From patchwork Mon Nov 27 21:32:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 10078161 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BF8A3602BD for ; Mon, 27 Nov 2017 21:33:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B27A529081 for ; Mon, 27 Nov 2017 21:33:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A712729084; Mon, 27 Nov 2017 21:33:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3233629081 for ; Mon, 27 Nov 2017 21:33:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752422AbdK0Vcr (ORCPT ); Mon, 27 Nov 2017 16:32:47 -0500 Received: from mail-ot0-f195.google.com ([74.125.82.195]:43593 "EHLO mail-ot0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751710AbdK0Vcq (ORCPT ); Mon, 27 Nov 2017 16:32:46 -0500 Received: by mail-ot0-f195.google.com with SMTP id 105so25561059oth.10; Mon, 27 Nov 2017 13:32:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=nBO3M6r95ysO1nzgYwteoUHXbnZ+mymvFHeo6+wqmBk=; b=mOi+75FxoARJT+AVQblsVaWsmVsklDkSkdJt3ZkTcNcb+a9iMNtxnXuSYElV9ZXtcp B7RINYNd3pI84IZ1av3Gm3f6R5ngxTHAuPiwGjDJj+Qeen7aubLDtibK+fR7NqiNOFIa T2YVjXUmGRXspwVVSpKt7IUvSZBu+DeILYIaA3ZrcGCrSfF2/N0oEakTQMpYrdi0MsCL pSl446nBv+FT6Xt193UctqeovmaH7fomf3MPfz7dvcXGNT4YsFhPqWh4sq/Hbj7UPgKy jQ404zbR8PpGbgwCt96KEendkfcXvyU1/dC/0P2R70GErjh8o+qu0B9yqS9t9iyIj4Lh csEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=nBO3M6r95ysO1nzgYwteoUHXbnZ+mymvFHeo6+wqmBk=; b=ecI3Mrxu6rr2V1U5g7z1LBamevNEi6Ylfu4UH38K91x8PAxWxlIrLcemIZ6RuXN+VX RBK3VTUx0sxGtJ2loFiZYhFkEPk6PHHf0MEWHKlwSbpXVRDpPtlmgMRm4UkW94nAO/zD 0Y9a1c/nJpD+17/FbFR5ffQ9xjOlVZhoT9cceQAi9dZBv0AMkImXOvC2ZHEvUrfrWj86 jP9QLxlXUeW8VAuHcRt3rWgBzC9YrLLF4zrY2drOaZjlhitc25dKuuApbtsp/tvS6Mb1 0QzjucYQaNPKmdcqs4p3+YHQexPjXLNIaRCQKUfuykgsiGTXaL/mL0MCiqHWe/FzTL3R 3m6g== X-Gm-Message-State: AJaThX7rDdJuF+KHsYEno5uV2IrpF0f8/ADFqi2Y8r3Vq9013/oY27T1 tjywMYbMG2wmMrhZixiNxmwZ9VZ3JJfvbBJ2E/xBijZq X-Google-Smtp-Source: AGs4zMY4fnKXg107/loqripFKVYzMcuOrKpiOYOwqq6pYcDPmWQAp6bt4RqMjgSFYCoghQkyVRFsLYmnnRfydQM6Cy0= X-Received: by 10.157.34.20 with SMTP id o20mr27224775ota.104.1511818365711; Mon, 27 Nov 2017 13:32:45 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.43.3 with HTTP; Mon, 27 Nov 2017 13:32:45 -0800 (PST) In-Reply-To: References: From: Arnd Bergmann Date: Mon, 27 Nov 2017 22:32:45 +0100 X-Google-Sender-Auth: DYUUatoDgRQWK4uh-ZiQGTnOcMQ Message-ID: Subject: Re: News UBSAN warnings in aacraid To: Meelis Roos Cc: Dave Carroll , "Martin K. Petersen" , linux-scsi , Linux Kernel list Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Mon, Nov 27, 2017 at 8:17 PM, Meelis Roos wrote: > Tried 4.15-rc1 on an old 32-bit HP Netserver with aacraid card. Compared > to 4.14, there are new UBSAN warnings with timer related backtraces, so > the timespec64 change seems suspicious: > [ 12.228155] UBSAN: Undefined behaviour in drivers/scsi/aacraid/commsup.c:2514:49 > [ 12.228229] signed integer overflow: > [ 12.228283] 964297611 * 250 cannot be represented in type 'long int' Thanks for reporting it! For reference, this is my change that got applied to aac_command_thread: @@ -2496,7 +2496,7 @@ int aac_command_thread(void *data) } if (!time_before(next_check_jiffies,next_jiffies) && ((difference = next_jiffies - jiffies) <= 0)) { - struct timeval now; + struct timespec64 now; int ret; /* Don't even try to talk to adapter if its sick */ @@ -2506,15 +2506,15 @@ int aac_command_thread(void *data) next_check_jiffies = jiffies + ((long)(unsigned)check_interval) * HZ; - do_gettimeofday(&now); + ktime_get_real_ts64(&now); /* Synchronize our watches */ - if (((1000000 - (1000000 / HZ)) > now.tv_usec) - && (now.tv_usec > (1000000 / HZ))) - difference = (((1000000 - now.tv_usec) * HZ) - + 500000) / 1000000; + if (((NSEC_PER_SEC - (NSEC_PER_SEC / HZ)) > now.tv_nsec) + && (now.tv_nsec > (NSEC_PER_SEC / HZ))) + difference = (((NSEC_PER_SEC - now.tv_nsec) * HZ) + + NSEC_PER_SEC / 2) / NSEC_PER_SEC; else { - if (now.tv_usec > 500000) + if (now.tv_nsec > NSEC_PER_SEC / 2) ++now.tv_sec; if (dev->sa_firmware) The problem is that a microsecond number (0 to 999999) multiplied by HZ (100 to 1024) always fits in a 32-bit integer, but the nanosecond number doesn't. We could make that a 64-bit division, but that would be fairly expensive. I'm trying to understand the bigger picture now, rather than simply attempting to do a simple conversion, but I don't see what we are actually trying to compute in 'difference' here. I think this chunk would solve the problem and result in the same behavior as before: ++now.tv_sec; but I don't see why we add in half a second here. Any ideas? Arnd --- a/drivers/scsi/aacraid/commsup.c +++ b/drivers/scsi/aacraid/commsup.c @@ -2511,8 +2511,8 @@ int aac_command_thread(void *data) /* Synchronize our watches */ if (((NSEC_PER_SEC - (NSEC_PER_SEC / HZ)) > now.tv_nsec) && (now.tv_nsec > (NSEC_PER_SEC / HZ))) - difference = (((NSEC_PER_SEC - now.tv_nsec) * HZ) - + NSEC_PER_SEC / 2) / NSEC_PER_SEC; + difference = HZ + HZ / 2 - + now.tv_nsec / (NSEC_PER_SEC / HZ); else { if (now.tv_nsec > NSEC_PER_SEC / 2)