Re: [bug report] staging: lustre: lov: Ensure correct operation for large object sizes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hello Nathaniel Clark,
> 
> The patch 476f575cf070: "staging: lustre: lov: Ensure correct
> operation for large object sizes" from Jul 26, 2017, leads to the
> following static checker warning:
> 
> 	drivers/staging/lustre/lustre/lov/lov_ea.c:207 lsm_unpackmd_common()
> 	warn: signed overflow undefined. 'min_stripe_maxbytes * stripe_count < min_stripe_maxbytes'
> 
> drivers/staging/lustre/lustre/lov/lov_ea.c
>    148  static int lsm_unpackmd_common(struct lov_obd *lov,
>    149                                 struct lov_stripe_md *lsm,
>    150                                 struct lov_mds_md *lmm,
>    151                                 struct lov_ost_data_v1 *objects)
>    152  {
>    153          loff_t min_stripe_maxbytes = 0;
>                 ^^^^^^
> loff_t is long long.
> 
>    154          unsigned int stripe_count;
>    155          struct lov_oinfo *loi;
>    156          loff_t lov_bytes;
>    157          unsigned int i;
>    158  
>    159          /*
>    160           * This supposes lov_mds_md_v1/v3 first fields are
>    161           * are the same
>    162           */
>    163          lmm_oi_le_to_cpu(&lsm->lsm_oi, &lmm->lmm_oi);
>    164          lsm->lsm_stripe_size = le32_to_cpu(lmm->lmm_stripe_size);
>    165          lsm->lsm_pattern = le32_to_cpu(lmm->lmm_pattern);
>    166          lsm->lsm_layout_gen = le16_to_cpu(lmm->lmm_layout_gen);
>    167          lsm->lsm_pool_name[0] = '\0';
>    168  
>    169          stripe_count = lsm_is_released(lsm) ? 0 : lsm->lsm_stripe_count;
>    170  
>    171          for (i = 0; i < stripe_count; i++) {
>    172                  loi = lsm->lsm_oinfo[i];
>    173                  ostid_le_to_cpu(&objects[i].l_ost_oi, &loi->loi_oi);
>    174                  loi->loi_ost_idx = le32_to_cpu(objects[i].l_ost_idx);
>    175                  loi->loi_ost_gen = le32_to_cpu(objects[i].l_ost_gen);
>    176                  if (lov_oinfo_is_dummy(loi))
>    177                          continue;
>    178  
>    179                  if (loi->loi_ost_idx >= lov->desc.ld_tgt_count &&
>    180                      !lov2obd(lov)->obd_process_conf) {
>    181                          CERROR("%s: OST index %d more than OST count %d\n",
>    182                                 (char *)lov->desc.ld_uuid.uuid,
>    183                                 loi->loi_ost_idx, lov->desc.ld_tgt_count);
>    184                          lov_dump_lmm_v1(D_WARNING, lmm);
>    185                          return -EINVAL;
>    186                  }
>    187  
>    188                  if (!lov->lov_tgts[loi->loi_ost_idx]) {
>    189                          CERROR("%s: OST index %d missing\n",
>    190                                 (char *)lov->desc.ld_uuid.uuid,
>    191                                 loi->loi_ost_idx);
>    192                          lov_dump_lmm_v1(D_WARNING, lmm);
>    193                          continue;
>    194                  }
>    195  
>    196                  lov_bytes = lov_tgt_maxbytes(lov->lov_tgts[loi->loi_ost_idx]);
>    197                  if (min_stripe_maxbytes == 0 || lov_bytes < min_stripe_maxbytes)
>    198                          min_stripe_maxbytes = lov_bytes;
>    199          }
>    200  
>    201          if (min_stripe_maxbytes == 0)
>    202                  min_stripe_maxbytes = LUSTRE_EXT3_STRIPE_MAXBYTES;
>    203  
>    204          stripe_count = lsm->lsm_stripe_count ?: lov->desc.ld_tgt_count;
>    205          lov_bytes = min_stripe_maxbytes * stripe_count;
>                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> This is undefined in C.
> 
>    206  
>    207          if (lov_bytes < min_stripe_maxbytes) /* handle overflow */
>                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> So this might be wrong.
> 
>    208                  lsm->lsm_maxbytes = MAX_LFS_FILESIZE;
>    209          else
>    210                  lsm->lsm_maxbytes = lov_bytes;
>    211  
>    212          return 0;
>    213  }

Dan what exact command did you use to find this bug? We do use smatch to 
find these kinds of issues before patches land but some how we are missing
this class from time to time.

Just to let you know the bug is being tracked under 

https://jira.hpdd.intel.com/browse/LU-9862

We do have a patch as well under going testing and review.
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel



[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux