From 79c350e45ebc5a718cc2d7114b45ad560069423d Mon Sep 17 00:00:00 2001 From: Xie XiuQi Date: Wed, 14 Sep 2016 07:41:16 +1000 Subject: [PATCH] xfs: fix signed integer overflow Use 1U for unsigned int to avoid a overflow warning from UBSAN. [ 31.910858] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:889:25 [ 31.911252] signed integer overflow: [ 31.911478] -2147483648 - 1 cannot be represented in type 'int' [ 31.911846] CPU: 1 PID: 1011 Comm: tuned Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1 [ 31.911857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011 [ 31.911866] 1ffff1004069cd3b 0000000076bec3fd ffff8802034e69a0 ffffffff81ee3140 [ 31.911883] ffff8802034e69b8 ffffffff81ee31fd ffffffffa0ad79e0 ffff8802034e6b20 [ 31.911898] ffffffff81ee46e2 0000002d515470c0 0000000000000001 0000000041b58ab3 [ 31.911913] Call Trace: [ 31.911932] [] dump_stack+0x1e/0x20 [ 31.911947] [] ubsan_epilogue+0x12/0x55 [ 31.911964] [] handle_overflow+0x1ba/0x215 [ 31.912083] [] __ubsan_handle_sub_overflow+0x2a/0x31 [ 31.912204] [] xfs_buf_item_log+0x34b/0x3f0 [xfs] [ 31.912314] [] xfs_trans_log_buf+0x120/0x260 [xfs] [ 31.912402] [] xfs_btree_log_recs+0x80/0xc0 [xfs] [ 31.912490] [] xfs_btree_delrec+0x11a8/0x2d50 [xfs] [ 31.913589] [] xfs_btree_delete+0xc9/0x260 [xfs] [ 31.913762] [] xfs_free_ag_extent+0x63f/0xe20 [xfs] [ 31.914339] [] xfs_free_extent+0x2af/0x3e0 [xfs] [ 31.914641] [] xfs_bmap_finish+0x32b/0x4b0 [xfs] [ 31.914841] [] xfs_itruncate_extents+0x3b7/0x740 [xfs] [ 31.915216] [] xfs_setattr_size+0x60a/0x860 [xfs] [ 31.915471] [] xfs_vn_setattr+0x9a/0xe0 [xfs] [ 31.915590] [] notify_change+0x5c8/0x8a0 [ 31.915607] [] do_truncate+0x122/0x1d0 [ 31.915640] [] do_last+0x15de/0x2c80 [ 31.915707] [] path_openat+0x1e7/0xcc0 [ 31.915802] [] do_filp_open+0xa4/0x160 [ 31.915848] [] do_sys_open+0x1b7/0x3f0 [ 31.915879] [] SyS_open+0x32/0x40 [ 31.915897] [] system_call_fastpath+0x16/0x1b [ 240.086809] UBSAN: Undefined behaviour in fs/xfs/xfs_buf_item.c:866:34 [ 240.086820] signed integer overflow: [ 240.086830] -2147483648 - 1 cannot be represented in type 'int' [ 240.086846] CPU: 1 PID: 12969 Comm: rm Tainted: G B ---- ------- 3.10.0-327.28.3.el7.x86_64 #1 [ 240.086857] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011 [ 240.086868] 1ffff10040491def 00000000e2ea59c1 ffff88020248ef40 ffffffff81ee3140 [ 240.086885] ffff88020248ef58 ffffffff81ee31fd ffffffffa0ad79e0 ffff88020248f0c0 [ 240.086901] ffffffff81ee46e2 0000002d02488000 0000000000000001 0000000041b58ab3 [ 240.086915] Call Trace: [ 240.086938] [] dump_stack+0x1e/0x20 [ 240.086953] [] ubsan_epilogue+0x12/0x55 [ 240.086971] [] handle_overflow+0x1ba/0x215 ... Signed-off-by: Xie XiuQi Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner --- fs/xfs/xfs_buf_item.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c index e455f9098d49..3a279979c39d 100644 --- a/fs/xfs/xfs_buf_item.c +++ b/fs/xfs/xfs_buf_item.c @@ -865,7 +865,7 @@ xfs_buf_item_log_segment( */ if (bit) { end_bit = MIN(bit + bits_to_set, (uint)NBWORD); - mask = ((1 << (end_bit - bit)) - 1) << bit; + mask = ((1U << (end_bit - bit)) - 1) << bit; *wordp |= mask; wordp++; bits_set = end_bit - bit; @@ -888,7 +888,7 @@ xfs_buf_item_log_segment( */ end_bit = bits_to_set - bits_set; if (end_bit) { - mask = (1 << end_bit) - 1; + mask = (1U << end_bit) - 1; *wordp |= mask; } } -- 2.30.2