From: Andrew Morton <akpm@linux-foundation.org>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: icytxw@gmail.com, Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm/fadvise: Fix signed overflow UBSAN complaint
Date: Fri, 29 Jun 2018 18:37:54 -0700 [thread overview]
Message-ID: <20180629183754.b5accab9f7f6593a39d6f0be@linux-foundation.org> (raw)
In-Reply-To: <20180629184453.7614-1-aryabinin@virtuozzo.com>
On Fri, 29 Jun 2018 21:44:53 +0300 Andrey Ryabinin <aryabinin@virtuozzo.com> wrote:
> Signed integer overflow is undefined according to the C standard.
> The overflow in ksys_fadvise64_64() is deliberate, but since it is signed
> overflow, UBSAN complains:
> UBSAN: Undefined behaviour in mm/fadvise.c:76:10
> signed integer overflow:
> 4 + 9223372036854775805 cannot be represented in type 'long long int'
>
> Use unsigned types to do math. Unsigned overflow is defined so UBSAN
> will not complain about it. This patch doesn't change generated code.
>
> ...
>
> --- a/mm/fadvise.c
> +++ b/mm/fadvise.c
> @@ -73,7 +73,7 @@ int ksys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice)
> }
>
> /* Careful about overflows. Len == 0 means "as much as possible" */
> - endbyte = offset + len;
> + endbyte = (u64)offset + (u64)len;
> if (!len || endbyte < len)
> endbyte = -1;
> else
Readers of this code will wonder "what the heck are those casts for".
Therefore:
--- a/mm/fadvise.c~mm-fadvise-fix-signed-overflow-ubsan-complaint-fix
+++ a/mm/fadvise.c
@@ -72,7 +72,11 @@ int ksys_fadvise64_64(int fd, loff_t off
goto out;
}
- /* Careful about overflows. Len == 0 means "as much as possible" */
+ /*
+ * Careful about overflows. Len == 0 means "as much as possible". Use
+ * unsigned math because signed overflows are undefined and UBSan
+ * complains.
+ */
endbyte = (u64)offset + (u64)len;
if (!len || endbyte < len)
endbyte = -1;
_
prev parent reply other threads:[~2018-06-30 1:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-200209-27@https.bugzilla.kernel.org/>
2018-06-28 3:48 ` Andrew Morton
2018-06-29 18:44 ` Andrey Ryabinin
2018-06-29 18:44 ` [PATCH] mm/fadvise: Fix signed overflow UBSAN complaint Andrey Ryabinin
2018-06-30 1:37 ` Andrew Morton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180629183754.b5accab9f7f6593a39d6f0be@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=icytxw@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox