| Message ID | 20221110031024.204-1-thunder.leizhen@huawei.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp700757wru;
Wed, 9 Nov 2022 19:20:56 -0800 (PST)
X-Google-Smtp-Source:
AMsMyM6lq/YuKAyytSqKSnpnYT9aR/RhPIL5IPk87EXip2SwbwV3a+xRlOqrl4vcXfy1I+B1mD+t
X-Received: by 2002:a05:6402:3641:b0:45c:4231:ddcc with SMTP id
em1-20020a056402364100b0045c4231ddccmr62922367edb.224.1668050456596;
Wed, 09 Nov 2022 19:20:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668050456; cv=none;
d=google.com; s=arc-20160816;
b=rAHkT3EZ7RHLHjwVUypO6QquUTP67yOz6ea/+QGCFjAif+2RsemN5YYgQsJK/hL7se
13urnxmncJZRncV609X+oYcDMR2TiEYglAkLdwoxUu25HG6CFslT4A+m5OMd72OJZMLw
Dt1EPT72Eov7jG9klpikheGF2GHO1lhaAiSNi3Pg0/sekb1klPBdp9T776VdHqQwSjPB
f0o5fEcX/pwaJHckIUrbwZuYukR4WpflZP9q9z1CdmYPDlqRMSMaWhOhSGLgJ8sugE23
sh9o4SXxq5wZ6mkJLGtItGiJPfa23r/Sbw5xk6w0294nYCgG9qzvpO0qP4Q27ZFX8rvl
/Yqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=Nqfsd2jNg1p9iHMBLC1+3oRzE/9/EeLdQaeYabO3Hp0=;
b=P3bG98AeKGa9yHSiE93Pra2jGzaOKr9sShG81VDVWMLsZWo/c4mD3BLYHmtcHJu8mH
slB+3qXWzt5Ae+yEvTkWsJJSkXMisUINVru452rNeN/mQQDkxK38obgp9ETcpkGpxF36
xdDpC6scoTSVGv6Zd/JZ2lg9qUw2wt98UwrjE+WFSxhTLan3QgItOIYMCfGPFPWIFTsD
A/+Q9N3g0frUzBbtLRhFk7ZJWm60XqfpRyv5alA+12g9oWCYbBN1mGAhFArnigIhzVpR
cE5Y9FfXMkKrieN9YaUwlebtK41SlGxLmNTiP9GctagGKOTq2APGUniLtRxXvCIXo4Co
aHDA==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
a16-20020a1709066d5000b0078d288ddfc9si13636255ejt.143.2022.11.09.19.20.32;
Wed, 09 Nov 2022 19:20:56 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232284AbiKJDLi (ORCPT <rfc822;dexuan.linux@gmail.com>
+ 99 others); Wed, 9 Nov 2022 22:11:38 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60680 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232167AbiKJDLf (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 9 Nov 2022 22:11:35 -0500
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E024F1D64D;
Wed, 9 Nov 2022 19:11:33 -0800 (PST)
Received: from dggpemm500024.china.huawei.com (unknown [172.30.72.53])
by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4N76L25jtpzHvZ2;
Thu, 10 Nov 2022 11:11:06 +0800 (CST)
Received: from dggpemm500006.china.huawei.com (7.185.36.236) by
dggpemm500024.china.huawei.com (7.185.36.203) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.31; Thu, 10 Nov 2022 11:11:32 +0800
Received: from thunder-town.china.huawei.com (10.174.178.55) by
dggpemm500006.china.huawei.com (7.185.36.236) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.31; Thu, 10 Nov 2022 11:11:31 +0800
From: Zhen Lei <thunder.leizhen@huawei.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
<linux-fsdevel@vger.kernel.org>, <linux-kernel@vger.kernel.org>
CC: Zhen Lei <thunder.leizhen@huawei.com>
Subject: [PATCH] fs: Clear a UBSAN shift-out-of-bounds warning
Date: Thu, 10 Nov 2022 11:10:24 +0800
Message-ID: <20221110031024.204-1-thunder.leizhen@huawei.com>
X-Mailer: git-send-email 2.37.3.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
X-Originating-IP: [10.174.178.55]
X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To
dggpemm500006.china.huawei.com (7.185.36.236)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749077675628713289?=
X-GMAIL-MSGID: =?utf-8?q?1749077675628713289?=
|
| Series |
fs: Clear a UBSAN shift-out-of-bounds warning
|
|
Commit Message
Zhen Lei
Nov. 10, 2022, 3:10 a.m. UTC
UBSAN: shift-out-of-bounds in fs/locks.c:2572:16
left shift of 1 by 63 places cannot be represented in type 'long long int'
Switch the calculation method to ((quarter - 1) * 2 + 1) can help us
eliminate this false positive.
