / raw)
To: Joe Perches, david; +Cc: xfs, linux-kernel
On 2016/9/9 14:42, Joe Perches wrote:
> On Fri, 2016-09-09 at 14:38 +0800, Xie XiuQi wrote:
>> Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
>
> trivia: misleading commit message
>
> 1U is for unsigned int not unsigned long int
>
Sorry, my fault. Thank you for your comments.
>From 9cb8e36406a54ce0eaade31dd28f6068f03de1d2 Mon Sep 17 00:00:00 2001
From: Xie XiuQi <xiexiuqi@huawei.com>
Date: Tue, 6 Sep 2016 11:15:34 +0800
Subject: [PATCH v2] xfs: fix signed integer overflow
Use 1U for unsigned int, or we'll meet a overflow issue with UBSAN.
[ 31.910858] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:889:25
[ 31.911252] signed integer overflow:
[ 31.911478] -2147483648 - 1 cannot be represented in type 'int'
[ 31.911846] CPU: 1 PID: 1011 Comm: tuned Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1
[ 31.911857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011
[ 31.911866] 1ffff1004069cd3b 0000000076bec3fd ffff8802034e69a0 ffffffff81ee3140
[ 31.911883] ffff8802034e69b8 ffffffff81ee31fd ffffffffa0ad79e0 ffff8802034e6b20
[ 31.911898] ffffffff81ee46e2 0000002d515470c0 0000000000000001 0000000041b58ab3
[ 31.911913] Call Trace:
[ 31.911932] [<ffffffff81ee3140>] dump_stack+0x1e/0x20
[ 31.911947] [<ffffffff81ee31fd>] ubsan_epilogue+0x12/0x55
[ 31.911964] [<ffffffff81ee46e2>] handle_overflow+0x1ba/0x215
[ 31.912083] [<ffffffff81ee4798>] __ubsan_handle_sub_overflow+0x2a/0x31
[ 31.912204] [<ffffffffa08676fb>] xfs_buf_item_log+0x34b/0x3f0 [xfs]
[ 31.912314] [<ffffffffa0880490>] xfs_trans_log_buf+0x120/0x260 [xfs]
[ 31.912402] [<ffffffffa079a890>] xfs_btree_log_recs+0x80/0xc0 [xfs]
[ 31.912490] [<ffffffffa07a29f8>] xfs_btree_delrec+0x11a8/0x2d50 [xfs]
[ 31.913589] [<ffffffffa07a86f9>] xfs_btree_delete+0xc9/0x260 [xfs]
[ 31.913762] [<ffffffffa075b5cf>] xfs_free_ag_extent+0x63f/0xe20 [xfs]
[ 31.914339] [<ffffffffa075ec0f>] xfs_free_extent+0x2af/0x3e0 [xfs]
[ 31.914641] [<ffffffffa0801b2b>] xfs_bmap_finish+0x32b/0x4b0 [xfs]
[ 31.914841] [<ffffffffa083c2e7>] xfs_itruncate_extents+0x3b7/0x740 [xfs]
[ 31.915216] [<ffffffffa08342fa>] xfs_setattr_size+0x60a/0x860 [xfs]
[ 31.915471] [<ffffffffa08345ea>] xfs_vn_setattr+0x9a/0xe0 [xfs]
[ 31.915590] [<ffffffff8149ad38>] notify_change+0x5c8/0x8a0
[ 31.915607] [<ffffffff81450f22>] do_truncate+0x122/0x1d0
[ 31.915640] [<ffffffff8147beee>] do_last+0x15de/0x2c80
[ 31.915707] [<ffffffff8147d777>] path_openat+0x1e7/0xcc0
[ 31.915802] [<ffffffff81480824>] do_filp_open+0xa4/0x160
[ 31.915848] [<ffffffff81453127>] do_sys_open+0x1b7/0x3f0
[ 31.915879] [<ffffffff81453392>] SyS_open+0x32/0x40
[ 31.915897] [<ffffffff81f08989>] system_call_fastpath+0x16/0x1b
[ 240.086809] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:866:34
[ 240.086820] signed integer overflow:
[ 240.086830] -2147483648 - 1 cannot be represented in type 'int'
[ 240.086846] CPU: 1 PID: 12969 Comm: rm Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1
[ 240.086857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011
[ 240.086868] 1ffff10040491def 00000000e2ea59c1 ffff88020248ef40 ffffffff81ee3140
[ 240.086885] ffff88020248ef58 ffffffff81ee31fd ffffffffa0ad79e0 ffff88020248f0c0
[ 240.086901] ffffffff81ee46e2 0000002d02488000 0000000000000001 0000000041b58ab3
[ 240.086915] Call Trace:
[ 240.086938] [<ffffffff81ee3140>] dump_stack+0x1e/0x20
[ 240.086953] [<ffffffff81ee31fd>] ubsan_epilogue+0x12/0x55
[ 240.086971] [<ffffffff81ee46e2>] handle_overflow+0x1ba/0x215
...
Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
---
fs/xfs/xfs_buf_item.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
index e455f90..3a27997 100644
--- a/fs/xfs/xfs_buf_item.c
+++ b/fs/xfs/xfs_buf_item.c
@@ -865,7 +865,7 @@ xfs_buf_item_log_segment(
*/
if (bit) {
end_bit = MIN(bit + bits_to_set, (uint)NBWORD);
- mask = ((1 << (end_bit - bit)) - 1) << bit;
+ mask = ((1U << (end_bit - bit)) - 1) << bit;
*wordp |= mask;
wordp++;
bits_set = end_bit - bit;
@@ -888,7 +888,7 @@ xfs_buf_item_log_segment(
*/
end_bit = bits_to_set - bits_set;
if (end_bit) {
- mask = (1 << end_bit) - 1;
+ mask = (1U << end_bit) - 1;
*wordp |= mask;
}
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] xfs: fix signed integer overflow
@ 2016-09-09 7:16 ` Xie XiuQi
0 siblings, 0 replies; 10+ messages in thread
From: Xie XiuQi @ 2016-09-09 7:16 UTC (permalink / raw)
To: Joe Perches, david; +Cc: linux-kernel, xfs
On 2016/9/9 14:42, Joe Perches wrote:
> On Fri, 2016-09-09 at 14:38 +0800, Xie XiuQi wrote:
>> Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
>
> trivia: misleading commit message
>
> 1U is for unsigned int not unsigned long int
>
Sorry, my fault. Thank you for your comments.
>From 9cb8e36406a54ce0eaade31dd28f6068f03de1d2 Mon Sep 17 00:00:00 2001
From: Xie XiuQi <xiexiuqi@huawei.com>
Date: Tue, 6 Sep 2016 11:15:34 +0800
Subject: [PATCH v2] xfs: fix signed integer overflow
Use 1U for unsigned int, or we'll meet a overflow issue with UBSAN.
[ 31.910858] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:889:25
[ 31.911252] signed integer overflow:
[ 31.911478] -2147483648 - 1 cannot be represented in type 'int'
[ 31.911846] CPU: 1 PID: 1011 Comm: tuned Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1
[ 31.911857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011
[ 31.911866] 1ffff1004069cd3b 0000000076bec3fd ffff8802034e69a0 ffffffff81ee3140
[ 31.911883] ffff8802034e69b8 ffffffff81ee31fd ffffffffa0ad79e0 ffff8802034e6b20
[ 31.911898] ffffffff81ee46e2 0000002d515470c0 0000000000000001 0000000041b58ab3
[ 31.911913] Call Trace:
[ 31.911932] [<ffffffff81ee3140>] dump_stack+0x1e/0x20
[ 31.911947] [<ffffffff81ee31fd>] ubsan_epilogue+0x12/0x55
[ 31.911964] [<ffffffff81ee46e2>] handle_overflow+0x1ba/0x215
[ 31.912083] [<ffffffff81ee4798>] __ubsan_handle_sub_overflow+0x2a/0x31
[ 31.912204] [<ffffffffa08676fb>] xfs_buf_item_log+0x34b/0x3f0 [xfs]
[ 31.912314] [<ffffffffa0880490>] xfs_trans_log_buf+0x120/0x260 [xfs]
[ 31.912402] [<ffffffffa079a890>] xfs_btree_log_recs+0x80/0xc0 [xfs]
[ 31.912490] [<ffffffffa07a29f8>] xfs_btree_delrec+0x11a8/0x2d50 [xfs]
[ 31.913589] [<ffffffffa07a86f9>] xfs_btree_delete+0xc9/0x260 [xfs]
[ 31.913762] [<ffffffffa075b5cf>] xfs_free_ag_extent+0x63f/0xe20 [xfs]
[ 31.914339] [<ffffffffa075ec0f>] xfs_free_extent+0x2af/0x3e0 [xfs]
