From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from smtp.codeaurora.org ([198.145.29.96]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1ecTqW-0007h2-Dr for ath10k@lists.infradead.org; Fri, 19 Jan 2018 10:24:30 +0000 From: Kalle Valo Subject: Re: UBSAN: Undefined behaviour in drivers/net/wireless/ath/ath10k/mac.c:3092:53: signed integer overflow References: <70aa931f-2f02-dd26-c98b-695d1321f71b@molgen.mpg.de> Date: Fri, 19 Jan 2018 12:24:11 +0200 In-Reply-To: <70aa931f-2f02-dd26-c98b-695d1321f71b@molgen.mpg.de> (Paul Menzel's message of "Wed, 3 Jan 2018 17:34:08 +0100") Message-ID: <87d1269mes.fsf@kamboji.qca.qualcomm.com> MIME-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "ath10k" Errors-To: ath10k-bounces+kvalo=adurom.com@lists.infradead.org To: Paul Menzel Cc: it+linux-ath10k@molgen.mpg.de, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, ath10k@lists.infradead.org, Mario Limonciello QWRkaW5nIGxpbnV4LXdpcmVsZXNzLiAKCkZvciBsaW51eC13aXJlbGVzcyB0aGUgZnVsbCByZXBv cnQgaXMgaGVyZToKCmh0dHBzOi8vbGttbC5rZXJuZWwub3JnL3IvNzBhYTkzMWYtMmYwMi1kZDI2 LWM5OGItNjk1ZDEzMjFmNzFiQG1vbGdlbi5tcGcuZGUKClBhdWwgTWVuemVsIDxwbWVuemVsK2xp bnV4LWF0aDEwa0Btb2xnZW4ubXBnLmRlPiB3cml0ZXM6Cgo+IEkgZW5hYmxlZCB0aGUgdW5kZWZp bmVkIGJlaGF2aW9yIHNhbml0aXplciwgYW5kIGJ1aWx0IExpbnVz4oCZIG1hc3Rlcgo+IGJyYW5j aCB1bmRlciBVYnVudHUgMTYuMDQgd2l0aCBnY2MgKFVidW50dSA1LjQuMC02dWJ1bnR1MX4xNi4w NC41KQo+IDUuNC4wIDIwMTYwNjA5LgoKQXMgeW91IGp1c3QgcmVjZW50bHkgZW5hYmxlZCBVQlNB TiBJIGd1ZXNzIEkgY2FuIGFzc3VtZSB0aGF0IHRoaXMgaXNuJ3QKYSBuZXcgcmVncmVzc2lvbiBi dXQgaW5zdGVhZCB0aGUgYnVnIGlzIGFuIG9sZCBpc3N1ZT8KCkNhbiB5b3UgcmVwcm9kdWNlIHRo ZSBwcm9ibGVtIGVhc2lseT8gVGhhdCB3b3VsZCBoZWxwIHdpdGggdGVzdGluZwpwYXRjaGVzLgoK PiBgYGAKPiAkIGdyZXAgVUJTQU4gL2Jvb3QvY29uZmlnLTQuMTUuMC1yYzYrCj4gQ09ORklHX0FS Q0hfSEFTX1VCU0FOX1NBTklUSVpFX0FMTD15Cj4gIyBDT05GSUdfQVJDSF9XQU5UU19VQlNBTl9O T19OVUxMIGlzIG5vdCBzZXQKPiBDT05GSUdfVUJTQU49eQo+IENPTkZJR19VQlNBTl9TQU5JVEla RV9BTEw9eQo+ICMgQ09ORklHX1VCU0FOX0FMSUdOTUVOVCBpcyBub3Qgc2V0Cj4gQ09ORklHX1VC U0FOX05VTEw9eQo+IGBgYAo+Cj4gU3VzcGVuZGluZyBhbmQgcmVzdW1pbmcgdGhlIHN5c3RlbSAq RGVsbCBYUFMgMTMgOTM2MCogZnJvbSBBQ1BJIFMzIHRoZQo+IG1lc3NhZ2VzIGJlbG93IGFyZSBw cmludGVkLgo+Cj4gYGBgCj4gJCBnaXQgZGVzY3JpYmUgLS10YWdzCj4gNC4xNS1yYzYKPiAkIGdp dCBsb2cgLS1vbmVsaW5lIC0xCj4gMzBhN2FjZCBMaW51eCA0LjE1LXJjNgo+ICQgZG1lc2cKPiBb 4oCmXQo+IFsgIDk2MC43Mzc3MjRdCj4gPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KPiBbICA5NjAu NzM3NzMwXSBVQlNBTjogVW5kZWZpbmVkIGJlaGF2aW91ciBpbgo+IGRyaXZlcnMvbmV0L3dpcmVs ZXNzL2F0aC9hdGgxMGsvbWFjLmM6MzA5Mjo1MwoKVGhpcyBsaW5lIGlzIGZyb20gYXRoMTBrX3Vw ZGF0ZV9jaGFubmVsX2xpc3QoKToKCgkJCWNoLT5tYXhfYW50ZW5uYV9nYWluID0gY2hhbm5lbC0+ bWF4X2FudGVubmFfZ2FpbiAqIDI7Cgo+IFsgIDk2MC43Mzc3MzNdIHNpZ25lZCBpbnRlZ2VyIG92 ZXJmbG93Ogo+IFsgIDk2MC43Mzc3MzVdIDIxNDc0ODM2NDcgKiAyIGNhbm5vdCBiZSByZXByZXNl bnRlZCBpbiB0eXBlICdpbnQnCgoyMTQ3NDgzNjQ3IGlzIE1BWF9JTlQgYnV0IEkgY2FuJ3QgaW1t ZWFkaXRlbHkgZmlndXJlIG91dCB3aGVyZSB0aGF0J3MKY29taW5nIGZyb20uIE1heWJlIHVuaXRp YWxpc2VkIHN0YWNrIHNvbWV3aGVyZT8KCj4gWyAgOTYwLjczNzczOF0gQ1BVOiAxIFBJRDogMjY2 MyBDb21tOiBjcmRhIE5vdCB0YWludGVkIDQuMTUuMC1yYzYrICMzNgo+IFsgIDk2MC43Mzc3Mzld IEhhcmR3YXJlIG5hbWU6IERlbGwgSW5jLiBYUFMgMTMgOTM2MC8wODM5WTYsIEJJT1MgMi40LjIK PiAxMS8yMS8yMDE3Cj4gWyAgOTYwLjczNzc0MF0gQ2FsbCBUcmFjZToKPiBbICA5NjAuNzM3NzQ5 XSAgZHVtcF9zdGFjaysweDcwLzB4YjIKPiBbICA5NjAuNzM3NzUzXSAgdWJzYW5fZXBpbG9ndWUr MHg5LzB4NDAKPiBbICA5NjAuNzM3NzU4XSAgaGFuZGxlX292ZXJmbG93KzB4Y2UvMHhmMAo+IFsg IDk2MC43Mzc3NjJdICA/IGVjcnlwdGZzX2RlY29kZV9hbmRfZGVjcnlwdF9maWxlbmFtZSsweDEw NC8weDUzMAo+IFsgIDk2MC43Mzc3NjRdICA/IF9fa21hbGxvYysweDI2NS8weDM3MAo+IFsgIDk2 MC43Mzc3NzRdICBhdGgxMGtfcmVnZF91cGRhdGUrMHgzOWQvMHg1ZjAgW2F0aDEwa19jb3JlXQo+ IFsgIDk2MC43Mzc3ODJdICBhdGgxMGtfcmVnX25vdGlmaWVyKzB4MTE0LzB4MTgwIFthdGgxMGtf Y29yZV0KPiBbICA5NjAuNzM3ODAyXSAgc2V0X3JlZ2RvbSsweDI3NS8weDkxMCBbY2ZnODAyMTFd Cj4gWyAgOTYwLjczNzgyMV0gIG5sODAyMTFfc2V0X3JlZysweDE5Yy8weDYzMCBbY2ZnODAyMTFd Cj4gWyAgOTYwLjczNzgyNl0gIGdlbmxfZmFtaWx5X3Jjdl9tc2crMHgyYzQvMHg2MTAKPiBbICA5 NjAuNzM3ODMwXSAgPyByYWRpeF90cmVlX25leHRfY2h1bmsrMHg5Zi8weDU3MAo+IFsgIDk2MC43 