From patchwork Fri Sep 9 07:16:48 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xie XiuQi X-Patchwork-Id: 9322483 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CABA860752 for ; Fri, 9 Sep 2016 07:17:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B6F4F29C8A for ; Fri, 9 Sep 2016 07:17:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AB92A29C8D; Fri, 9 Sep 2016 07:17:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from oss.sgi.com (oss.sgi.com [192.48.182.195]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1D4DB29C8A for ; Fri, 9 Sep 2016 07:17:34 +0000 (UTC) Received: from oss.sgi.com (localhost [IPv6:::1]) by oss.sgi.com (Postfix) with ESMTP id E65AF7CA2; Fri, 9 Sep 2016 02:17:32 -0500 (CDT) X-Original-To: xfs@oss.sgi.com Delivered-To: xfs@oss.sgi.com Received: from relay.sgi.com (relay1.corp.sgi.com [137.38.102.111]) by oss.sgi.com (Postfix) with ESMTP id 581E47CA1 for ; Fri, 9 Sep 2016 02:17:31 -0500 (CDT) Received: from cuda.sgi.com (cuda2.sgi.com [192.48.176.25]) by relay1.corp.sgi.com (Postfix) with ESMTP id 12D458F8033 for ; Fri, 9 Sep 2016 00:17:30 -0700 (PDT) X-ASG-Debug-ID: 1473405446-0bf57b15a736b920001-NocioJ Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [119.145.14.66]) by cuda.sgi.com with ESMTP id LIc3PWbShhDpIMup (version=TLSv1 cipher=RC4-SHA bits=128 verify=NO) for ; Fri, 09 Sep 2016 00:17:27 -0700 (PDT) X-Barracuda-Envelope-From: xiexiuqi@huawei.com X-Barracuda-Effective-Source-IP: szxga03-in.huawei.com[119.145.14.66] X-Barracuda-Apparent-Source-IP: 119.145.14.66 Received: from 172.24.1.136 (EHLO szxeml433-hub.china.huawei.com) ([172.24.1.136]) by szxrg03-dlp.huawei.com (MOS 4.4.3-GA FastPath queued) with ESMTP id CHO29149; Fri, 09 Sep 2016 15:17:09 +0800 (CST) Received: from [127.0.0.1] (10.177.19.210) by szxeml433-hub.china.huawei.com (10.82.67.210) with Microsoft SMTP Server id 14.3.235.1; Fri, 9 Sep 2016 15:16:52 +0800 Subject: Re: [PATCH] xfs: fix signed integer overflow To: Joe Perches , X-ASG-Orig-Subj: Re: [PATCH] xfs: fix signed integer overflow References: <1473403112-31072-1-git-send-email-xiexiuqi@huawei.com> <1473403321.13672.35.camel@perches.com> From: Xie XiuQi Message-ID: <57D261E0.7080005@huawei.com> Date: Fri, 9 Sep 2016 15:16:48 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <1473403321.13672.35.camel@perches.com> X-Originating-IP: [10.177.19.210] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.57D261F7.0097, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-05-26 15:14:31, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: ac9346e2e0022d5293e1f24079422810 X-Barracuda-Connect: szxga03-in.huawei.com[119.145.14.66] X-Barracuda-Start-Time: 1473405447 X-Barracuda-Encrypted: RC4-SHA X-Barracuda-URL: https://192.48.176.25:443/cgi-mod/mark.cgi X-Barracuda-Scan-Msg-Size: 4700 X-Virus-Scanned: by bsmtpd at sgi.com X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=2.7 tests=BSF_SC0_MISMATCH_TO X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.32754 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 BSF_SC0_MISMATCH_TO Envelope rcpt doesn't match header Cc: linux-kernel@vger.kernel.org, xfs@oss.sgi.com X-BeenThere: xfs@oss.sgi.