The patch titled
Subject: include/linux/bitops.h: fix UBSAN undefined behavior warning for rotation right
has been added to the -mm tree. Its filename is
bitops-fix-ubsan-undefined-behavior-warning-for-rotation-right.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/bitops-fix-ubsan-undefined-behavior-warning-for-rotation-right.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/bitops-fix-ubsan-undefined-behavior-warning-for-rotation-right.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Vadim Pasternak <vadimp@xxxxxxxxxxxx>
Subject: include/linux/bitops.h: fix UBSAN undefined behavior warning for rotation right
The warning is caused by call to rorXX(), if the second parameters of this
function "shift" is zero. In such case UBSAN reports the warning for the
next expression: (word << (XX - shift), where XX is 64, 32, 16, 8 for
respectively ror64, ror32, ror16, ror8. Fix adds validation of this
parameter - in case it's equal zero, no need to rotate, just original
"word" is to be returned to caller.
The UBSAN undefined behavior warning has been reported for call to
ror32():
[ 11.426543] UBSAN: Undefined behaviour in ./include/linux/bitops.h:93:33
[ 11.434045] shift exponent 32 is too large for 32-bit type 'unsigned int'
[ 11.441647] Hardware name: Mellanox Technologies Ltd. MSN3800/VMOD0007, BIOS 5.11 01/06/2019
[ 11.441650] Call Trace:
[ 11.441661] dump_stack+0x71/0xab
[ 11.441668] ubsan_epilogue+0x9/0x49
[ 11.441676] __ubsan_handle_shift_out_of_bounds+0x1ea/0x241
[ 11.441683] ? __ubsan_handle_load_invalid_value+0x137/0x137
[ 11.441691] ? __module_text_address+0x11/0x90
[ 11.441697] ? widen_string+0x27/0x140
[ 11.441704] ? regmap_readable+0x76/0xc0
[ 11.441709] ? regmap_readable+0x76/0xc0
[ 11.441718] ? mlxplat_mlxcpld_readable_reg+0x1f/0x30 [mlx_platform]
[ 11.441723] ? regmap_volatile+0x40/0xb0
[ 11.441729] ? mlxplat_mlxcpld_volatile_reg+0x1f/0x30 [mlx_platform]
[ 11.441735] ? _regmap_read+0x11c/0x210
[ 11.441741] ? __mutex_lock_slowpath+0x10/0x10
[ 11.441750] ? mlxreg_led_store_hw+0x191/0x270 [leds_mlxreg]
[ 11.441756] mlxreg_led_store_hw+0x191/0x270 [leds_mlxreg]
[ 11.441764] ? mlxreg_led_brightness_get+0x270/0x270 [leds_mlxreg]
[ 11.441769] ? del_timer+0xe0/0xe0
[ 11.441776] ? bust_spinlocks+0x90/0x90
[ 11.441784] led_blink_setup+0x47/0x1d0
[ 11.441792] timer_trig_activate+0x8f/0x175 [ledtrig_timer]
[ 11.441799] ? kvasprintf_const+0xb0/0xb0
[ 11.441805] ? led_delay_on_show+0x50/0x50 [ledtrig_timer]
[ 11.441810] ? _raw_write_lock_bh+0xe0/0xe0
[ 11.441815] ? _raw_read_lock_irqsave+0x80/0x80
[ 11.441822] led_trigger_set+0x2cf/0x4d0
[ 11.441829] ? led_trigger_show+0x1f0/0x1f0
[ 11.441834] ? __mutex_lock_slowpath+0x10/0x10
[ 11.441840] ? kernfs_get_active+0xb2/0x120
[ 11.441845] ? kernfs_get_parent+0x50/0x50
[ 11.441851] led_trigger_store+0xe7/0x130
[ 11.441858] kernfs_fop_write+0x19a/0x250
[ 11.441863] ? sysfs_kf_bin_read+0x120/0x120
[ 11.441869] vfs_write+0xf5/0x230
[ 11.441875] ksys_write+0xa1/0x120
[ 11.441881] ? __ia32_sys_read+0x50/0x50
[ 11.441888] ? __do_page_fault+0x3e4/0x640
[ 11.441895] do_syscall_64+0x73/0x160
[ 11.441900] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 11.441905] RIP: 0033:0x7f955749f730
[ 11.441911] Code: 73 01 c3 48 8b 0d 68 d7 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d d9 2f 2c 00 00 75 10 b8 01 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 7e 9b 01 00 48 89 04 24
[ 11.441914] RSP: 002b:00007ffd4da04488 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 11.441920] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f955749f730
[ 11.441923] RDX: 0000000000000006 RSI: 0000000001a14408 RDI: 0000000000000001
[ 11.441926] RBP: 0000000001a14408 R08: 00007f955775f760 R09: 00007f9557da9b40
[ 11.441929] R10: 0000000000000097 R11: 0000000000000246 R12: 0000000000000006
[ 11.441932] R13: 0000000000000001 R14: 00007f955775e600 R15: 0000000000000006
Link: http://lkml.kernel.org/r/20190407125325.24440-1-vadimp@xxxxxxxxxxxx
Signed-off-by: Vadim Pasternak <vadimp@xxxxxxxxxxxx>
Reported-by: Ido Schimmel <idosch@xxxxxxxxxxxx>
Cc: Jacek Anaszewski <jacek.anaszewski@xxxxxxxxx>
Cc: Pavel Machek <pavel@xxxxxx>
Cc: Ido Schimmel <idosch@xxxxxxxxxxxx>
Cc: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
include/linux/bitops.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/include/linux/bitops.h~bitops-fix-ubsan-undefined-behavior-warning-for-rotation-right
+++ a/include/linux/bitops.h
@@ -70,6 +70,9 @@ static inline __u64 rol64(__u64 word, un
*/
static inline __u64 ror64(__u64 word, unsigned int shift)
{
+ if (!shift)
+ return word;
+
return (word >> shift) | (word << (64 - shift));
}
@@ -90,6 +93,9 @@ static inline __u32 rol32(__u32 word, un
*/
static inline __u32 ror32(__u32 word, unsigned int shift)
{
+ if (!shift)
+ return word;
+
return (word >> shift) | (word << (32 - shift));
}
@@ -110,6 +116,9 @@ static inline __u16 rol16(__u16 word, un
*/
static inline __u16 ror16(__u16 word, unsigned int shift)
{
+ if (!shift)
+ return word;
+
return (word >> shift) | (word << (16 - shift));
}
@@ -130,6 +139,9 @@ static inline __u8 rol8(__u8 word, unsig
*/
static inline __u8 ror8(__u8 word, unsigned int shift)
{
+ if (!shift)
+ return word;
+
return (word >> shift) | (word << (8 - shift));
}
_
Patches currently in -mm which might be from vadimp@xxxxxxxxxxxx are
bitops-fix-ubsan-undefined-behavior-warning-for-rotation-right.patch
