From: ben.hutchings@codethink.co.uk (Ben Hutchings)
To: cip-dev@lists.cip-project.org
Subject: [cip-dev] [PATCH 4.4-cip 17/23] rhashtable: fix shift by 64 when shrinking
Date: Fri, 09 Dec 2016 00:37:04 +0000 [thread overview]
Message-ID: <1481243824.1860.173.camel@codethink.co.uk> (raw)
In-Reply-To: <1481243545.1860.156.camel@codethink.co.uk>
From: Vegard Nossum <vegard.nossum@oracle.com>
commit 12311959ecf8a3a64676c01b62ce67a0c5f0fd49 upstream.
I got this:
================================================================================
UBSAN: Undefined behaviour in ./include/linux/log2.h:63:13
shift exponent 64 is too large for 64-bit type 'long unsigned int'
CPU: 1 PID: 721 Comm: kworker/1:1 Not tainted 4.8.0-rc1+ #87
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
Workqueue: events rht_deferred_worker
0000000000000000 ffff88011661f8d8 ffffffff82344f50 0000000041b58ab3
ffffffff84f98000 ffffffff82344ea4 ffff88011661f900 ffff88011661f8b0
0000000000000001 ffff88011661f6b8 dffffc0000000000 ffffffff867f7640
Call Trace:
[<ffffffff82344f50>] dump_stack+0xac/0xfc
[<ffffffff82344ea4>] ? _atomic_dec_and_lock+0xc4/0xc4
[<ffffffff8242f5b8>] ubsan_epilogue+0xd/0x8a
[<ffffffff82430c41>] __ubsan_handle_shift_out_of_bounds+0x255/0x29a
[<ffffffff824309ec>] ? __ubsan_handle_out_of_bounds+0x180/0x180
[<ffffffff84003436>] ? nl80211_req_set_reg+0x256/0x2f0
[<ffffffff812112ba>] ? print_context_stack+0x8a/0x160
[<ffffffff81200031>] ? amd_pmu_reset+0x341/0x380
[<ffffffff823af808>] rht_deferred_worker+0x1618/0x1790
[<ffffffff823af808>] ? rht_deferred_worker+0x1618/0x1790
[<ffffffff823ae1f0>] ? rhashtable_jhash2+0x370/0x370
[<ffffffff8134c12d>] ? process_one_work+0x6fd/0x1970
[<ffffffff8134c1cf>] process_one_work+0x79f/0x1970
[<ffffffff8134c12d>] ? process_one_work+0x6fd/0x1970
[<ffffffff8134ba30>] ? try_to_grab_pending+0x4c0/0x4c0
[<ffffffff8134d564>] ? worker_thread+0x1c4/0x1340
[<ffffffff8134d8ff>] worker_thread+0x55f/0x1340
[<ffffffff845e904f>] ? __schedule+0x4df/0x1d40
[<ffffffff8134d3a0>] ? process_one_work+0x1970/0x1970
[<ffffffff8134d3a0>] ? process_one_work+0x1970/0x1970
[<ffffffff813642f7>] kthread+0x237/0x390
[<ffffffff813640c0>] ? __kthread_parkme+0x280/0x280
[<ffffffff845f8c93>] ? _raw_spin_unlock_irq+0x33/0x50
[<ffffffff845f95df>] ret_from_fork+0x1f/0x40
[<ffffffff813640c0>] ? __kthread_parkme+0x280/0x280
================================================================================
roundup_pow_of_two() is undefined when called with an argument of 0, so
let's avoid the call and just fall back to ht->p.min_size (which should
never be smaller than HASH_MIN_SIZE).