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: XFS Filesystem from SGI List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: xfs-bounces@oss.sgi.com Sender: xfs-bounces@oss.sgi.com X-Virus-Scanned: ClamAV using ClamSMTP On 2016/9/9 14:42, Joe Perches wrote: > On Fri, 2016-09-09 at 14:38 +0800, Xie XiuQi wrote: >> Use 1U for unsigned long, or we'll meet a overflow issue with UBSAN. > > trivia: misleading commit message > > 1U is for unsigned int not unsigned long int > Sorry, my fault. Thank you for your comments. From 9cb8e36406a54ce0eaade31dd28f6068f03de1d2 Mon Sep 17 00:00:00 2001 From: Xie XiuQi Date: Tue, 6 Sep 2016 11:15:34 +0800 Subject: [PATCH v2] xfs: fix signed integer overflow Use 1U for unsigned int, or we'll meet a overflow issue with UBSAN. [ 31.910858] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:889:25 [ 31.911252] signed integer overflow: [ 31.911478] -2147483648 - 1 cannot be represented in type 'int' [ 31.911846] CPU: 1 PID: 1011 Comm: tuned Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1 [ 31.911857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011 [ 31.911866] 1ffff1004069cd3b 0000000076bec3fd ffff8802034e69a0 ffffffff81ee3140 [ 31.911883] ffff8802034e69b8 ffffffff81ee31fd ffffffffa0ad79e0 ffff8802034e6b20 [ 31.911898] ffffffff81ee46e2 0000002d515470c0 0000000000000001 0000000041b58ab3 [ 31.911913] Call Trace: [ 31.911932] [] dump_stack+0x1e/0x20 [ 31.911947] [] ubsan_epilogue+0x12/0x55 [ 31.911964] [] handle_overflow+0x1ba/0x215 [ 31.912083] [] __ubsan_handle_sub_overflow+0x2a/0x31 [ 31.912204] [] xfs_buf_item_log+0x34b/0x3f0 [xfs] [ 31.912314] [] xfs_trans_log_buf+0x120/0x260 [xfs] [ 31.912402] [] xfs_btree_log_recs+0x80/0xc0 [xfs] [ 31.912490] [] xfs_btree_delrec+0x11a8/0x2d50 [xfs] [ 31.913589] [] xfs_btree_delete+0xc9/0x260 [xfs] [ 31.913762] [] xfs_free_ag_extent+0x63f/0xe20 [xfs] [ 31.914339] [] xfs_free_extent+0x2af/0x3e0 [xfs] [ 31.914641] [] xfs_bmap_finish+0x32b/0x4b0 [xfs] [ 31.914841] [] xfs_itruncate_extents+0x3b7/0x740 [xfs] [ 31.915216] [] xfs_setattr_size+0x60a/0x860 [xfs] [ 31.915471] [] xfs_vn_setattr+0x9a/0xe0 [xfs] [ 31.915590] [] notify_change+0x5c8/0x8a0 [ 31.915607] [] do_truncate+0x122/0x1d0 [ 31.915640] [] do_last+0x15de/0x2c80 [ 31.915707] [] path_openat+0x1e7/0xcc0 [ 31.915802] [] do_filp_open+0xa4/0x160 [ 31.915848] [] do_sys_open+0x1b7/0x3f0 [ 31.915879] [] SyS_open+0x32/0x40 [ 31.915897] [] system_call_fastpath+0x16/0x1b [ 240.086809] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:866:34 [ 240.086820] signed integer overflow: [ 240.086830] -2147483648 - 1 cannot be represented in type 'int' [ 240.086846] CPU: 1 PID: 12969 Comm: rm Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1 [ 240.086857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011 [ 240.086868] 1ffff10040491def 00000000e2ea59c1 ffff88020248ef40 ffffffff81ee3140 [ 240.086885] ffff88020248ef58 ffffffff81ee31fd ffffffffa0ad79e0 ffff88020248f0c0 [ 240.086901] ffffffff81ee46e2 0000002d02488000 0000000000000001 0000000041b58ab3 [ 240.086915] Call Trace: [ 240.086938] [] dump_stack+0x1e/0x20 [ 240.086953] [] ubsan_epilogue+0x12/0x55 [ 240.086971] [] handle_overflow+0x1ba/0x215 ... Signed-off-by: Xie XiuQi --- fs/xfs/xfs_buf_item.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 1.8.3.1 diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c index e455f90..3a27997 100644 --- a/fs/xfs/xfs_buf_item.c +++ b/fs/xfs/xfs_buf_item.c @@ -865,7 +865,7 @@ xfs_buf_item_log_segment( */ if (bit) { end_bit = MIN(bit + bits_to_set, (uint)NBWORD); - mask = ((1 << (end_bit - bit)) - 1) << bit; + mask = ((1U << (end_bit - bit)) - 1) << bit; *wordp |= mask; wordp++; bits_set = end_bit - bit; @@ -888,7 +888,7 @@ xfs_buf_item_log_segment( */ end_bit = bits_to_set - bits_set; if (end_bit) { - mask = (1 << end_bit) - 1; + mask = (1U << end_bit) - 1; *wordp |= mask; } }