Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp7016255rdb; Fri, 15 Dec 2023 15:21:31 -0800 (PST) X-Google-Smtp-Source: AGHT+IG+be2G/3rf01+8QzLKq3BV08QY5BmFOX1Tyq9LwWq92bJp/v7OpAh6tT4UlJ7fFgrneekW X-Received: by 2002:a17:903:22c1:b0:1d0:6ffd:9e2a with SMTP id y1-20020a17090322c100b001d06ffd9e2amr13492414plg.124.1702682491285; Fri, 15 Dec 2023 15:21:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702682491; cv=none; d=google.com; s=arc-20160816; b=a4H5KvwexqKtFpICeYzBRy3+SRV4C4RXuNU0mypG/HzRhfhVs3dzQf4rNa5R4mE/99 jDrCw05t6Gd8QTyXBILrankc7NtFmwPtk92sjg40YCKxsroFFGAQy0C03oDREfwFZyuZ UXQ/cy6I9+2CINd+9FIb/2FwWVkCulsmDimO9hrV2YVaQjLMsQ66zoG3hKXbtBSO8GqT lMCBLFh/9uPGvH/ETcrGrQjmKEWWJSuPCLOV1TAPMycKdIte2QrbCAYBhIBdo5jVI7Wp ZyutBWuZwNbCdr5lX2UJ/+mFBlDrUBGUJm0GYLv3pATMXjgmAMls9WjuBi7A3lG+sfjm nJJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=IsUtnn7siPryudUvSRfniWpDI3GmlnLE6Elmtik786Y=; fh=ya7MFaQ5i0IKqOFeGte1fKxZofyNH2bDT2q/P6hgpSU=; b=eQOJStt1+SbOnnBr8sTGSPXc/wCPkp7hI/t0gSSAZSzsYzn7uZ8rgZ+N0MZyASzogJ y+PKuV8ZFTOZCWNSLUzPaTuDW+Cd9zgkdThVk68XuerweLAtn4CbJoRQO8nLTGyO1euQ 0F/d0+DlNaVF0kKkjouPGV9IDAMHsrIMlRlzq9B/s4dRu9BUxp11zH0vrg3UZwrR54qt 46Gm0DlTSpop/JPRPPIMjwU8osnDoFU0Sh1Vv9dyHkp6ljBlF9okPHX01PjE3M0aNza1 Q5KAYFayVS1o/vHhkaS1MSPQiIRvR5xFBbDR6lSGxOtwVnsOgErVouT2ANj8/mqS3Asx X+3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=e8CI79A4; spf=pass (google.com: domain of linux-kernel+bounces-1810-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-1810-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id n11-20020a170902e54b00b001cff62f4575si6437639plf.370.2023.12.15.15.21.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Dec 2023 15:21:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-1810-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=e8CI79A4; spf=pass (google.com: domain of linux-kernel+bounces-1810-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-1810-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B8EEE285BAE for ; Fri, 15 Dec 2023 23:21:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E921D381B2; Fri, 15 Dec 2023 23:13:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="e8CI79A4" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04FEB18EB5; Fri, 15 Dec 2023 23:13:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 84261C433C8; Fri, 15 Dec 2023 23:13:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1702681985; bh=lOtRbEGfqiGEbQ0Iv6/I87uvPvm4WKKzJ4UF0h0ROhM=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=e8CI79A4uWpqv3e8++yIGvLbJcwEmzRAZxs2zKqSpFnvhmZ96NhmIBk5BnCJG+dmq b7tyca8Q26fddtsf2+QyK4j2VJbslA2sWkv2PmAmvIy4U4MkGWABpsTCB79kV5+a65 VXIEOrj3gi3OdMvnE3vOP8yvveSO8m7YPKQuwj09NMzQEYuz5dUg5hOXDk3GntEu4G RReYCh71L96D/qXZ2IcymwpZNShses6g4+JHHBgIF/z1shRPdhlXPvonCk4zwWeYOP Idk6Y4tsAHgHB5CfHtna+vN9ExJF0EtwgKx6caFtyqck9tn33SuY2HjcltuWiD+m3p l2i9gdLjWOJNQ== Received: by mail-lj1-f179.google.com with SMTP id 38308e7fff4ca-2cc5a0130faso3762201fa.1; Fri, 15 Dec 2023 15:13:05 -0800 (PST) X-Gm-Message-State: AOJu0YzKFisrbavygv4ykhWQYCgDjUbIOAwgWpWiHqkEB17bUMlhCkoq VC+hxqR797AOc/GWFOx1NlFvtRLB9fiNGWHWVqo= X-Received: by 2002:a2e:a5c4:0:b0:2cc:1dd2:2f66 with SMTP id n4-20020a2ea5c4000000b002cc1dd22f66mr7197507ljp.38.1702681983682; Fri, 15 Dec 2023 15:13:03 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231215013931.3329455-1-linan666@huaweicloud.com> <20231215013931.3329455-2-linan666@huaweicloud.com> In-Reply-To: <20231215013931.3329455-2-linan666@huaweicloud.com> From: Song Liu Date: Fri, 15 Dec 2023 15:12:52 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 1/2] md: Fix overflow in is_mddev_idle To: linan666@huaweicloud.com Cc: axboe@kernel.dk, linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, yukuai3@huawei.com, yi.zhang@huawei.com, houtao1@huawei.com, yangerkun@huawei.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Dec 14, 2023 at 5:41=E2=80=AFPM wrote: > > From: Li Nan > > UBSAN reports this problem: > > UBSAN: Undefined behaviour in drivers/md/md.c:8175:15 > signed integer overflow: > -2147483291 - 2072033152 cannot be represented in type 'int' > Call trace: > dump_backtrace+0x0/0x310 > show_stack+0x28/0x38 > dump_stack+0xec/0x15c > ubsan_epilogue+0x18/0x84 > handle_overflow+0x14c/0x19c > __ubsan_handle_sub_overflow+0x34/0x44 > is_mddev_idle+0x338/0x3d8 > md_do_sync+0x1bb8/0x1cf8 > md_thread+0x220/0x288 > kthread+0x1d8/0x1e0 > ret_from_fork+0x10/0x18 > > 'curr_events' will overflow when stat accum or 'sync_io' is greater than > INT_MAX. > > Fix it by changing sync_io, last_events and curr_events to 64bit. > > Signed-off-by: Li Nan > --- > drivers/md/md.h | 4 ++-- > include/linux/blkdev.h | 2 +- > drivers/md/md.c | 7 ++++--- > 3 files changed, 7 insertions(+), 6 deletions(-) > > diff --git a/drivers/md/md.h b/drivers/md/md.h > index ade83af123a2..1a4f976951c1 100644 > --- a/drivers/md/md.h > +++ b/drivers/md/md.h > @@ -50,7 +50,7 @@ struct md_rdev { > > sector_t sectors; /* Device size (in 512bytes secto= rs) */ > struct mddev *mddev; /* RAID array if running */ > - int last_events; /* IO event timestamp */ > + long long last_events; /* IO event timestamp */ > > /* > * If meta_bdev is non-NULL, it means that a separate device is > @@ -584,7 +584,7 @@ extern void mddev_unlock(struct mddev *mddev); > > static inline void md_sync_acct(struct block_device *bdev, unsigned long= nr_sectors) > { > - atomic_add(nr_sectors, &bdev->bd_disk->sync_io); > + atomic64_add(nr_sectors, &bdev->bd_disk->sync_io); > } > > static inline void md_sync_acct_bio(struct bio *bio, unsigned long nr_se= ctors) > diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h > index 3f8a21cd9233..d28b98adf457 100644 > --- a/include/linux/blkdev.h > +++ b/include/linux/blkdev.h > @@ -170,7 +170,7 @@ struct gendisk { > struct list_head slave_bdevs; > #endif > struct timer_rand_state *random; > - atomic_t sync_io; /* RAID */ > + atomic64_t sync_io; /* RAID */ > struct disk_events *ev; As we are on this, I wonder whether we really need this. AFAICT, is_mddev_idle() is the only consumer of sync_io. We can probably do the same check in is_mddev_idle() without sync_io. Thanks, Song > > #ifdef CONFIG_BLK_DEV_ZONED > diff --git a/drivers/md/md.c b/drivers/md/md.c > index c94373d64f2c..1d71b2a9af03 100644 > --- a/drivers/md/md.c > +++ b/drivers/md/md.c > @@ -8496,14 +8496,15 @@ static int is_mddev_idle(struct mddev *mddev, int= init) > { > struct md_rdev *rdev; > int idle; > - int curr_events; > + long long curr_events; > > idle =3D 1; > rcu_read_lock(); > rdev_for_each_rcu(rdev, mddev) { > struct gendisk *disk =3D rdev->bdev->bd_disk; > - curr_events =3D (int)part_stat_read_accum(disk->part0, se= ctors) - > - atomic_read(&disk->sync_io); > + curr_events =3D > + (long long)part_stat_read_accum(disk->part0, sect= ors) - > + atomic64_read(&disk->sync_io); > /* sync IO will cause sync_io to increase before the disk= _stats > * as sync_io is counted when a request starts, and > * disk_stats is counted when it completes. > -- > 2.39.2 > >