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
---
lib/rhashtable.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/rhashtable.c b/lib/rhashtable.c
index 51282f579760..d7f5b4d035ff 100644
--- a/lib/rhashtable.c
+++ b/lib/rhashtable.c
@@ -324,12 +324,14 @@ static int rhashtable_expand(struct rhashtable *ht)
static int rhashtable_shrink(struct rhashtable *ht)
{
struct bucket_table *new_tbl, *old_tbl = rht_dereference(ht->tbl, ht);
- unsigned int size;
+ unsigned int nelems = atomic_read(&ht->nelems);
+ unsigned int size = 0;
int err;
ASSERT_RHT_MUTEX(ht);
- size = roundup_pow_of_two(atomic_read(&ht->nelems) * 3 / 2);
+ if (nelems)
+ size = roundup_pow_of_two(nelems * 3 / 2);
if (size < ht->p.min_size)
size = ht->p.min_size;
--
2.10.2
--
Ben Hutchings
Software Developer, Codethink Ltd.
next prev parent reply other threads:[~2016-12-09 0:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-09 0:32 [cip-dev] [PATCH 4.4-cip 00/23] Undefined Behaviour Sanititizer support Ben Hutchings
2016-12-09 0:33 ` [cip-dev] [PATCH 4.4-cip 01/23] UBSAN: run-time undefined behavior sanity checker Ben Hutchings
2016-12-09 0:33 ` [cip-dev] [PATCH 4.4-cip 02/23] ubsan: cosmetic fix to Kconfig text Ben Hutchings
2016-12-09 0:34 ` [cip-dev] [PATCH 4.4-cip 03/23] PM / sleep: declare __tracedata symbols as char[] rather than char Ben Hutchings
2016-12-09 0:34 ` [cip-dev] [PATCH 4.4-cip 04/23] x86/microcode/intel: Change checksum variables to u32 Ben Hutchings
2016-12-09 0:34 ` [cip-dev] [PATCH 4.4-cip 05/23] mm/page-writeback: fix dirty_ratelimit calculation Ben Hutchings
2016-12-09 0:34 ` [cip-dev] [PATCH 4.4-cip 06/23] perf/core: Fix Undefined behaviour in rb_alloc() Ben Hutchings
2016-12-09 0:35 ` [cip-dev] [PATCH 4.4-cip 07/23] ubsan: fix tree-wide -Wmaybe-uninitialized false positives Ben Hutchings
2016-12-09 0:35 ` [cip-dev] [PATCH 4.4-cip 08/23] mm/filemap: generic_file_read_iter(): check for zero reads unconditionally Ben Hutchings
2016-12-09 0:35 ` [cip-dev] [PATCH 4.4-cip 09/23] perf/x86/amd: Set the size of event map array to PERF_COUNT_HW_MAX Ben Hutchings
2016-12-09 0:35 ` [cip-dev] [PATCH 4.4-cip 10/23] drm/radeon: don't include RADEON_HPD_NONE in HPD IRQ enable bitsets Ben Hutchings
2016-12-09 0:35 ` [cip-dev] [PATCH 4.4-cip 11/23] btrfs: fix int32 overflow in shrink_delalloc() Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 12/23] blk-mq: fix undefined behaviour in order_to_size() Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 13/23] batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 14/23] signal: move the "sig < SIGRTMIN" check into siginmask(sig) Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 15/23] mmc: dw_mmc: remove UBSAN warning in dw_mci_setup_bus() Ben Hutchings
2016-12-09 0:36 ` [cip-dev] [PATCH 4.4-cip 16/23] UBSAN: fix typo in format string Ben Hutchings
2016-12-09 0:37 ` Ben Hutchings [this message]
2016-12-09 0:37 ` [cip-dev] [PATCH 4.4-cip 18/23] time: Avoid undefined behaviour in ktime_add_safe() Ben Hutchings
2016-12-09 0:39 ` [cip-dev] [PATCH 4.4-cip 19/23] pwm: samsung: Fix to use lowest div for large enough modulation bits Ben Hutchings
2016-12-09 0:39 ` [cip-dev] [PATCH 4.4-cip 20/23] drm: fix signed integer overflow Ben Hutchings
2016-12-09 0:39 ` [cip-dev] [PATCH 4.4-cip 21/23] xfs: " Ben Hutchings
2016-12-09 0:41 ` [cip-dev] [PATCH 4.4-cip 22/23] net: get rid of an signed integer overflow in ip_idents_reserve() Ben Hutchings
2016-12-09 0:41 ` [cip-dev] [PATCH 4.4-cip 23/23] mlx4: remove unused fields Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1481243824.1860.173.camel@codethink.co.uk \
--to=ben.hutchings@codethink.co.uk \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.