signed integer overflow bug in truncate_pagecache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Running a debug build of the kernel while running regression tests for
cifs.ko on 5.11, I noticed this message logged which looks like it is
still a probably valid bug in truncate_pagecache in mm/truncate.c in
current kernel as well

     loff_t holebegin = round_up(newsize, PAGE_SIZE);

This was what was in dmesg:

[23907.325526] UBSAN: signed-integer-overflow in mm/truncate.c:833:9
[23907.325532] 9223372036854775807 + 1 cannot be represented in type
'long long int'
[23907.325536] CPU: 2 PID: 13007 Comm: xfs_io Not tainted 5.11.22 #1
[23907.325540] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[23907.325543] Call Trace:
[23907.325548]  dump_stack+0x8d/0xb5
[23907.325560]  ubsan_epilogue+0x5/0x50
[23907.325568]  handle_overflow+0xa3/0xb0
[23907.325581]  truncate_pagecache+0x8a/0x90
[23907.325587]  cifs_set_file_size+0xdb/0x2c0 [cifs]
[23907.325749]  cifs_setattr+0xc93/0x1260 [cifs]
[23907.325799]  notify_change+0x35b/0x4a0
[23907.325811]  ? do_truncate+0x5e/0x90
[23907.325817]  do_truncate+0x5e/0x90
[23907.325828]  do_sys_ftruncate+0x143/0x280
[23907.325837]  do_syscall_64+0x33/0x40
[23907.325842]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

-- 
Thanks,

Steve




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux