From: coverity-bot <keescook@chromium.org>
To: Matthew Bobrowski <mbobrowski@mbobrowski.org>
Cc: Jan Kara <jack@suse.cz>, Theodore Ts'o <tytso@mit.edu>,
Ritesh Harjani <riteshh@linux.ibm.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org
Subject: Coverity: ext4_iomap_alloc(): Integer handling issues
Date: Mon, 11 Nov 2019 17:35:44 -0800 [thread overview]
Message-ID: <201911111735.1F45BB0B4@keescook> (raw)
Hello!
This is an experimental automated report about issues detected by Coverity
from a scan of next-20191108 as part of the linux-next weekly scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan
You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by recent commits:
378f32bab371 ("ext4: introduce direct I/O write using iomap infrastructure")
Coverity reported the following:
*** CID 1487841: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/fs/ext4/inode.c: 3388 in ext4_iomap_alloc()
3382 /*
3383 * We use i_size instead of i_disksize here because delalloc writeback
3384 * can complete at any point during the I/O and subsequently push the
3385 * i_disksize out to i_size. This could be beyond where direct I/O is
3386 * happening and thus expose allocated blocks to direct I/O reads.
3387 */
vvv CID 1487841: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
vvv Potentially overflowing expression "1 << blkbits" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "loff_t" (64 bits, signed).
3388 else if ((map->m_lblk * (1 << blkbits)) >= i_size_read(inode))
3389 m_flags = EXT4_GET_BLOCKS_CREATE;
3390 else if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))
3391 m_flags = EXT4_GET_BLOCKS_IO_CREATE_EXT;
3392
3393 ret = ext4_map_blocks(handle, inode, map, m_flags);
If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487841 ("Integer handling issues")
Fixes: 378f32bab371 ("ext4: introduce direct I/O write using iomap infrastructure")
Thanks for your attention!
--
Coverity-bot
next reply other threads:[~2019-11-12 1:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 1:35 coverity-bot [this message]
2019-11-12 7:22 ` Coverity: ext4_iomap_alloc(): Integer handling issues Matthew Bobrowski
2019-11-12 11:00 ` Jan Kara
2019-11-12 20:56 ` Kees Cook
2019-11-12 21:28 ` Matthew Bobrowski
2019-11-12 22:17 ` Kees Cook
2019-11-13 4:38 ` Matthew Bobrowski
2019-11-13 9:37 ` Jan Kara
2019-11-13 18:38 ` Kees Cook
2019-11-14 8:58 ` Jan Kara
2019-11-14 18:43 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201911111735.1F45BB0B4@keescook \
--to=keescook@chromium.org \
--cc=gustavo@embeddedor.com \
--cc=jack@suse.cz \
--cc=linux-next@vger.kernel.org \
--cc=mbobrowski@mbobrowski.org \
--cc=riteshh@linux.ibm.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.