[ 31.914641] [<ffffffffa0801b2b>] xfs_bmap_finish+0x32b/0x4b0 [xfs]
[ 31.914841] [<ffffffffa083c2e7>] xfs_itruncate_extents+0x3b7/0x740 [xfs]
[ 31.915216] [<ffffffffa08342fa>] xfs_setattr_size+0x60a/0x860 [xfs]
[ 31.915471] [<ffffffffa08345ea>] xfs_vn_setattr+0x9a/0xe0 [xfs]
[ 31.915590] [<ffffffff8149ad38>] notify_change+0x5c8/0x8a0
[ 31.915607] [<ffffffff81450f22>] do_truncate+0x122/0x1d0
[ 31.915640] [<ffffffff8147beee>] do_last+0x15de/0x2c80
[ 31.915707] [<ffffffff8147d777>] path_openat+0x1e7/0xcc0
[ 31.915802] [<ffffffff81480824>] do_filp_open+0xa4/0x160
[ 31.915848] [<ffffffff81453127>] do_sys_open+0x1b7/0x3f0
[ 31.915879] [<ffffffff81453392>] SyS_open+0x32/0x40
[ 31.915897] [<ffffffff81f08989>] system_call_fastpath+0x16/0x1b
[ 240.086809] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:866:34
[ 240.086820] signed integer overflow:
[ 240.086830] -2147483648 - 1 cannot be represented in type 'int'
[ 240.086846] CPU: 1 PID: 12969 Comm: rm Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1
[ 240.086857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011
[ 240.086868] 1ffff10040491def 00000000e2ea59c1 ffff88020248ef40 ffffffff81ee3140
[ 240.086885] ffff88020248ef58 ffffffff81ee31fd ffffffffa0ad79e0 ffff88020248f0c0
[ 240.086901] ffffffff81ee46e2 0000002d02488000 0000000000000001 0000000041b58ab3
[ 240.086915] Call Trace:
[ 240.086938] [<ffffffff81ee3140>] dump_stack+0x1e/0x20
[ 240.086953] [<ffffffff81ee31fd>] ubsan_epilogue+0x12/0x55
[ 240.086971] [<ffffffff81ee46e2>] handle_overflow+0x1ba/0x215
...
Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
---
fs/xfs/xfs_buf_item.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
index e455f90..3a27997 100644
--- a/fs/xfs/xfs_buf_item.c
+++ b/fs/xfs/xfs_buf_item.c
@@ -865,7 +865,7 @@ xfs_buf_item_log_segment(
*/
if (bit) {
end_bit = MIN(bit + bits_to_set, (uint)NBWORD);
- mask = ((1 << (end_bit - bit)) - 1) << bit;
+ mask = ((1U << (end_bit - bit)) - 1) << bit;
*wordp |= mask;
wordp++;
bits_set = end_bit - bit;
@@ -888,7 +888,7 @@ xfs_buf_item_log_segment(
*/
end_bit = bits_to_set - bits_set;
if (end_bit) {
- mask = (1 << end_bit) - 1;
+ mask = (1U << end_bit) - 1;
*wordp |= mask;
}
}
--
1.8.3.1
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] xfs: fix signed integer overflow
2016-09-09 7:16 ` Xie XiuQi
@ 2016-09-13 6:57 ` Dave Chinner
-1 siblings, 0 replies; 10+ messages in thread
From: Dave Chinner @ 2016-09-13 6:57 UTC (permalink / raw)
To: Xie XiuQi; +Cc: Joe Perches, xfs, linux-kernel
On Fri, Sep 09, 2016 at 03:16:48PM +0800, Xie XiuQi wrote:
> On 2016/9/9 14:42, Joe Perches wrote:
> > On Fri, 2016-09-09 at 14:38 +0800, Xie XiuQi wrote:
> >> Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
> >
> > trivia: misleading commit message
> >
> > 1U is for unsigned int not unsigned long int
> >
>
> Sorry, my fault. Thank you for your comments.
>
> From 9cb8e36406a54ce0eaade31dd28f6068f03de1d2 Mon Sep 17 00:00:00 2001
> From: Xie XiuQi <xiexiuqi@huawei.com>
> Date: Tue, 6 Sep 2016 11:15:34 +0800
> Subject: [PATCH v2] xfs: fix signed integer overflow
....
> ---
> fs/xfs/xfs_buf_item.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
> index e455f90..3a27997 100644
> --- a/fs/xfs/xfs_buf_item.c
> +++ b/fs/xfs/xfs_buf_item.c
> @@ -865,7 +865,7 @@ xfs_buf_item_log_segment(
> */
> if (bit) {
> end_bit = MIN(bit + bits_to_set, (uint)NBWORD);
> - mask = ((1 << (end_bit - bit)) - 1) << bit;
> + mask = ((1U << (end_bit - bit)) - 1) << bit;
> *wordp |= mask;
> wordp++;
> bits_set = end_bit - bit;
This patch is whitespace damaged and fails to apply. I've fixed it
up as this is a trivial change. However, please fix the problem
before you submit more patches.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] xfs: fix signed integer overflow
@ 2016-09-13 6:57 ` Dave Chinner
0 siblings, 0 replies; 10+ messages in thread
From: Dave Chinner @ 2016-09-13 6:57 UTC (permalink / raw)
To: Xie XiuQi; +Cc: Joe Perches, linux-kernel, xfs
On Fri, Sep 09, 2016 at 03:16:48PM +0800, Xie XiuQi wrote:
> On 2016/9/9 14:42, Joe Perches wrote:
> > On Fri, 2016-09-09 at 14:38 +0800, Xie XiuQi wrote:
> >> Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
> >
> > trivia: misleading commit message
> >
> > 1U is for unsigned int not unsigned long int
> >
>
> Sorry, my fault. Thank you for your comments.
>
> From 9cb8e36406a54ce0eaade31dd28f6068f03de1d2 Mon Sep 17 00:00:00 2001
> From: Xie XiuQi <xiexiuqi@huawei.com>
> Date: Tue, 6 Sep 2016 11:15:34 +0800
> Subject: [PATCH v2] xfs: fix signed integer overflow
....
> ---
> fs/xfs/xfs_buf_item.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
> index e455f90..3a27997 100644
> --- a/fs/xfs/xfs_buf_item.c
> +++ b/fs/xfs/xfs_buf_item.c
> @@ -865,7 +865,7 @@ xfs_buf_item_log_segment(
> */
> if (bit) {
> end_bit = MIN(bit + bits_to_set, (uint)NBWORD);
> - mask = ((1 << (end_bit - bit)) - 1) << bit;
> + mask = ((1U << (end_bit - bit)) - 1) << bit;
> *wordp |= mask;
> wordp++;
> bits_set = end_bit - bit;
This patch is whitespace damaged and fails to apply. I've fixed it
up as this is a trivial change. However, please fix the problem
before you submit more patches.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] xfs: fix signed integer overflow
2016-09-13 6:57 ` Dave Chinner
@ 2016-09-13 7:23 ` Xie XiuQi
-1 siblings, 0 replies; 10+ messages in thread
From: Xie XiuQi @ 2016-09-13 7:23 UTC (permalink / raw)
To: Dave Chinner; +Cc: Joe Perches, xfs, linux-kernel
On 2016/9/13 14:57, Dave Chinner wrote:
> On Fri, Sep 09, 2016 at 03:16:48PM +0800, Xie XiuQi wrote:
>> On 2016/9/9 14:42, Joe Perches wrote:
>>> On Fri, 2016-09-09 at 14:38 +0800, Xie XiuQi wrote:
>>>> Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
>>> trivia: misleading commit message
>>>
>>> 1U is for unsigned int not unsigned long int
>>>
>> Sorry, my fault. Thank you for your comments.
