Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in fs/nsfs.c:306:32
left shift of 1 by 31 places cannot be represented in type 'int'
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.3.0-rc4+ #2
Call trace:
<TASK>
dump_backtrace+0x134/0x1e0
show_stack+0x2c/0x3c
dump_stack_lvl+0xb0/0xd4
dump_stack+0x14/0x1c
ubsan_epilogue+0xc/0x3c
__ubsan_handle_shift_out_of_bounds+0xb0/0x14c
nsfs_init+0x4c/0xb0
start_kernel+0x38c/0x738
__primary_switched+0xbc/0xc4
</TASK>
Signed-off-by: Hao Ge <[email protected]>
---
include/linux/fs.h | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index c85916e9f7db..86ab23a05b61 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1069,19 +1069,19 @@ extern int send_sigurg(struct fown_struct *fown);
#define SB_NOATIME 1024 /* Do not update access times. */
#define SB_NODIRATIME 2048 /* Do not update directory access times */
#define SB_SILENT 32768
-#define SB_POSIXACL (1<<16) /* VFS does not apply the umask */
-#define SB_INLINECRYPT (1<<17) /* Use blk-crypto for encrypted files */
-#define SB_KERNMOUNT (1<<22) /* this is a kern_mount call */
-#define SB_I_VERSION (1<<23) /* Update inode I_version field */
-#define SB_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */
+#define SB_POSIXACL (1U<<16) /* VFS does not apply the umask */
+#define SB_INLINECRYPT (1U<<17) /* Use blk-crypto for encrypted files */
+#define SB_KERNMOUNT (1U<<22) /* this is a kern_mount call */
+#define SB_I_VERSION (1U<<23) /* Update inode I_version field */
+#define SB_LAZYTIME (1U<<25) /* Update the on-disk [acm]times lazily */
/* These sb flags are internal to the kernel */
-#define SB_SUBMOUNT (1<<26)
-#define SB_FORCE (1<<27)
-#define SB_NOSEC (1<<28)
-#define SB_BORN (1<<29)
-#define SB_ACTIVE (1<<30)
-#define SB_NOUSER (1<<31)
+#define SB_SUBMOUNT (1U<<26)
+#define SB_FORCE (1U<<27)
+#define SB_NOSEC (1U<<28)
+#define SB_BORN (1U<<29)
+#define SB_ACTIVE (1U<<30)
+#define SB_NOUSER (1U<<31)
/* These flags relate to encoding and casefolding */
#define SB_ENC_STRICT_MODE_FL (1 << 0)
--
2.25.1
No virus found
Checked by Hillstone Network AntiVirus
Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in fs/nsfs.c:306:32
left shift of 1 by 31 places cannot be represented in type 'int'
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.3.0-rc4+ #2
Call trace:
<TASK>
dump_backtrace+0x134/0x1e0
show_stack+0x2c/0x3c
dump_stack_lvl+0xb0/0xd4
dump_stack+0x14/0x1c
ubsan_epilogue+0xc/0x3c
__ubsan_handle_shift_out_of_bounds+0xb0/0x14c
nsfs_init+0x4c/0xb0
start_kernel+0x38c/0x738
__primary_switched+0xbc/0xc4
</TASK>
Fixes: e462ec50cb5f ("VFS: Differentiate mount flags (MS_*) from internal superblock flags")
Signed-off-by: Hao Ge <[email protected]>
---
v2: add Fixes for changelog
---
include/linux/fs.h | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index c85916e9f7db..86ab23a05b61 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1069,19 +1069,19 @@ extern int send_sigurg(struct fown_struct *fown);
#define SB_NOATIME 1024 /* Do not update access times. */
#define SB_NODIRATIME 2048 /* Do not update directory access times */
#define SB_SILENT 32768
-#define SB_POSIXACL (1<<16) /* VFS does not apply the umask */
-#define SB_INLINECRYPT (1<<17) /* Use blk-crypto for encrypted files */
-#define SB_KERNMOUNT (1<<22) /* this is a kern_mount call */
-#define SB_I_VERSION (1<<23) /* Update inode I_version field */
-#define SB_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */
+#define SB_POSIXACL (1U<<16) /* VFS does not apply the umask */
+#define SB_INLINECRYPT (1U<<17) /* Use blk-crypto for encrypted files */
+#define SB_KERNMOUNT (1U<<22) /* this is a kern_mount call */
+#define SB_I_VERSION (1U<<23) /* Update inode I_version field */
+#define SB_LAZYTIME (1U<<25) /* Update the on-disk [acm]times lazily */
/* These sb flags are internal to the kernel */
-#define SB_SUBMOUNT (1<<26)
-#define SB_FORCE (1<<27)
-#define SB_NOSEC (1<<28)
-#define SB_BORN (1<<29)
-#define SB_ACTIVE (1<<30)
-#define SB_NOUSER (1<<31)
+#define SB_SUBMOUNT (1U<<26)
+#define SB_FORCE (1U<<27)
+#define SB_NOSEC (1U<<28)
+#define SB_BORN (1U<<29)
+#define SB_ACTIVE (1U<<30)
+#define SB_NOUSER (1U<<31)
/* These flags relate to encoding and casefolding */
#define SB_ENC_STRICT_MODE_FL (1 << 0)
--
2.25.1
No virus found
Checked by Hillstone Network AntiVirus
On Mon, Apr 24, 2023 at 12:51:22PM +0800, Hao Ge wrote:
> Shifting signed 32-bit value by 31 bits is undefined, so changing
> significant bit to unsigned. The UBSAN warning calltrace like below:
> UBSAN: shift-out-of-bounds in fs/nsfs.c:306:32
> left shift of 1 by 31 places cannot be represented in type 'int'
> CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.3.0-rc4+ #2
> Call trace:
> <TASK>
> dump_backtrace+0x134/0x1e0
> show_stack+0x2c/0x3c
> dump_stack_lvl+0xb0/0xd4
> dump_stack+0x14/0x1c
> ubsan_epilogue+0xc/0x3c
> __ubsan_handle_shift_out_of_bounds+0xb0/0x14c
> nsfs_init+0x4c/0xb0
> start_kernel+0x38c/0x738
> __primary_switched+0xbc/0xc4
> </TASK>
>
> Fixes: e462ec50cb5f ("VFS: Differentiate mount flags (MS_*) from internal superblock flags")
> Signed-off-by: Hao Ge <[email protected]>
*snort*
IMO something like "spotted by UBSAN" is more than enough here -
stack trace is completely pointless.
