diff mbox series

[v2] block: avoid sign extend problem with default queue flags mask

Message ID 20221003133534.1075582-1-bfoster@redhat.com (mailing list archive)
State New, archived
Headers show
Series [v2] block: avoid sign extend problem with default queue flags mask | expand

Commit Message

Brian Foster Oct. 3, 2022, 1:35 p.m. UTC 
request_queue->queue_flags is unsigned long, which is 8-bytes on
64-bit architectures. Most queue flag modifications occur through
bit field helpers, but default flags can be logically OR'd via the
QUEUE_FLAG_MQ_DEFAULT mask. If this mask happens to include bit 31,
the assignment can sign extend the field and set all upper 32 bits.

This exact problem has been observed on a downstream kernel that
happens to use bit 31 for QUEUE_FLAG_NOWAIT. This is not an
immediate problem for current upstream because bit 31 is not
included in the default flag assignment (and is not used at all,
actually). Regardless, fix up the QUEUE_FLAG_MQ_DEFAULT mask
definition to avoid the landmine in the future.

Signed-off-by: Brian Foster <bfoster@redhat.com>
---

v2:
- Jens points out queue_flags is unsigned long (not ull).
v1: https://lore.kernel.org/linux-block/20220930150345.854021-1-bfoster@redhat.com/

 include/linux/blkdev.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Christoph Hellwig Oct. 10, 2022, 7:18 a.m. UTC | #1 
Looks good:

Reviewed-by: Christoph Hellwig <hch@lst.de>
Jens Axboe Oct. 10, 2022, 2:27 p.m. UTC | #2 
On Mon, 3 Oct 2022 09:35:34 -0400, Brian Foster wrote:
> request_queue->queue_flags is unsigned long, which is 8-bytes on
> 64-bit architectures. Most queue flag modifications occur through
> bit field helpers, but default flags can be logically OR'd via the
> QUEUE_FLAG_MQ_DEFAULT mask. If this mask happens to include bit 31,
> the assignment can sign extend the field and set all upper 32 bits.
> 
> This exact problem has been observed on a downstream kernel that
> happens to use bit 31 for QUEUE_FLAG_NOWAIT. This is not an
> immediate problem for current upstream because bit 31 is not
> included in the default flag assignment (and is not used at all,
> actually). Regardless, fix up the QUEUE_FLAG_MQ_DEFAULT mask
> definition to avoid the landmine in the future.
> 
> [...]

Applied, thanks!

[1/1] block: avoid sign extend problem with default queue flags mask
      commit: ca5eebda3e1c1a58a1c5a337da393ed6734593e3

Best regards,
diff mbox series

Patch

diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index 84b13fdd34a7..5cd419e84560 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -580,9 +580,9 @@  struct request_queue {
 #define QUEUE_FLAG_NOWAIT       29	/* device supports NOWAIT */
 #define QUEUE_FLAG_SQ_SCHED     30	/* single queue style io dispatch */
 
-#define QUEUE_FLAG_MQ_DEFAULT	((1 << QUEUE_FLAG_IO_STAT) |		\
-				 (1 << QUEUE_FLAG_SAME_COMP) |		\
-				 (1 << QUEUE_FLAG_NOWAIT))
+#define QUEUE_FLAG_MQ_DEFAULT	((1UL << QUEUE_FLAG_IO_STAT) |		\
+				 (1UL << QUEUE_FLAG_SAME_COMP) |	\
+				 (1UL << QUEUE_FLAG_NOWAIT))
 
 void blk_queue_flag_set(unsigned int flag, struct request_queue *q);
 void blk_queue_flag_clear(unsigned int flag, struct request_queue *q);