Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp1972363ima; Thu, 25 Oct 2018 07:46:31 -0700 (PDT) X-Google-Smtp-Source: AJdET5cUnFu2LovIIzJI01JLZSW7nb8QYyLEIBi7UDG9DeyahynPZbFPnEqyYqE0WsHl9NqGNbbb X-Received: by 2002:a63:5949:: with SMTP id j9-v6mr1756837pgm.210.1540478791551; Thu, 25 Oct 2018 07:46:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540478791; cv=none; d=google.com; s=arc-20160816; b=mafXgx0962y9W7mSAvzq7xfq/t22U4+IL4KxMYBaegVsUI+PAJR0swSJza/BNJwcn7 FDrVUQ+JU4c9NwyJlW3DC4eJEjI2xsh6MiIrN05dZQ3sF0Yr4mWhTbFV4wiKNYftetOZ HmTvamjINDFYajbXfj2xpdKq1gu/r61x5UAp/9z9cvZyIC65h4e3pEH1jFmmo1VyhinX TE2afo7SjIK5Ihm98S2EQLCyCpgkVIBhbv91lQ7GZXE0hbdUUGRqda7q/my/i/L5/BsS wf5fmqXG4vnIpO4J/WbTcOgT+vwnxtV56j2tdVk5h/jAXiLIyyTcERWC5oJHexzJRVhV KExQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=3McfX6VM4GT6FWy4p7LlBt+mDTyQf0U4s16RACY8JMM=; b=vxWfMWowqpSPgTyRpcfkrL0A37gZiWDwIQ+dYJ7KLmfWd69UJDwgHID0o6y/Trm2Z0 dQ4xIssuhRxSSCGQi9RJfR/nZstmbpJX7T1cza14CEv0Lbt2dUVJ4U2hhE/ofCvqn1hv ufa6BNyMaV37YBn3tLP0k4DwqOO9rWrkZ6zCN8cIU5i6uHXA7p6Cz9PdnsTsYD81XPSS BycsmU+G84/84T575jSN24KuzB1jL3FAa5pbcPzimWSQ+WB/afBC5SARBKTNikhpVohe qq/iXolZLUiDkIBefxWf+UZYJjQZlppXF5JPMSR6GaPl2Z0OSNaulbZIIgtH/0oPM59f tKpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BMm56oO5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u4-v6si8379989pgi.554.2018.10.25.07.46.13; Thu, 25 Oct 2018 07:46:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BMm56oO5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727859AbeJYWoB (ORCPT + 99 others); Thu, 25 Oct 2018 18:44:01 -0400 Received: from mail.kernel.org ([198.145.29.99]:52542 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727699AbeJYWoA (ORCPT ); Thu, 25 Oct 2018 18:44:00 -0400 Received: from sasha-vm.mshome.net (unknown [167.98.65.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A20262054F; Thu, 25 Oct 2018 14:11:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1540476665; bh=74ySAQMBThih2FK3Rot/66i2+Wp8eF2sA/P/6jvoxGo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BMm56oO5DC881ZtyzHcwUkwY+UgZoTLyWJ9E6pPUJh9x+PUJt7LZjY9e/mZ3R0ybh 50+B/Iw9Pvw8/yNYwYebgFFSr62Kh7QHp4PmSLE13zKWLIpaHBTfUdluEg9mchp3hz n8st+rZxFsyGEUQHXWnRS1FWJkSn6t3OYXlIqkjs= From: Sasha Levin To: stable@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Arnd Bergmann , "Martin K . Petersen" , Sasha Levin Subject: [PATCH AUTOSEL 4.14 07/46] scsi: aacraid: address UBSAN warning regression Date: Thu, 25 Oct 2018 10:10:14 -0400 Message-Id: <20181025141053.213330-7-sashal@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181025141053.213330-1-sashal@kernel.org> References: <20181025141053.213330-1-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Arnd Bergmann [ Upstream commit d18539754d97876503275efc7d00a1901bb0cfad ] As reported by Meelis Roos, my previous patch causes an incorrect calculation of the timeout, through an undefined signed integer overflow: [ 12.228155] UBSAN: Undefined behaviour in drivers/scsi/aacraid/commsup.c:2514:49 [ 12.228229] signed integer overflow: [ 12.228283] 964297611 * 250 cannot be represented in type 'long int' The problem is that doing a multiplication with HZ first and then dividing by USEC_PER_SEC worked correctly for 32-bit microseconds, but not for 32-bit nanoseconds, which would require up to 41 bits. This reworks the calculation to first convert the nanoseconds into jiffies, which should give us the same result as before and not overflow. Unfortunately I did not understand the exact intention of the algorithm, in particular the part where we add half a second, so it's possible that there is still a preexisting problem in this function. I added a comment that this would be handled more nicely using usleep_range(), which generally works better for waking up at a particular time than the current schedule_timeout() based implementation. I did not feel comfortable trying to implement that without being sure what the intent is here though. Fixes: 820f18865912 ("scsi: aacraid: use timespec64 instead of timeval") Tested-by: Meelis Roos Signed-off-by: Arnd Bergmann Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin --- drivers/scsi/aacraid/commsup.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c index 998788a967be..3e38bae6ecde 100644 --- a/drivers/scsi/aacraid/commsup.c +++ b/drivers/scsi/aacraid/commsup.c @@ -2506,8 +2506,8 @@ int aac_command_thread(void *data) /* Synchronize our watches */ if (((NSEC_PER_SEC - (NSEC_PER_SEC / HZ)) > now.tv_nsec) && (now.tv_nsec > (NSEC_PER_SEC / HZ))) - difference = (((NSEC_PER_SEC - now.tv_nsec) * HZ) - + NSEC_PER_SEC / 2) / NSEC_PER_SEC; + difference = HZ + HZ / 2 - + now.tv_nsec / (NSEC_PER_SEC / HZ); else { if (now.tv_nsec > NSEC_PER_SEC / 2) ++now.tv_sec; @@ -2531,6 +2531,10 @@ int aac_command_thread(void *data) if (kthread_should_stop()) break; + /* + * we probably want usleep_range() here instead of the + * jiffies computation + */ schedule_timeout(difference); if (kthread_should_stop()) -- 2.17.1