On the other hand, the old implementation has problems with char and
short types, although not currently involved.
printf("%d: %x\n", sizeof(char), INT_LIMIT(char));
printf("%d: %x\n", sizeof(short), INT_LIMIT(short));
1: ffffff7f
2: ffff7fff
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
---
include/linux/fs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Thu, Nov 10, 2022 at 11:10:24AM +0800, Zhen Lei wrote: > UBSAN: shift-out-of-bounds in fs/locks.c:2572:16 > left shift of 1 by 63 places cannot be represented in type 'long long int' > > Switch the calculation method to ((quarter - 1) * 2 + 1) can help us > eliminate this false positive. > > On the other hand, the old implementation has problems with char and > short types, although not currently involved. > printf("%d: %x\n", sizeof(char), INT_LIMIT(char)); > printf("%d: %x\n", sizeof(short), INT_LIMIT(short)); > 1: ffffff7f > 2: ffff7fff > > Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> > --- > include/linux/fs.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/fs.h b/include/linux/fs.h > index e654435f16512c1..88d42e2daed9f6c 100644 > --- a/include/linux/fs.h > +++ b/include/linux/fs.h > @@ -1131,7 +1131,7 @@ struct file_lock_context { > > /* The following constant reflects the upper bound of the file/locking space */ > #ifndef OFFSET_MAX > -#define INT_LIMIT(x) (~((x)1 << (sizeof(x)*8 - 1))) > +#define INT_LIMIT(x) ((((x)1 << (sizeof(x) * 8 - 2)) - 1) * 2 + 1) > #define OFFSET_MAX INT_LIMIT(loff_t) > #define OFFT_OFFSET_MAX INT_LIMIT(off_t) > #endif This problem has already been solved by type_max() in include/linux/overflow.h. How about removing INT_LIMIT() and using type_max() instead? - Eric
On 2022/11/20 3:39, Eric Biggers wrote: > On Thu, Nov 10, 2022 at 11:10:24AM +0800, Zhen Lei wrote: >> UBSAN: shift-out-of-bounds in fs/locks.c:2572:16 >> left shift of 1 by 63 places cannot be represented in type 'long long int' >> >> Switch the calculation method to ((quarter - 1) * 2 + 1) can help us >> eliminate this false positive. >> >> On the other hand, the old implementation has problems with char and >> short types, although not currently involved. >> printf("%d: %x\n", sizeof(char), INT_LIMIT(char)); >> printf("%d: %x\n", sizeof(short), INT_LIMIT(short)); >> 1: ffffff7f >> 2: ffff7fff >> >> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> >> --- >> include/linux/fs.h | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/include/linux/fs.h b/include/linux/fs.h >> index e654435f16512c1..88d42e2daed9f6c 100644 >> --- a/include/linux/fs.h >> +++ b/include/linux/fs.h >> @@ -1131,7 +1131,7 @@ struct file_lock_context { >> >> /* The following constant reflects the upper bound of the file/locking space */ >> #ifndef OFFSET_MAX >> -#define INT_LIMIT(x) (~((x)1 << (sizeof(x)*8 - 1))) >> +#define INT_LIMIT(x) ((((x)1 << (sizeof(x) * 8 - 2)) - 1) * 2 + 1) >> #define OFFSET_MAX INT_LIMIT(loff_t) >> #define OFFT_OFFSET_MAX INT_LIMIT(off_t) >> #endif > > This problem has already been solved by type_max() in include/linux/overflow.h. > How about removing INT_LIMIT() and using type_max() instead? It's better to use type_max(). INT_LIMIT() is currently valid only for signed type. Besides, my method is actually the same as type_max(). Using type_max() does not result in code duplication. > > - Eric > . >
diff --git a/include/linux/fs.h b/include/linux/fs.h index e654435f16512c1..88d42e2daed9f6c 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1131,7 +1131,7 @@ struct file_lock_context { /* The following constant reflects the upper bound of the file/locking space */ #ifndef OFFSET_MAX -#define INT_LIMIT(x) (~((x)1 << (sizeof(x)*8 - 1))) +#define INT_LIMIT(x) ((((x)1 << (sizeof(x) * 8 - 2)) - 1) * 2 + 1) #define OFFSET_MAX INT_LIMIT(loff_t) #define OFFT_OFFSET_MAX INT_LIMIT(off_t) #endif