Re: [PATCH -next 1/1] iomap: Fix a false positive of UBSAN in iomap_seek_data()

From: Matthew Wilcox
Date: Tue Jul 06 2021 - 08:25:40 EST

Next message: Daniel Vetter: "Re: [PATCH v4 0/2] Add p2p via dmabuf to habanalabs"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.12 154/160] bpf: Fix false positive kmemleak report in bpf_ringbuf_area_alloc()"
In reply to: Matthew Wilcox: "Re: [PATCH -next 1/1] iomap: Fix a false positive of UBSAN in iomap_seek_data()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 06, 2021 at 12:08:14PM +0100, Matthew Wilcox wrote:
> On Mon, Jul 05, 2021 at 11:35:08AM +0800, Leizhen (ThunderTown) wrote:
> >
> >
> > On 2021/7/3 3:56, Matthew Wilcox wrote:
> > > On Fri, Jul 02, 2021 at 05:21:09PM +0800, Zhen Lei wrote:
> > >> Move the evaluation expression "size - offset" after the "if (offset < 0)"
> > >> judgment statement to eliminate a false positive produced by the UBSAN.
> > >>
> > >> No functional changes.
> > >>
> > >> ==========================================================================
> > >> UBSAN: Undefined behaviour in fs/iomap.c:1435:9
> > >> signed integer overflow:
> > >> 0 - -9223372036854775808 cannot be represented in type 'long long int'
> > >
> > > I don't understand. I thought we defined the behaviour of signed
> > > integer overflow in the kernel with whatever-the-gcc-flag-is?
> >
> > -9223372036854775808 ==> 0x8000000000000000 ==> -0

(actually, this is incorrect. think about how twos-complement
arithmetic works. first you negate every bit, so 8000..000 turns into
7fff..fff, then you add one, returning to 8000..000, so -LLONG_MIN ==
LLONG_MIN)

> > I don't fully understand what you mean. This is triggered by explicit error
> > injection '-0' at runtime, which should not be detected by compilation options.
>
> We use -fwrapv on the gcc command line:
>
> '-fwrapv'
> This option instructs the compiler to assume that signed arithmetic
> overflow of addition, subtraction and multiplication wraps around
> using twos-complement representation. This flag enables some
> optimizations and disables others.
>
> > lseek(r1, 0x8000000000000000, 0x3)
>
> I'll see about adding this to xfstests ...

I have and it doesn't produce the problem. My config:

CONFIG_UBSAN=y
# CONFIG_UBSAN_TRAP is not set
CONFIG_CC_HAS_UBSAN_BOUNDS=y
CONFIG_UBSAN_BOUNDS=y
CONFIG_UBSAN_ONLY_BOUNDS=y
CONFIG_UBSAN_SHIFT=y
CONFIG_UBSAN_DIV_ZERO=y
CONFIG_UBSAN_BOOL=y
CONFIG_UBSAN_ENUM=y
# CONFIG_UBSAN_ALIGNMENT is not set
CONFIG_UBSAN_SANITIZE_ALL=y
# CONFIG_TEST_UBSAN is not set

I even went as far as adding printks to be sure I'm hitting it:

hole length 0x8000000000000000
data length 0x8000000000000000

Are you compiling with:
KBUILD_CFLAGS += -fno-strict-overflow

Or have you done something weird? What compiler version are you using?

Next message: Daniel Vetter: "Re: [PATCH v4 0/2] Add p2p via dmabuf to habanalabs"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.12 154/160] bpf: Fix false positive kmemleak report in bpf_ringbuf_area_alloc()"
In reply to: Matthew Wilcox: "Re: [PATCH -next 1/1] iomap: Fix a false positive of UBSAN in iomap_seek_data()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]