From: Theodore Ts'o <tytso@mit.edu>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ingo Molnar <mingo@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
David Miller <davem@davemloft.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>,
Network Development <netdev@vger.kernel.org>,
"linux-ext4@vger.kernel.org" <linux-ext4@vger.kernel.org>
Subject: Re: Unsigned widening casts of binary "not" operations..
Date: Tue, 23 Apr 2013 09:00:42 -0400 [thread overview]
Message-ID: <20130423130041.GB31170@thunk.org> (raw)
In-Reply-To: <CA+55aFwpLu0qNms=hkQr43yqD0K9DgESNm91OEWKT1ZuT8MU6Q@mail.gmail.com>
On Mon, Apr 22, 2013 at 05:15:19PM -0700, Linus Torvalds wrote:
> Here's a ext4 code snippet that looks like an actual bug (but seems to only
> hit read-ahead):
>
> ext4_fsblk_t b, block;
>
> b = block & ~(EXT4_SB(sb)->s_inode_readahead_blks-1);
>
> where "b" actually ends up having the upper bits cleared, because the
> s_inode_readahead_blks thing is an unsigned int, so you're masking off not
> just the low bits, but the high bits too. Ted? Of course, it's just
> read-ahead, so it probably doesn't matter, but.
Yep, it's a bug alright. Thanks for catching it!
- Ted
>From 0d606e2c9fccdd4e67febf1e2da500e1bfe9e045 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Tue, 23 Apr 2013 08:59:35 -0400
Subject: [PATCH] ext4: fix type-widening bug in inode table readahead code
Due to a missing cast, the high 32-bits of a 64-bit block number used
when calculating the readahead block for inode tables can get lost.
This means we can end up fetching the wrong blocks for readahead for
file systems > 16TB.
Linus found this when experimenting with an enhacement to the sparse
static code checker which checks for missing widening casts before
binary "not" operators.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
---
fs/ext4/inode.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index d7518e2..793d44b 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4011,13 +4011,14 @@ make_io:
if (EXT4_SB(sb)->s_inode_readahead_blks) {
ext4_fsblk_t b, end, table;
unsigned num;
+ __u32 ra_blks = EXT4_SB(sb)->s_inode_readahead_blks;
table = ext4_inode_table(sb, gdp);
/* s_inode_readahead_blks is always a power of 2 */
- b = block & ~(EXT4_SB(sb)->s_inode_readahead_blks-1);
+ b = block & ~((ext4_fsblk_t) ra_blks - 1);
if (table > b)
b = table;
- end = b + EXT4_SB(sb)->s_inode_readahead_blks;
+ end = b + ra_blks;
num = EXT4_INODES_PER_GROUP(sb);
if (ext4_has_group_desc_csum(sb))
num -= ext4_itable_unused_count(sb, gdp);
--
1.7.12.rc0.22.gcdd159b
next prev parent reply other threads:[~2013-04-23 13:00 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CA+55aFwpLu0qNms=hkQr43yqD0K9DgESNm91OEWKT1ZuT8MU6Q@mail.gmail.com>
2013-04-23 0:23 ` Unsigned widening casts of binary "not" operations Linus Torvalds
2013-04-23 8:59 ` David Laight
2013-04-23 8:59 ` David Laight
2013-04-23 14:29 ` Linus Torvalds
2013-04-23 15:24 ` David Laight
2013-04-23 15:24 ` David Laight
2013-04-23 15:42 ` Linus Torvalds
2013-04-23 15:52 ` Theodore Ts'o
2013-04-23 16:05 ` Linus Torvalds
2013-04-23 17:37 ` David Miller
2013-04-23 17:52 ` Linus Torvalds
2013-04-23 17:56 ` David Miller
2013-04-23 18:21 ` Linus Torvalds
2013-04-24 12:36 ` Geert Uytterhoeven
2013-04-23 0:32 ` H. Peter Anvin
2013-04-23 13:00 ` Theodore Ts'o [this message]
2013-04-24 7:26 ` Ingo Molnar
2013-04-24 7:47 ` Cyrill Gorcunov
2013-04-25 1:13 ` Lin Ming
2013-04-24 17:07 ` [PATCH] x86: make DR*_RESERVED unsigned long Oleg Nesterov
2013-04-24 18:45 ` H. Peter Anvin
2013-04-25 14:48 ` Oleg Nesterov
2013-04-26 16:38 ` [PATCH v2] " Oleg Nesterov
2013-04-26 16:44 ` H. Peter Anvin
2013-04-26 17:15 ` Oleg Nesterov
2013-04-27 14:45 ` Oleg Nesterov
2013-04-27 16:20 ` H. Peter Anvin
2013-04-28 0:58 ` Frederic Weisbecker
2013-04-28 17:27 ` Oleg Nesterov
2013-04-28 17:32 ` H. Peter Anvin
2013-04-28 17:39 ` Oleg Nesterov
2013-04-28 17:43 ` H. Peter Anvin
2013-04-24 22:48 ` [PATCH] " Frederic Weisbecker
2013-04-24 23:06 ` H. Peter Anvin
2013-04-24 23:31 ` Frederic Weisbecker
2013-04-25 1:20 ` H. Peter Anvin
2013-04-26 14:20 ` [tip:perf/core] perf/x86/intel/P4: Robistify P4 PMU types tip-bot for Ingo Molnar
2013-04-26 16:13 ` Borislav Petkov
2013-04-26 16:24 ` Cyrill Gorcunov
2013-04-26 16:39 ` Borislav Petkov
2013-04-26 16:46 ` Cyrill Gorcunov
2013-04-27 16:14 ` Borislav Petkov
2013-04-27 16:33 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130423130041.GB31170@thunk.org \
--to=tytso@mit.edu \
--cc=davem@davemloft.net \
--cc=hpa@zytor.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.