Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp684366lql; Mon, 11 Mar 2024 14:19:59 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX5VZVsEr6dTmZp6WPv+RouuQ2fbiyoVYmbtZYDYGzElddKvD16SGGjrm72BV14x/XRYUoHNsRhOuHTBfbkciYtM6AHAYIZJgCOpn1ihw== X-Google-Smtp-Source: AGHT+IHwL5pGrAZ7vxl5XmIQ0JAD6BOHbCIfV7areLOK/Ju0w2ObIQo7cwEbnt7bx/l3UXYq7Ilp X-Received: by 2002:a05:6512:3d0b:b0:513:a7e0:28c7 with SMTP id d11-20020a0565123d0b00b00513a7e028c7mr116491lfv.6.1710191999299; Mon, 11 Mar 2024 14:19:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710191999; cv=pass; d=google.com; s=arc-20160816; b=Mik0SAo62g5PvoyFHHL9268t4x3U9cu2b4weIkJT92vKHelY8XXvL4rnrhRVjmllN/ 3iFW3GuH/7j5MeMGYc3XBkYOrniLQwOEkdCRoJJ5su2nxeLNVN63yUTGDmK1Bpmj01g7 h+Ton/ZeCG9H81UWRe4UtPWzv/Zx4pfx4LHqAO8NTVsbIce3mX9roPBbqOuGqnf6Sc6J OLJioBrW1tv6mONJQ/HZttXoqqJpSBzsZ/SIgZoA9dYoJGMGNC4TTvYnwJ0Lb5SVKz8d YpvDOQ5wVZRdEXAqIq29xhAr4cszzXoai7EoQqc+Bo1BfoVzu9Dx5bAyuDmHY+FCECEE JbrA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:accept-language :in-reply-to:references:message-id:date:thread-index:thread-topic :subject:cc:to:from; bh=Fia4YaK/0/KKF4PdJMLwrz+g5RM2Z5dKBBO+25vpH0g=; fh=UopeYeIHbv+Kt4+FuEB6/+GheZLsRQJMrAFyzddDTIg=; b=H+CI7N0+Z+BNepcT0voAYIzdR3dS+q08xd5dnUD1dqc4ZWmOmqUX7sIc2+5Xo9N143 TdLq3+NlK8+eGX7I4fWjHPnw1w/x1R7jJy3r4oRE19r7qQp/87vCdXukCAw/XLJdxPQ1 0+W8sEjfd2iBpAeIkgQbVibCtOJkR2OSwT/yD8f78IFePJmcH5NrbKA4VQl68FLS3Opg pMAqb2uKjeCWzs3SEFm6u2VJMuBSCAs32n1HsZG2sobggQMYbr1jz8BcwD8FKAg595w1 RWLPYidel5K2zChvY8KCoXL8KzlEDYqUQSBBrISAUOGDh6cFAVuRm1vxlsBaObACKUch Cv/A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=aculab.com dmarc=pass fromdomain=aculab.com); spf=pass (google.com: domain of linux-kernel+bounces-99558-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99558-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a14-20020a50c30e000000b005663dc90a09si2897903edb.156.2024.03.11.14.19.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 14:19:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-99558-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=aculab.com dmarc=pass fromdomain=aculab.com); spf=pass (google.com: domain of linux-kernel+bounces-99558-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99558-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 0A5271F21935 for ; Mon, 11 Mar 2024 21:19:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4FC2156B78; Mon, 11 Mar 2024 21:19:54 +0000 (UTC) Received: from eu-smtp-delivery-151.mimecast.com (eu-smtp-delivery-151.mimecast.com [185.58.85.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA1C556B62 for ; Mon, 11 Mar 2024 21:19:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.58.85.151 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710191993; cv=none; b=QtjrwUqw/OrV0Q4dvymbeVjFo7Sa6a+Ssu/1Y0Drx+pq3zaDHlaxk6Lz3BwrUDanEYzcFw8LHpViq17u/bF67t3VXuFHA++wMvtky0eOOos8m5ymneJnPIvc245ccKoyw01CgPzWXACgsmnncWIP9wwnCPo0mkfQOhHWvXOnUKA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710191993; c=relaxed/simple; bh=i615CRNOuqDgExZzz9+KkVx63j4FWrsDahCeiTAgZuU=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: MIME-Version:Content-Type; b=TIXuVFY/qaVF7ZipVLsED0gFZy7GKfLgeiJcGQQEs/b4DbsL6X3s03GTIRRPAk4vD5/+ORiYMpeawzYJ3yCHTAAUhGdCDrT7NE0+W/gaqmH6YF9qDNM17anKEUZ7FAvtbl+I9MB7BIkKqcrKdUIia6N36JZ4BMqRAjEquXYZZkQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=ACULAB.COM; spf=pass smtp.mailfrom=aculab.com; arc=none smtp.client-ip=185.58.85.151 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=ACULAB.COM Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=aculab.com Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with both STARTTLS and AUTH (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mta-70-yp59H5P9N3qvzFeyFl6C3w-1; Mon, 11 Mar 2024 21:19:43 +0000 X-MC-Unique: yp59H5P9N3qvzFeyFl6C3w-1 Received: from AcuMS.Aculab.com (10.202.163.6) by AcuMS.aculab.com (10.202.163.6) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 11 Mar 2024 21:19:48 +0000 Received: from AcuMS.Aculab.com ([::1]) by