On Thu, Aug 22, 2024 at 08:41:36AM -0700, Konstantin Ovsepian wrote: > Recently running UBSAN caught few out of bound shifts in the > ioc_forgive_debts() function: > > UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 > shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long > long') > ... > UBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30 > shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long > long') > ... > Call Trace: > <IRQ> > dump_stack_lvl+0xca/0x130 > __ubsan_handle_shift_out_of_bounds+0x22c/0x280 > ? __lock_acquire+0x6441/0x7c10 > ioc_timer_fn+0x6cec/0x7750 > ? blk_iocost_init+0x720/0x720 > ? call_timer_fn+0x5d/0x470 > call_timer_fn+0xfa/0x470 > ? blk_iocost_init+0x720/0x720 > __run_timer_base+0x519/0x700 > ... > > Actual impact of this issue was not identified but I propose to fix the > undefined behaviour. > The proposed fix to prevent those out of bound shifts consist of > precalculating exponent before using it the shift operations by taking > min value from the actual exponent and maximum possible number of bits. > > Reported-by: Breno Leitao <leitao@xxxxxxxxxx> > Signed-off-by: Konstantin Ovsepian <ovs@xxxxxx> Acked-by: Tejun Heo <tj@xxxxxxxxxx> Thanks. -- tejun