Otherwise, no problems with the patch - it's obviously safe.
Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. It was spotted by UBSAN.
Fixes: e462ec50cb5f ("VFS: Differentiate mount flags (MS_*) from internal superblock flags")
Signed-off-by: Hao Ge <[email protected]>
---
v2: add Fixes for changelog
v3: streamline changelog
---
include/linux/fs.h | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index c85916e9f7db..86ab23a05b61 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1069,19 +1069,19 @@ extern int send_sigurg(struct fown_struct *fown);
#define SB_NOATIME 1024 /* Do not update access times. */
#define SB_NODIRATIME 2048 /* Do not update directory access times */
#define SB_SILENT 32768
-#define SB_POSIXACL (1<<16) /* VFS does not apply the umask */
-#define SB_INLINECRYPT (1<<17) /* Use blk-crypto for encrypted files */
-#define SB_KERNMOUNT (1<<22) /* this is a kern_mount call */
-#define SB_I_VERSION (1<<23) /* Update inode I_version field */
-#define SB_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */
+#define SB_POSIXACL (1U<<16) /* VFS does not apply the umask */
+#define SB_INLINECRYPT (1U<<17) /* Use blk-crypto for encrypted files */
+#define SB_KERNMOUNT (1U<<22) /* this is a kern_mount call */
+#define SB_I_VERSION (1U<<23) /* Update inode I_version field */
+#define SB_LAZYTIME (1U<<25) /* Update the on-disk [acm]times lazily */
/* These sb flags are internal to the kernel */
-#define SB_SUBMOUNT (1<<26)
-#define SB_FORCE (1<<27)
-#define SB_NOSEC (1<<28)
-#define SB_BORN (1<<29)
-#define SB_ACTIVE (1<<30)
-#define SB_NOUSER (1<<31)
+#define SB_SUBMOUNT (1U<<26)
+#define SB_FORCE (1U<<27)
+#define SB_NOSEC (1U<<28)
+#define SB_BORN (1U<<29)
+#define SB_ACTIVE (1U<<30)
+#define SB_NOUSER (1U<<31)
/* These flags relate to encoding and casefolding */
#define SB_ENC_STRICT_MODE_FL (1 << 0)
--
2.25.1
No virus found
Checked by Hillstone Network AntiVirus
> On Apr 24, 2023, at 13:02, Al Viro <[email protected]> wrote:
>
> On Mon, Apr 24, 2023 at 12:51:22PM +0800, Hao Ge wrote:
>> Shifting signed 32-bit value by 31 bits is undefined, so changing
>> significant bit to unsigned. The UBSAN warning calltrace like below:
>
>> UBSAN: shift-out-of-bounds in fs/nsfs.c:306:32
>> left shift of 1 by 31 places cannot be represented in type 'int'
>> CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.3.0-rc4+ #2
>> Call trace:
>> <TASK>
>> dump_backtrace+0x134/0x1e0
>> show_stack+0x2c/0x3c
>> dump_stack_lvl+0xb0/0xd4
>> dump_stack+0x14/0x1c
>> ubsan_epilogue+0xc/0x3c
>> __ubsan_handle_shift_out_of_bounds+0xb0/0x14c
>> nsfs_init+0x4c/0xb0
>> start_kernel+0x38c/0x738
>> __primary_switched+0xbc/0xc4
>> </TASK>
>>
>> Fixes: e462ec50cb5f ("VFS: Differentiate mount flags (MS_*) from internal superblock flags")
>> Signed-off-by: Hao Ge <[email protected]>
>
> *snort*
>
> IMO something like "spotted by UBSAN" is more than enough here -
> stack trace is completely pointless.
>
> Otherwise, no problems with the patch - it's obviously safe.
Thanks for taking time to review this patch.
I fully agree with your suggestion, as it is not just this one place that reported this error, although they are the same reason.
I will remove stack trace and send v3.