Received: by 2002:ab2:7a55:0:b0:1f4:4a7d:290d with SMTP id u21csp170826lqp; Thu, 4 Apr 2024 09:43:19 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVqNKFfzgR+hYJYVjw3nl0lwz0qpY4iJHqu8yMvOrtjSJXD3MRldijddzA1+nyKFIMCIXSoqle5Asw33h6xDf77k5KcnWHv+zqdI2tMmA== X-Google-Smtp-Source: AGHT+IGCCQ/LjpNnGRfqJqNjq8iZNCZ0xNVCDTvlogCLo7sb3vArcGhHnPCTgPc/Lfbg/36KZfE5 X-Received: by 2002:ac2:4433:0:b0:516:d08f:f658 with SMTP id w19-20020ac24433000000b00516d08ff658mr1467793lfl.37.1712248999131; Thu, 04 Apr 2024 09:43:19 -0700 (PDT) Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a1-20020a170906274100b00a474f677083si7861299ejd.80.2024.04.04.09.43.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 09:43:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-131843-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; arc=fail (body hash mismatch); spf=pass (google.com: domain of linux-kernel+bounces-131843-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-131843-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id D09B51F227D7 for ; Thu, 4 Apr 2024 16:43:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 111F61D556; Thu, 4 Apr 2024 16:43:08 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C20451BDCD; Thu, 4 Apr 2024 16:43:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=96.67.55.147 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712248987; cv=none; b=WAYQmbBJ6QaQpwy1W2r5Ye+7ceC72mlOQ9R5woIbqmQA7M/6K7mBOs+96Cir2nlGZP/cTLwF2CRiDbg0ZBFUNtncXOiqvMRWHEz8150Xq4AXPgTAYxCbAAThM1cNCWRFgBnnKPRYQ8MTLRFQ/0Pl77L5Sy39184M5n3+Fae94f0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712248987; c=relaxed/simple; bh=0/AY5cwJn+NnaRDfFReLrDnqEtoagxXGfDMh+lQhRsc=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type; b=EDELAQQ7JSraQ3BlG7lmHLkk84pJJyQktkyugUVGQPrfVw/R3w2rFsFvL2feoa9Mygtm4qLuRJfq227+EjpH4JySF0RJcmLi3CWD9BE/cQ9lbrqfcmZOhGXBGkazI1fQMTFM3MGqlKfH4bD1bibbdwqH8AN/fzo9TGrNSB4Jgfk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=surriel.com; spf=pass smtp.mailfrom=shelob.surriel.com; arc=none smtp.client-ip=96.67.55.147 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=surriel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=shelob.surriel.com Received: from [2601:18c:9101:a8b6:6e0b:84ff:fee2:98bb] (helo=imladris.surriel.com) by shelob.surriel.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1rsQ1N-000000002sp-3xIF; Thu, 04 Apr 2024 12:33:01 -0400 Date: Thu, 4 Apr 2024 12:32:53 -0400 From: Rik van Riel To: linux-kernel@vger.kernel.org Cc: kernel-team@meta.com, Tejun Heo , Jens Axboe , Josef Bacik , cgroups@vger.kernel.org, linux-block@vger.kernel.org Subject: [PATCH] blk-iocost: avoid out of bounds shift Message-ID: <20240404123253.0f58010f@imladris.surriel.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-redhat-linux-gnu) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: riel@surriel.com UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 Call Trace: dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250 .. Avoid that undefined behavior by simply taking the "delay = 0" branch if the shift is too large. I am not sure what the symptoms of an undefined value delay will be, but I suspect it could be more than a little annoying to debug. Signed-off-by: Rik van Riel Cc: Tejun Heo Cc: Josef Bacik Cc: Jens Axboe --- block/blk-iocost.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/block/blk-iocost.c b/block/blk-iocost.c index 9a85bfbbc45a..baa20c85799d 100644 --- a/block/blk-iocost.c +++ b/block/blk-iocost.c @@ -1347,7 +1347,7 @@ static bool iocg_kick_delay(struct ioc_gq *iocg, struct ioc_now *now) { struct ioc *ioc = iocg->ioc; struct blkcg_gq *blkg = iocg_to_blkg(iocg); - u64 tdelta, delay, new_delay; + u64 tdelta, delay, new_delay, shift; s64 vover, vover_pct; u32 hwa; @@ -1362,8 +1362,9 @@ static bool iocg_kick_delay(struct ioc_gq *iocg, struct ioc_now *now) /* calculate the current delay in effect - 1/2 every second */ tdelta = now->now - iocg->delay_at; - if (iocg->delay) - delay = iocg->delay >> div64_u64(tdelta, USEC_PER_SEC); + shift = div64_u64(tdelta, USEC_PER_SEC); + if (iocg->delay && shift < BITS_PER_LONG) + delay = iocg->delay >> shift; else delay = 0; -- 2.42.0