From: Colin Ian King <[email protected]>
Shifting the integer value 1U is evaluated with type unsigned int
using 32-bit arithmetic and then used in an expression that expects
a 64-bit value, so there is potentially an integer overflow. Fix this
by using the BIT_ULL macro to perform the shift and avoid the overflow.
Addresses-Coverity: ("Unintentional integer overflow")
Fixes: 46134db8fdc5 ("io-wq: small threadpool implementation for io_uring")
Signed-off-by: Colin Ian King <[email protected]>
---
fs/io-wq.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/io-wq.c b/fs/io-wq.c
index 35e94792d47c..ea5d37193f31 100644
--- a/fs/io-wq.c
+++ b/fs/io-wq.c
@@ -228,8 +228,8 @@ static struct io_wq_work *io_get_next_work(struct io_wqe *wqe, unsigned *hash)
/* hashed, can run if not already running */
*hash = work->flags >> IO_WQ_HASH_SHIFT;
- if (!(wqe->hash_map & (1U << *hash))) {
- wqe->hash_map |= (1U << *hash);
+ if (!(wqe->hash_map & BIT_ULL(*hash))) {
+ wqe->hash_map |= BIT_ULL(*hash);
list_del(&work->list);
return work;
}
--
2.20.1
On 10/25/19 6:43 AM, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> Shifting the integer value 1U is evaluated with type unsigned int
> using 32-bit arithmetic and then used in an expression that expects
> a 64-bit value, so there is potentially an integer overflow. Fix this
> by using the BIT_ULL macro to perform the shift and avoid the overflow.
Good catch, that should indeed have been 1ULL. I'll fold in your
fix, thanks!
--
Jens Axboe
On 25/10/2019 14:56, Jens Axboe wrote:
> On 10/25/19 6:54 AM, Jens Axboe wrote:
>> On 10/25/19 6:43 AM, Colin King wrote:
>>> From: Colin Ian King <[email protected]>
>>>
>>> Shifting the integer value 1U is evaluated with type unsigned int
>>> using 32-bit arithmetic and then used in an expression that expects
>>> a 64-bit value, so there is potentially an integer overflow. Fix this
>>> by using the BIT_ULL macro to perform the shift and avoid the overflow.
>>
>> Good catch, that should indeed have been 1ULL. I'll fold in your
>> fix, thanks!
>
> BTW, this missed the same issue on the clear side of it, in
> io_worker_handle_work(). I've fixed that one up the same way.
>
Ah, good, somehow the scanner missed that.
Colin
On 10/25/19 7:59 AM, Colin Ian King wrote:
> On 25/10/2019 14:56, Jens Axboe wrote:
>> On 10/25/19 6:54 AM, Jens Axboe wrote:
>>> On 10/25/19 6:43 AM, Colin King wrote:
>>>> From: Colin Ian King <[email protected]>
>>>>
>>>> Shifting the integer value 1U is evaluated with type unsigned int
>>>> using 32-bit arithmetic and then used in an expression that expects
>>>> a 64-bit value, so there is potentially an integer overflow. Fix this
>>>> by using the BIT_ULL macro to perform the shift and avoid the overflow.
>>>
>>> Good catch, that should indeed have been 1ULL. I'll fold in your
>>> fix, thanks!
>>
>> BTW, this missed the same issue on the clear side of it, in
>> io_worker_handle_work(). I've fixed that one up the same way.
>>
> Ah, good, somehow the scanner missed that.
Something to take a look at! :-)
--
Jens Axboe
On 10/25/19 6:54 AM, Jens Axboe wrote:
> On 10/25/19 6:43 AM, Colin King wrote:
>> From: Colin Ian King <[email protected]>
>>
>> Shifting the integer value 1U is evaluated with type unsigned int
>> using 32-bit arithmetic and then used in an expression that expects
>> a 64-bit value, so there is potentially an integer overflow. Fix this
>> by using the BIT_ULL macro to perform the shift and avoid the overflow.
>
> Good catch, that should indeed have been 1ULL. I'll fold in your
> fix, thanks!
BTW, this missed the same issue on the clear side of it, in
io_worker_handle_work(). I've fixed that one up the same way.
--
Jens Axboe