From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.14 07/46] scsi: aacraid: address UBSAN warning regression
Date: Thu, 25 Oct 2018 10:10:14 -0400 [thread overview]
Message-ID: <20181025141053.213330-7-sashal@kernel.org> (raw)
In-Reply-To: <20181025141053.213330-1-sashal@kernel.org>
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit d18539754d97876503275efc7d00a1901bb0cfad ]
As reported by Meelis Roos, my previous patch causes an incorrect
calculation of the timeout, through an undefined signed integer
overflow:
[ 12.228155] UBSAN: Undefined behaviour in drivers/scsi/aacraid/commsup.c:2514:49
[ 12.228229] signed integer overflow:
[ 12.228283] 964297611 * 250 cannot be represented in type 'long int'
The problem is that doing a multiplication with HZ first and then
dividing by USEC_PER_SEC worked correctly for 32-bit microseconds,
but not for 32-bit nanoseconds, which would require up to 41 bits.
This reworks the calculation to first convert the nanoseconds into
jiffies, which should give us the same result as before and not overflow.
Unfortunately I did not understand the exact intention of the algorithm,
in particular the part where we add half a second, so it's possible that
there is still a preexisting problem in this function. I added a comment
that this would be handled more nicely using usleep_range(), which
generally works better for waking up at a particular time than the
current schedule_timeout() based implementation. I did not feel
comfortable trying to implement that without being sure what the
intent is here though.
Fixes: 820f18865912 ("scsi: aacraid: use timespec64 instead of timeval")
Tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/aacraid/commsup.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c
index 998788a967be..3e38bae6ecde 100644
--- a/drivers/scsi/aacraid/commsup.c
+++ b/drivers/scsi/aacraid/commsup.c
@@ -2506,8 +2506,8 @@ int aac_command_thread(void *data)
/* Synchronize our watches */
if (((NSEC_PER_SEC - (NSEC_PER_SEC / HZ)) > now.tv_nsec)
&& (now.tv_nsec > (NSEC_PER_SEC / HZ)))
- difference = (((NSEC_PER_SEC - now.tv_nsec) * HZ)
- + NSEC_PER_SEC / 2) / NSEC_PER_SEC;
+ difference = HZ + HZ / 2 -
+ now.tv_nsec / (NSEC_PER_SEC / HZ);
else {
if (now.tv_nsec > NSEC_PER_SEC / 2)
++now.tv_sec;
@@ -2531,6 +2531,10 @@ int aac_command_thread(void *data)
if (kthread_should_stop())
break;
+ /*
+ * we probably want usleep_range() here instead of the
+ * jiffies computation
+ */
schedule_timeout(difference);
if (kthread_should_stop())
--
2.17.1
next prev parent reply other threads:[~2018-10-25 14:11 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-25 14:10 [PATCH AUTOSEL 4.14 01/46] iwlwifi: mvm: check for short GI only for OFDM Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 02/46] iwlwifi: dbg: allow wrt collection before ALIVE Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 03/46] iwlwifi: fix the ALIVE notification layout Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 04/46] x86/power: Fix some ordering bugs in __restore_processor_context() Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 05/46] tools/testing/nvdimm: unit test clear-error commands Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 06/46] usbip: vhci_hcd: update 'status' file header and format Sasha Levin
2018-10-25 14:10 ` Sasha Levin [this message]
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 08/46] IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 09/46] IB/rxe: put the pool on allocation failure Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 10/46] s390/qeth: fix error handling in adapter command callbacks Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 11/46] net/mlx5: Fix mlx5_get_vector_affinity function Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 12/46] powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 13/46] dm integrity: fail early if required HMAC key is not available Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 14/46] net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 15/46] net: phy: Add general dummy stubs for MMD register access Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 16/46] net/mlx5e: Refine ets validation function Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 17/46] scsi: qla2xxx: Avoid double completion of abort command Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 18/46] kbuild: set no-integrated-as before incl. arch Makefile Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 19/46] IB/mlx5: Avoid passing an invalid QP type to firmware Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 20/46] ARM: tegra: Fix ULPI regression on Tegra20 Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 21/46] l2tp: remove configurable payload offset Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 22/46] cifs: Use ULL suffix for 64-bit constant Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 23/46] test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 24/46] KVM: x86: Update the exit_qualification access bits while walking an address Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 25/46] sparc64: Fix regression in pmdp_invalidate() Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 26/46] tpm: move the delay_msec increment after sleep in tpm_transmit() Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 27/46] bpf: sockmap, map_release does not hold refcnt for pinned maps Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 28/46] tpm: tpm_crb: relinquish locality on error path Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 29/46] xen-netfront: Update features after registering netdev Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 30/46] xen-netfront: Fix mismatched rtnl_unlock Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 31/46] IB/usnic: Update with bug fixes from core code Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 32/46] mmc: dw_mmc-rockchip: correct property names in debug Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 33/46] MIPS: Workaround GCC __builtin_unreachable reordering bug Sasha Levin
2018-10-25 19:52 ` Paul Burton
2018-10-26 7:36 ` Arnd Bergmann
2018-10-29 13:36 ` Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 34/46] lan78xx: Don't reset the interface on open Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 35/46] enic: do not overwrite error code Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 36/46] iio: buffer: fix the function signature to match implementation Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 37/46] selftests/powerpc: Add ptrace hw breakpoint test Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 38/46] scsi: ibmvfc: Avoid unnecessary port relogin Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 39/46] scsi: sd: Remember that READ CAPACITY(16) succeeded Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 40/46] btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 41/46] net: phy: phylink: Don't release NULL GPIO Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 42/46] x86/paravirt: Fix some warning messages Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 43/46] net: stmmac: mark PM functions as __maybe_unused Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 44/46] kconfig: fix the rule of mainmenu_stmt symbol Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 45/46] libertas: call into generic suspend code before turning off power Sasha Levin
2018-10-25 14:10 ` [PATCH AUTOSEL 4.14 46/46] perf tests: Fix indexing when invoking subtests Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181025141053.213330-7-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=arnd@arndb.de \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).