>>
>> From 9cb8e36406a54ce0eaade31dd28f6068f03de1d2 Mon Sep 17 00:00:00 2001
>> From: Xie XiuQi <xiexiuqi@huawei.com>
>> Date: Tue, 6 Sep 2016 11:15:34 +0800
>> Subject: [PATCH v2] xfs: fix signed integer overflow
> ....
>> ---
>> fs/xfs/xfs_buf_item.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
>> index e455f90..3a27997 100644
>> --- a/fs/xfs/xfs_buf_item.c
>> +++ b/fs/xfs/xfs_buf_item.c
>> @@ -865,7 +865,7 @@ xfs_buf_item_log_segment(
>> */
>> if (bit) {
>> end_bit = MIN(bit + bits_to_set, (uint)NBWORD);
>> - mask = ((1 << (end_bit - bit)) - 1) << bit;
>> + mask = ((1U << (end_bit - bit)) - 1) << bit;
>> *wordp |= mask;
>> wordp++;
>> bits_set = end_bit - bit;
> This patch is whitespace damaged and fails to apply. I've fixed it
> up as this is a trivial change. However, please fix the problem
> before you submit more patches.
I will, thank you very mush.
>
> Cheers,
>
> Dave.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] xfs: fix signed integer overflow
@ 2016-09-13 7:23 ` Xie XiuQi
0 siblings, 0 replies; 10+ messages in thread
From: Xie XiuQi @ 2016-09-13 7:23 UTC (permalink / raw)
To: Dave Chinner; +Cc: Joe Perches, linux-kernel, xfs
On 2016/9/13 14:57, Dave Chinner wrote:
> On Fri, Sep 09, 2016 at 03:16:48PM +0800, Xie XiuQi wrote:
>> On 2016/9/9 14:42, Joe Perches wrote:
>>> On Fri, 2016-09-09 at 14:38 +0800, Xie XiuQi wrote:
>>>> Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN.
>>> trivia: misleading commit message
>>>
>>> 1U is for unsigned int not unsigned long int
>>>
>> Sorry, my fault. Thank you for your comments.
>>
>> From 9cb8e36406a54ce0eaade31dd28f6068f03de1d2 Mon Sep 17 00:00:00 2001
>> From: Xie XiuQi <xiexiuqi@huawei.com>
>> Date: Tue, 6 Sep 2016 11:15:34 +0800
>> Subject: [PATCH v2] xfs: fix signed integer overflow
> ....
>> ---
>> fs/xfs/xfs_buf_item.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
>> index e455f90..3a27997 100644
>> --- a/fs/xfs/xfs_buf_item.c
>> +++ b/fs/xfs/xfs_buf_item.c
>> @@ -865,7 +865,7 @@ xfs_buf_item_log_segment(
>> */
>> if (bit) {
>> end_bit = MIN(bit + bits_to_set, (uint)NBWORD);
>> - mask = ((1 << (end_bit - bit)) - 1) << bit;
>> + mask = ((1U << (end_bit - bit)) - 1) << bit;
>> *wordp |= mask;
>> wordp++;
>> bits_set = end_bit - bit;
> This patch is whitespace damaged and fails to apply. I've fixed it
> up as this is a trivial change. However, please fix the problem
> before you submit more patches.
I will, thank you very mush.
>
> Cheers,
>
> Dave.
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2016-09-13 7:24 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-09 6:38 [PATCH] xfs: fix signed integer overflow Xie XiuQi
2016-09-09 6:38 ` Xie XiuQi
2016-09-09 6:42 ` Joe Perches
2016-09-09 6:42 ` Joe Perches
2016-09-09 7:16 ` Xie XiuQi
2016-09-09 7:16 ` Xie XiuQi
2016-09-13 6:57 ` Dave Chinner
2016-09-13 6:57 ` Dave Chinner
2016-09-13 7:23 ` Xie XiuQi
2016-09-13 7:23 ` Xie XiuQi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.