On Tue, Oct 18, 2022 at 4:11 PM Dongliang Mu <mudongliangabcd@xxxxxxxxx> wrote: > > On Tue, Oct 18, 2022 at 1:50 PM kernel test robot <lkp@xxxxxxxxx> wrote: > > > > tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master > > head: 4ca786ae6681b90b0ec3f4c55c89d12f835f8944 > > commit: 920f4b7e923b35fd9d117fd3cb616b310cd41010 [1304/1443] fs: jfs: fix shift-out-of-bounds in dbAllocAG > > config: mips-randconfig-r005-20221017 > > compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 791a7ae1ba3efd6bca96338e10ffde557ba83920) > > reproduce (this is a W=1 build): > > wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross > > chmod +x ~/bin/make.cross > > # install mips cross compiling tool for clang build > > # apt-get install binutils-mipsel-linux-gnu > > # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=920f4b7e923b35fd9d117fd3cb616b310cd41010 > > git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git > > git fetch --no-tags linux-next master > > git checkout 920f4b7e923b35fd9d117fd3cb616b310cd41010 > > # save the config file > > mkdir build_dir && cp config build_dir/.config > > COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=mips SHELL=/bin/bash fs/jfs/ > > > > If you fix the issue, kindly add following tag where applicable > > | Reported-by: kernel test robot <lkp@xxxxxxxxx> > > > > All warnings (new ones prefixed by >>): > > > > >> fs/jfs/jfs_dmap.c:196:23: warning: result of comparison of constant 8796093022201 with expression of type 'int' is always false [-Wtautological-constant-out-of-range-compare] > > if (bmp->db_agl2size > MAXMAPSIZE - L2MAXAG) { > > ~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~ > > 1 warning generated. > > Hi Dave, > > I did not double check the upper bound of db_agl2size. It seems the > upper bound should be L2MAXL2SIZE - L2MAXAG, other than MAXMAPSIZE - > L2MAXAG. > > And L2MAXL2SIZE = L2BPERDMAP + 3 * L2LPERCTL = 13+3*10 = 43. > > I will send a fixes commit. The fixes patch is here: https://marc.info/?l=jfs-discussion&m=166608184908883&w=2 > > > > > > > vim +/int +196 fs/jfs/jfs_dmap.c > > > > 135 > > 136 /* > > 137 * NAME: dbMount() > > 138 * > > 139 * FUNCTION: initializate the block allocation map. > > 140 * > > 141 * memory is allocated for the in-core bmap descriptor and > > 142 * the in-core descriptor is initialized from disk. > > 143 * > > 144 * PARAMETERS: > > 145 * ipbmap - pointer to in-core inode for the block map. > > 146 * > > 147 * RETURN VALUES: > > 148 * 0 - success > > 149 * -ENOMEM - insufficient memory > > 150 * -EIO - i/o error > > 151 * -EINVAL - wrong bmap data > > 152 */ > > 153 int dbMount(struct inode *ipbmap) > > 154 { > > 155 struct bmap *bmp; > > 156 struct dbmap_disk *dbmp_le; > > 157 struct metapage *mp; > > 158 int i, err; > > 159 > > 160 /* > > 161 * allocate/initialize the in-memory bmap descriptor > > 162 */ > > 163 /* allocate memory for the in-memory bmap descriptor */ > > 164 bmp = kmalloc(sizeof(struct bmap), GFP_KERNEL); > > 165 if (bmp == NULL) > > 166 return -ENOMEM; > > 167 > > 168 /* read the on-disk bmap descriptor. */ > > 169 mp = read_metapage(ipbmap, > > 170 BMAPBLKNO << JFS_SBI(ipbmap->i_sb)->l2nbperpage, > > 171 PSIZE, 0); > > 172 if (mp == NULL) { > > 173 err = -EIO; > > 174 goto err_kfree_bmp; > > 175 } > > 176 > > 177 /* copy the on-disk bmap descriptor to its in-memory version. */ > > 178 dbmp_le = (struct dbmap_disk *) mp->data; > > 179 bmp->db_mapsize = le64_to_cpu(dbmp_le->dn_mapsize); > > 180 bmp->db_nfree = le64_to_cpu(dbmp_le->dn_nfree); > > 181 bmp->db_l2nbperpage = le32_to_cpu(dbmp_le->dn_l2nbperpage); > > 182 bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag); > > 183 if (!bmp->db_numag) { > > 184 err = -EINVAL; > > 185 goto err_release_metapage; > > 186 } > > 187 > > 188 bmp->db_maxlevel = le32_to_cpu(dbmp_le->dn_maxlevel); > > 189 bmp->db_maxag = le32_to_cpu(dbmp_le->dn_maxag); > > 190 bmp->db_agpref = le32_to_cpu(dbmp_le->dn_agpref); > > 191 bmp->db_aglevel = le32_to_cpu(dbmp_le->dn_aglevel); > > 192 bmp->db_agheight = le32_to_cpu(dbmp_le->dn_agheight); > > 193 bmp->db_agwidth = le32_to_cpu(dbmp_le->dn_agwidth); > > 194 bmp->db_agstart = le32_to_cpu(dbmp_le->dn_agstart); > > 195 bmp->db_agl2size = le32_to_cpu(dbmp_le->dn_agl2size); > > > 196 if (bmp->db_agl2size > MAXMAPSIZE - L2MAXAG) { > > 197 err = -EINVAL; > > 198 goto err_release_metapage; > > 199 } > > 200 > > 201 for (i = 0; i < MAXAG; i++) > > 202 bmp->db_agfree[i] = le64_to_cpu(dbmp_le->dn_agfree[i]); > > 203 bmp->db_agsize = le64_to_cpu(dbmp_le->dn_agsize); > > 204 bmp->db_maxfreebud = dbmp_le->dn_maxfreebud; > > 205 > > 206 /* release the buffer. */ > > 207 release_metapage(mp); > > 208 > > 209 /* bind the bmap inode and the bmap descriptor to each other. */ > > 210 bmp->db_ipbmap = ipbmap; > > 211 JFS_SBI(ipbmap->i_sb)->bmap = bmp; > > 212 > > 213 memset(bmp->db_active, 0, sizeof(bmp->db_active)); > > 214 > > 215 /* > > 216 * allocate/initialize the bmap lock > > 217 */ > > 218 BMAP_LOCK_INIT(bmp); > > 219 > > 220 return (0); > > 221 > > 222 err_release_metapage: > > 223 release_metapage(mp); > > 224 err_kfree_bmp: > > 225 kfree(bmp); > > 226 return err; > > 227 } > > 228 > > > > -- > > 0-DAY CI Kernel Test Service > > https://01.org/lkp