AcuMS.aculab.com ([::1]) with mapi id 15.00.1497.048; Mon, 11 Mar 2024 21:19:48 +0000 From: David Laight To: 'Jaegeuk Kim' CC: 'Roman Smirnov' , Chao Yu , "Sergey Shtylyov" , Karina Yankevich , "linux-f2fs-devel@lists.sourceforge.net" , "linux-kernel@vger.kernel.org" , "lvc-project@linuxtesting.org" Subject: RE: [PATCH] f2fs: Cast expression type to unsigned long in __count_extent_cache() Thread-Topic: [PATCH] f2fs: Cast expression type to unsigned long in __count_extent_cache() Thread-Index: AQHabtSs8qQLngIY8Ey8WBtnYc/JqbExQp7QgAHHeICAAAg9sA== Date: Mon, 11 Mar 2024 21:19:48 +0000 Message-ID: <15882d97fc0c4742a119128ccc12b5dd@AcuMS.aculab.com> References: <20240305080943.6922-1-r.smirnov@omp.ru> In-Reply-To: Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable From: Jaegeuk Kim > Sent: 11 March 2024 20:37 > On 03/10, David Laight wrote: > > From: Roman Smirnov > > > Sent: 05 March 2024 08:10 > > > > > > Cast expression type to unsigned long in __count_extent_cache() > > > to prevent integer overflow. > > > > > > Found by Linux Verification Center (linuxtesting.org) with Svace. > > > > Another broken analysis tool :-) > > > > > Signed-off-by: Roman Smirnov > > > Reviewed-by: Sergey Shtylyov > > > --- > > > fs/f2fs/shrinker.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/fs/f2fs/shrinker.c b/fs/f2fs/shrinker.c > > > index 83d6fb97dcae..bb86a06c5d5e 100644 > > > --- a/fs/f2fs/shrinker.c > > > +++ b/fs/f2fs/shrinker.c > > > @@ -33,7 +33,7 @@ static unsigned long __count_extent_cache(struct f2= fs_sb_info *sbi, > > > { > > > =09struct extent_tree_info *eti =3D &sbi->extent_tree[type]; > > > > > > -=09return atomic_read(&eti->total_zombie_tree) + > > > +=09return (unsigned long)atomic_read(&eti->total_zombie_tree) + > > > =09=09=09=09atomic_read(&eti->total_ext_node); > > > > Makes diddly-squit difference. > > > > Both total_zombie_tree and totat_ext_node are 'int'. > > If they are large enough that their sum wraps then the values > > can individually wrap (to negative values). > > > > You really don't want to cast 'int' to 'unsigned long' here > > at all - implicitly or explicitly. > > The cast will first promote 'int' to 'signed long'. > > So a negative value will get sign extended to a very big value. >=20 > I thought, since total_zombie_tree won't get overflowed theoritically, th= e first > cast to (unsigned long) could expand the space to cover the following > total_ext_node. If will force the arithmetic be done as 'unsigned long' so the second value will go through the integer promotion rules to get from 'int' to 'unsigned long', there is an intermediate stage of 'signed long'. So (on 64bit) the 32bit signed value is sign extended to a 64bit signed value and the converted to 64 bit unsigned (same bit pattern on 2s compliment systems). The cast itself will have done the same sign extension on the first value. If toal_ext_node can get anywhere near 31 bits it is also likely to get negative as well. At which point very silly things happen is pretty much all cases unless you only zero-extend to 64 bits. >=20 > > > > The best you can hope for is a 33bit result from wrapped 32bit > > signed counters. > > To get that you need to convert 'int' =3D> 'unsigned int' =3D> 'unsigne= d long'. > > One way would be: > > =09return (atomic_read(&eti->total_zombie_tree) + 0u + 0ul) + > > =09=09(atomic_read(&eti->total_ext_node) + 0u); > > > > Although changing the return type to 'unsigned int' would probably > > be better. > > I don't know what the values are, but if they are stats counters > > then that would give a value that nicely wraps at 2^32 rather > > that the strange wrap that the sum of two wrapping 32bit counters > > has. > > > > OTOH it may be that they are counts - and just can't get any where > > near that big. > > > > =09David > > > > - > > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, M= K1 1PT, UK > > Registration No: 1397386 (Wales) - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1= PT, UK Registration No: 1397386 (Wales)