Mzc4MzJdICBnZW5sX3Jjdl9tc2crMHg1ZC8weGUwCj4gWyAgOTYwLjczNzgzNV0gID8gX19hbGxv Y19za2IrMHg4Mi8weDI2MAo+IFsgIDk2MC43Mzc4MzhdICA/IGdlbmxfZmFtaWx5X3Jjdl9tc2cr MHg2MTAvMHg2MTAKPiBbICA5NjAuNzM3ODQwXSAgbmV0bGlua19yY3Zfc2tiKzB4ZDUvMHgxMzAK PiBbICA5NjAuNzM3ODQyXSAgZ2VubF9yY3YrMHgyNC8weDQwCj4gWyAgOTYwLjczNzg0NF0gIG5l dGxpbmtfdW5pY2FzdCsweDFjYy8weDMwMAo+IFsgIDk2MC43Mzc4NDddICBuZXRsaW5rX3NlbmRt c2crMHgyOWEvMHg1ZjAKPiBbICA5NjAuNzM3ODUwXSAgc29ja19zZW5kbXNnKzB4NGMvMHhhMAo+ IFsgIDk2MC43Mzc4NTNdICBfX19zeXNfc2VuZG1zZysweDMwZS8weDQ0MAo+IFsgIDk2MC43Mzc4 NTddICA/IHBhZ2V2ZWNfbHJ1X21vdmVfZm4rMHhjMy8weDEzMAo+IFsgIDk2MC43Mzc4NTldICA/ IHRyYWNlX2V2ZW50X3Jhd19ldmVudF9tbV9scnVfYWN0aXZhdGUrMHgxMDAvMHgxMDAKPiBbICA5 NjAuNzM3ODYyXSAgPyBfX2xydV9jYWNoZV9hZGQrMHg2YS8weGIwCj4gWyAgOTYwLjczNzg2NV0g ID8gX19zeXNfc2VuZG1zZysweDUxLzB4OTAKPiBbICA5NjAuNzM3ODY4XSAgX19zeXNfc2VuZG1z ZysweDUxLzB4OTAKPiBbICA5NjAuNzM3ODcyXSAgZW50cnlfU1lTQ0FMTF82NF9mYXN0cGF0aCsw eDFlLzB4ODEKCk9rLCBzbyBjcmRhIGNhbGxzIE5MODAyMTFfQ01EX1NFVF9SRUcgYW5kIHNvbWVo b3cgYXRoMTBrIGdldHMKbWF4X2FudGVubmFfZ2FpbiBhcyBNQVhfSU5ULCBidXQgbm8gaWRlYSB3 aHkuCgo+IFsgIDk2MC43Mzc4NzVdIFJJUDogMDAzMzoweDdmZjk1NmQ3YzQ1MAo+IFsgIDk2MC43 Mzc4NzddIFJTUDogMDAyYjowMDAwN2ZmZDQ1NGEyNDE4IEVGTEFHUzogMDAwMDAyNDYgT1JJR19S QVg6Cj4gMDAwMDAwMDAwMDAwMDAyZQo+IFsgIDk2MC43Mzc4NzldIFJBWDogZmZmZmZmZmZmZmZm ZmZkYSBSQlg6IDAwMDA3ZmY5NTcwMzhiMjAgUkNYOgo+IDAwMDA3ZmY5NTZkN2M0NTAKPiBbICA5 NjAuNzM3ODgwXSBSRFg6IDAwMDAwMDAwMDAwMDAwMDAgUlNJOiAwMDAwN2ZmZDQ1NGEyNGEwIFJE SToKPiAwMDAwMDAwMDAwMDAwMDAwCj4gWyAgOTYwLjczNzg4MV0gUkJQOiAwMDAwMDAwMDAwMDAx MDEwIFIwODogMDAwMDAwMDAwMDAwMDAwMCBSMDk6Cj4gMDAwMDAwMDAwMTI1NDAxMAo+IFsgIDk2 MC43Mzc4ODJdIFIxMDogMDAwMDAwMDAwMDAwMDBlYiBSMTE6IDAwMDAwMDAwMDAwMDAyNDYgUjEy Ogo+IDAwMDA3ZmY5NTcwMzhiNzgKPiBbICA5NjAuNzM3ODgzXSBSMTM6IDAwMDAwMDAwMDEyNWMz NjAgUjE0OiAwMDAwMDAwMDAxMjU0MDAwIFIxNToKPiAwMDAwMDAwMDAxMjU0MDAwCj4gWyAgOTYw LjczNzg4NV0KPiA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQo+IFsgIDk3MC44MTQwNjddIFBNOiBz dXNwZW5kIGVudHJ5IChkZWVwKQo+IFsgIDk3MC44MTQxMDNdIFBNOiBTeW5jaW5nIGZpbGVzeXN0 ZW1zIC4uLiBkb25lLgo+IFsgIDk3MC44MzA2NzldIEZyZWV6aW5nIHVzZXIgc3BhY2UgcHJvY2Vz c2VzIC4uLiAoZWxhcHNlZCAwLjAwMQo+IHNlY29uZHMpIGRvbmUuCj4gWyAgOTcwLjgzMjQyOV0g T09NIGtpbGxlciBkaXNhYmxlZC4KPiBbICA5NzAuODMyNDMwXSBGcmVlemluZyByZW1haW5pbmcg ZnJlZXphYmxlIHRhc2tzIC4uLiAoZWxhcHNlZCAwLjAwMQo+IHNlY29uZHMpIGRvbmUuCj4gWyAg OTcwLjgzMzU4MV0gU3VzcGVuZGluZyBjb25zb2xlKHMpICh1c2Ugbm9fY29uc29sZV9zdXNwZW5k IHRvIGRlYnVnKQo+IFsgIDk3MS4yNTA2NTFdIHBzbW91c2Ugc2VyaW8xOiBGYWlsZWQgdG8gZGlz YWJsZSBtb3VzZSBvbiBpc2EwMDYwL3NlcmlvMQo+IFvigKZdCj4gWyAgOTc1LjcyNDU5NV0gYXRo MTBrX3BjaSAwMDAwOjNhOjAwLjA6IFVua25vd24gZXZlbnRpZDogOTAxMTgKPiBbICA5NzUuNzgw ODEzXSBJUHY2OiBBRERSQ09ORihORVRERVZfVVApOiB3bHA1OHMwOiBsaW5rIGlzIG5vdCByZWFk eQo+IFsgIDk3NS44NzQ5NjVdIElQdjY6IEFERFJDT05GKE5FVERFVl9VUCk6IHdscDU4czA6IGxp bmsgaXMgbm90IHJlYWR5Cj4gWyAgOTg1LjU2MjAwNF0gd2xwNThzMDogYXV0aGVudGljYXRlIHdp dGggNmM6ZjM6N2Y6MTA6YWU6MTgKPiBbICA5ODUuNTYyMDI4XQo+ID09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Cj4gWyAgOTg1LjU2MjAzN10gVUJTQU46IFVuZGVmaW5lZCBiZWhhdmlvdXIgaW4KPiBk cml2ZXJzL25ldC93aXJlbGVzcy9hdGgvYXRoMTBrL21hYy5jOjE0NDQ6NjUKPiBbICA5ODUuNTYy MDQxXSBzaWduZWQgaW50ZWdlciBvdmVyZmxvdzoKPiBbICA5ODUuNTYyMDQ0XSAyMTQ3NDgzNjQ3 ICogMiBjYW5ub3QgYmUgcmVwcmVzZW50ZWQgaW4gdHlwZSAnaW50JwoKQWdhaW4gbWF4X2FudGVu bmFfZ2FpbiB3aXRoIE1BWF9JTlQgYnV0IG5vdyBmcm9tCmF0aDEwa192ZGV2X3N0YXJ0X3Jlc3Rh cnQoKToKCglhcmcuY2hhbm5lbC5tYXhfYW50ZW5uYV9nYWluID0gY2hhbmRlZi0+Y2hhbi0+bWF4 X2FudGVubmFfZ2FpbiAqIDI7Cgo+IFsgIDk4NS41NjIwNDldIENQVTogMCBQSUQ6IDExMzUgQ29t bTogd3BhX3N1cHBsaWNhbnQgTm90IHRhaW50ZWQKPiA0LjE1LjAtcmM2KyAjMzYKPiBbICA5ODUu NTYyMDUxXSBIYXJkd2FyZSBuYW1lOiBEZWxsIEluYy4gWFBTIDEzIDkzNjAvMDgzOVk2LCBCSU9T IDIuNC4yCj4gMTEvMjEvMjAxNwo+IFsgIDk4NS41NjIwNTJdIENhbGwgVHJhY2U6Cj4gWyAgOTg1 LjU2MjA2NF0gIGR1bXBfc3RhY2srMHg3MC8weGIyCj4gWyAgOTg1LjU2MjA2OV0gIHVic2FuX2Vw aWxvZ3VlKzB4OS8weDQwCj4gWyAgOTg1LjU2MjA3NV0gIGhhbmRsZV9vdmVyZmxvdysweGNlLzB4 ZjAKPiBbICA5ODUuNTYyMTA3XSAgPyBjZmc4MDIxMV9pdGVyX2NvbWJpbmF0aW9ucysweDJiOC8w