Patch "blk-iocost: avoid out of bounds shift" has been added to the 6.8-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    blk-iocost: avoid out of bounds shift

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     blk-iocost-avoid-out-of-bounds-shift.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 54ce4440ff78f4975ef8e5234ec3e369da8dd9a0
Author: Rik van Riel <riel@xxxxxxxxxxx>
Date:   Thu Apr 4 12:32:53 2024 -0400

    blk-iocost: avoid out of bounds shift
    
    [ Upstream commit beaa51b36012fad5a4d3c18b88a617aea7a9b96d ]
    
    UBSAN catches undefined behavior in blk-iocost, where sometimes
    iocg->delay is shifted right by a number that is too large,
    resulting in undefined behavior on some architectures.
    
    [  186.556576] ------------[ cut here ]------------
    UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23
    shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')
    CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S          E    N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1
    Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020
    Call Trace:
     <IRQ>
     dump_stack_lvl+0x8f/0xe0
     __ubsan_handle_shift_out_of_bounds+0x22c/0x280
     iocg_kick_delay+0x30b/0x310
     ioc_timer_fn+0x2fb/0x1f80
     __run_timer_base+0x1b6/0x250
    ...
    
    Avoid that undefined behavior by simply taking the
    "delay = 0" branch if the shift is too large.
    
    I am not sure what the symptoms of an undefined value
    delay will be, but I suspect it could be more than a
    little annoying to debug.
    
    Signed-off-by: Rik van Riel <riel@xxxxxxxxxxx>
    Cc: Tejun Heo <tj@xxxxxxxxxx>
    Cc: Josef Bacik <josef@xxxxxxxxxxxxxx>
    Cc: Jens Axboe <axboe@xxxxxxxxx>
    Acked-by: Tejun Heo <tj@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240404123253.0f58010f@xxxxxxxxxxxxxxxxxxxx
    Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/block/blk-iocost.c b/block/blk-iocost.c
index 04d44f0bcbc85..b1c4c874d4201 100644
--- a/block/blk-iocost.c
+++ b/block/blk-iocost.c
@@ -1347,7 +1347,7 @@ static bool iocg_kick_delay(struct ioc_gq *iocg, struct ioc_now *now)
 {
 	struct ioc *ioc = iocg->ioc;
 	struct blkcg_gq *blkg = iocg_to_blkg(iocg);
-	u64 tdelta, delay, new_delay;
+	u64 tdelta, delay, new_delay, shift;
 	s64 vover, vover_pct;
 	u32 hwa;
 
@@ -1362,8 +1362,9 @@ static bool iocg_kick_delay(struct ioc_gq *iocg, struct ioc_now *now)
 
 	/* calculate the current delay in effect - 1/2 every second */
 	tdelta = now->now - iocg->delay_at;
-	if (iocg->delay)
-		delay = iocg->delay >> div64_u64(tdelta, USEC_PER_SEC);
+	shift = div64_u64(tdelta, USEC_PER_SEC);
+	if (iocg->delay && shift < BITS_PER_LONG)
+		delay = iocg->delay >> shift;
 	else
 		delay = 0;
 




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux