[v3,0/2] fs: clear a UBSAN shift-out-of-bounds warning

Message ID	20221125091358.1963-1-thunder.leizhen@huawei.com (mailing list archive)
Headers	show Return-Path: <linux-fsdevel-owner@kernel.org> From: Zhen Lei <thunder.leizhen@huawei.com> To: Alexander Viro <viro@zeniv.linux.org.uk>, Eric Biggers <ebiggers@kernel.org>, <linux-fsdevel@vger.kernel.org>, Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>, David Sterba <dsterba@suse.com>, <linux-btrfs@vger.kernel.org>, <linux-kernel@vger.kernel.org> CC: Zhen Lei <thunder.leizhen@huawei.com> Subject: [PATCH v3 0/2] fs: clear a UBSAN shift-out-of-bounds warning Date: Fri, 25 Nov 2022 17:13:56 +0800 Message-ID: <20221125091358.1963-1-thunder.leizhen@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	fs: clear a UBSAN shift-out-of-bounds warning \| expand [v3,0/2] fs: clear a UBSAN shift-out-of-bounds warning [v3,1/2] btrfs: replace INT_LIMIT(loff_t) with OFFSET_MAX [v3,2/2] fs: clear a UBSAN shift-out-of-bounds warning

Message ID

20221125091358.1963-1-thunder.leizhen@huawei.com (mailing list archive)

Headers

From: Zhen Lei <thunder.leizhen@huawei.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
        Eric Biggers <ebiggers@kernel.org>,
        <linux-fsdevel@vger.kernel.org>, Chris Mason <clm@fb.com>,
        Josef Bacik <josef@toxicpanda.com>,
        David Sterba <dsterba@suse.com>, <linux-btrfs@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>
CC: Zhen Lei <thunder.leizhen@huawei.com>
Subject: [PATCH v3 0/2] fs: clear a UBSAN shift-out-of-bounds warning
Date: Fri, 25 Nov 2022 17:13:56 +0800
Message-ID: <20221125091358.1963-1-thunder.leizhen@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk

Series

fs: clear a UBSAN shift-out-of-bounds warning | expand

Message

Zhen Lei Nov. 25, 2022, 9:13 a.m. UTC

v2 --> v3:
Updated the commit message of patch 2/2 based on Alexander Viro's suggestion.

v1 -- > v2:
1. Replace INT_LIMIT(loff_t) with OFFSET_MAX in btrfs.
2. Replace INT_LIMIT() with type_max().

Zhen Lei (2):
  btrfs: replace INT_LIMIT(loff_t) with OFFSET_MAX
  fs: clear a UBSAN shift-out-of-bounds warning

 fs/btrfs/ordered-data.c | 6 +++---
 include/linux/fs.h      | 5 ++---
 2 files changed, 5 insertions(+), 6 deletions(-)

Comments

Al Viro Nov. 25, 2022, 9 p.m. UTC | #1

On Fri, Nov 25, 2022 at 05:13:56PM +0800, Zhen Lei wrote:
> v2 --> v3:
> Updated the commit message of patch 2/2 based on Alexander Viro's suggestion.

Not exactly what I meant...  I've tentatively applied it, with the
following commit message:

--------------------------------
get rid of INT_LIMIT, use type_max() instead

INT_LIMIT() tries to do what type_max() does, except that type_max()
doesn't rely upon undefined behaviour[*], might as well use type_max()
instead.

[*] if T is an N-bit signed integer type, the maximal value in T is
pow(2, N - 1) - 1, all right, but naive expression for that value
ends up with a couple of wraparounds and as usual for wraparounds
in signed types, that's an undefined behaviour.  type_max() takes
care to avoid those...

Caught-by: UBSAN
Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
--------------------------------

Does anybody have objections against the commit message above?

Zhen Lei Nov. 26, 2022, 1:59 a.m. UTC | #2

On 2022/11/26 5:00, Al Viro wrote:
> On Fri, Nov 25, 2022 at 05:13:56PM +0800, Zhen Lei wrote:
>> v2 --> v3:
>> Updated the commit message of patch 2/2 based on Alexander Viro's suggestion.
> 
> Not exactly what I meant...  I've tentatively applied it, with the

Haha, I felt like something was missing yesterday, too. But as far as my English
level is concerned, I usually copy the words suggested by others directly.

> following commit message:

Thanks.

> 
> --------------------------------
> get rid of INT_LIMIT, use type_max() instead
> 
> INT_LIMIT() tries to do what type_max() does, except that type_max()
> doesn't rely upon undefined behaviour[*], might as well use type_max()
> instead.
> 
> [*] if T is an N-bit signed integer type, the maximal value in T is
> pow(2, N - 1) - 1, all right, but naive expression for that value
> ends up with a couple of wraparounds and as usual for wraparounds
> in signed types, that's an undefined behaviour.  type_max() takes
> care to avoid those...
> 
> Caught-by: UBSAN
> Suggested-by: Eric Biggers <ebiggers@kernel.org>
> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
> Reviewed-by: Eric Biggers <ebiggers@google.com>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> --------------------------------
> 
> Does anybody have objections against the commit message above?

Looks good to me.

> 
> .
>