Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753368AbdFPNsO (ORCPT ); Fri, 16 Jun 2017 09:48:14 -0400 Received: from mail-pg0-f47.google.com ([74.125.83.47]:36602 "EHLO mail-pg0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750967AbdFPNsN (ORCPT ); Fri, 16 Jun 2017 09:48:13 -0400 Date: Fri, 16 Jun 2017 22:48:02 +0900 From: Alice Ferrazzi To: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, broonie@kernel.org, linux-kernel@vger.kernel.org Subject: [RFC] ubsan: signed integer overflow in atomc.h atomic_add_return Message-ID: <20170616134802.GH20222@alitoo> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="lrvsYIebpInmECXG" Content-Disposition: inline User-Agent: Mutt/1.8.3 (2017-05-23) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3088 Lines: 81 --lrvsYIebpInmECXG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline A Gentoo user reported a UBSAN signed integer overflow in atomic_add_return. /** * atomic_add_return - add integer and return * @i: integer value to add * @v: pointer of type atomic_t * * Atomically adds @i to @v and returns @i + @v */ static __always_inline int atomic_add_return(int i, atomic_t *v) { return i + xadd(&v->counter, i); } shall we change something? ================================================================================ kernel: UBSAN: Undefined behaviour in ./arch/x86/include/asm/atomic.h:156:2 kernel: signed integer overflow: kernel: 2147483647 + 1 cannot be represented in type 'int' kernel: CPU: 1 PID: 37 Comm: kswapd0 Tainted: P W O 4.9.25-gentoo #4 kernel: Hardware name: XXXXXX, BIOS YYYYYY kernel: ec38fc0c d1f444f2 00000007 ec38fc3c 00000001 ec38fc1c d1fc8ffe ec38fc1c kernel: d2b1146c ec38fca0 d1fc934b d28b15c0 ec38fc40 0000002b ec38fc68 d2b1146c kernel: 0000002b 00000002 37343132 36333834 00003734 c2f91260 00000025 ec38fc74 kernel: Call Trace: kernel: [] dump_stack+0x59/0x87 kernel: [] ubsan_epilogue+0xe/0x40 kernel: [] handle_overflow+0xbb/0xf0 kernel: [] ? radix_tree_clear_tags+0x34/0xa0 kernel: [] ? __delete_from_page_cache+0x464/0x9c0 kernel: [] __ubsan_handle_add_overflow+0x12/0x20 kernel: [] workingset_eviction+0xe6/0x120 kernel: [] __remove_mapping+0x1bb/0x390 kernel: [] shrink_page_list+0x3a6/0x14d0 kernel: [] shrink_inactive_list+0x2aa/0x8f0 kernel: [] shrink_node_memcg+0x742/0xd70 kernel: [] shrink_node+0xf2/0x7c0 kernel: [] kswapd+0x362/0xb00 kernel: [] ? mem_cgroup_shrink_node+0x210/0x210 kernel: [] kthread+0xe3/0x170 kernel: [] ? _raw_spin_unlock_irq+0x8/0x10 kernel: [] ? mem_cgroup_shrink_node+0x210/0x210 kernel: [] ? kthread_park+0x50/0x50 kernel: [] ret_from_fork+0x1b/0x28 kernel: ================================================================================ Thanks, Alice --lrvsYIebpInmECXG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEELk4IVkYcBYUTNvSWViGmsoY4eBoFAllD4YYACgkQViGmsoY4 eBoNNw//SLIn8LH+G98bhEPzZdzkDGrzhVZO+GoV6dEylTBJYhBGhSr0ahwbaTmU xXz1HI81chAA62W10fwjhCPHCbdeuuFB8y9YYaTKONjX/UzRce17C1/vGJ5tXPtn 7iI/+ZF3IkyCAqstYhcuzcTvbD3sueGxp+nwCjrNFp/V2CsMbJrXEYwskMjZ+hKV xNux9Ac9BqXD/ZDSIVp1dZ6HLX5IUy/yjopPqjkFmf9WfF1rorF3x/B7R6Vum6mt 8iPsZBzbNsyCCEdTst27KWWKktCsLn4uFYARcNqcO6xzrfCehv4vvr+Y7gBPISgf mlx5T5RAS2m9AHQ61uRCMWFIVQrzQbbBShrY7iI4/vMNipweUcqvAMKnt3JETG6m IMHjwZ6uAcBP7mjbxwUPyiRVUtxF0RmwL+TOssXo9Hk/dYA0VnfmnFl0fR84GAzs 61pWBGEjpzd8W/QIpvaWB7hIsXHYfmQ0NFDi1YOtOJqVVe5mO+/y/f2o6tNH++6c xk7yW7hJ51s5eelAQyjCZCDwR7v29Poz54nEICRSxFtIcXfHPKr9pqxssZIALN5n 9IblwuDgi0czcNmT21DyzV35uI2Hs5z6g7QkNOBDfr3PUZCQGOzpqIoqx4R5gY2T W6TD2r4r1D/YRgKAkXyZRv4IlRHqXJVQr6SvJQPOs8ciz0OOTSk= =zxWl -----END PGP SIGNATURE----- --lrvsYIebpInmECXG--