eDY3MCBbY2ZnODAyMTFdCj4gWyAgOTg1LjU2MjEyNF0gIGF0aDEwa192ZGV2X3N0YXJ0X3Jlc3Rh cnQrMHg0MmMvMHg1ZDAgW2F0aDEwa19jb3JlXQo+IFsgIDk4NS41NjIxMzhdICBhdGgxMGtfbWFj X29wX2Fzc2lnbl92aWZfY2hhbmN0eCsweDZlLzB4MzEwIFthdGgxMGtfY29yZV0KPiBbICA5ODUu NTYyMTUwXSAgPyBhdGgxMGtfY29uZmlnKzB4ZDAvMHhkMCBbYXRoMTBrX2NvcmVdCj4gWyAgOTg1 LjU2MjE5MF0gIGllZWU4MDIxMV9hc3NpZ25fdmlmX2NoYW5jdHgrMHgxZmYvMHg5NjAgW21hYzgw MjExXQo+IFsgIDk4NS41NjIyMjldICBpZWVlODAyMTFfdmlmX3VzZV9jaGFubmVsKzB4MWE2LzB4 NDgwIFttYWM4MDIxMV0KPiBbICA5ODUuNTYyMjY1XSAgaWVlZTgwMjExX3ByZXBfY29ubmVjdGlv bisweDQ4Zi8weGZiMCBbbWFjODAyMTFdCj4gWyAgOTg1LjU2MjMwMF0gID8gX19zZGF0YV9pbmZv KzB4NjgvMHgxMDAgW21hYzgwMjExXQo+IFsgIDk4NS41NjIzMzZdICBpZWVlODAyMTFfbWdkX2F1 dGgrMHgzMmIvMHg0YzAgW21hYzgwMjExXQo+IFsgIDk4NS41NjIzNzVdICBjZmc4MDIxMV9tbG1l X2F1dGgrMHgxN2YvMHg0ODAgW2NmZzgwMjExXQo+IFsgIDk4NS41NjIzODNdICA/IHNvY2tfcG9s bCsweDY0LzB4MTUwCj4gWyAgOTg1LjU2MjQxMl0gIG5sODAyMTFfYXV0aGVudGljYXRlKzB4M2U3 LzB4N2MwIFtjZmc4MDIxMV0KPiBbICA5ODUuNTYyNDIwXSAgZ2VubF9mYW1pbHlfcmN2X21zZysw eDJjNC8weDYxMAo+IFsgIDk4NS41NjI0MjZdICA/IGVwX3BvbGxfY2FsbGJhY2srMHgxNGUvMHg0 ZTAKPiBbICA5ODUuNTYyNDMxXSAgZ2VubF9yY3ZfbXNnKzB4NWQvMHhlMAo+IFsgIDk4NS41NjI0 MzRdICA/IF9fYWxsb2Nfc2tiKzB4ODIvMHgyNjAKPiBbICA5ODUuNTYyNDM3XSAgPyBnZW5sX2Zh bWlseV9yY3ZfbXNnKzB4NjEwLzB4NjEwCj4gWyAgOTg1LjU2MjQ0MF0gIG5ldGxpbmtfcmN2X3Nr YisweGQ1LzB4MTMwCj4gWyAgOTg1LjU2MjQ0NV0gIGdlbmxfcmN2KzB4MjQvMHg0MAo+IFsgIDk4 NS41NjI0NDhdICBuZXRsaW5rX3VuaWNhc3QrMHgxY2MvMHgzMDAKPiBbICA5ODUuNTYyNDUxXSAg bmV0bGlua19zZW5kbXNnKzB4MjlhLzB4NWYwCj4gWyAgOTg1LjU2MjQ1Nl0gIHNvY2tfc2VuZG1z ZysweDRjLzB4YTAKPiBbICA5ODUuNTYyNDYwXSAgX19fc3lzX3NlbmRtc2crMHgzMGUvMHg0NDAK PiBbICA5ODUuNTYyNDY1XSAgPyBzb2NrX3NlbmRtc2crMHg0Yy8weGEwCj4gWyAgOTg1LjU2MjQ2 OF0gID8gU1lTQ19zZW5kdG8rMHhlZi8weDFhMAo+IFsgIDk4NS41NjI0NzNdICA/IF9fc3lzX3Nl bmRtc2crMHg1MS8weDkwCj4gWyAgOTg1LjU2MjQ3Nl0gIF9fc3lzX3NlbmRtc2crMHg1MS8weDkw Cj4gWyAgOTg1LjU2MjQ4M10gIGVudHJ5X1NZU0NBTExfNjRfZmFzdHBhdGgrMHgxZS8weDgxCgpU aGlzIHRpbWUgd3Bhc3VwcGxpY2FudCBjYWxsaW5nIE5MODAyMTFfQ01EX0FVVEhFTlRJQ0FURSBh ZnRlciByZXN1bWUsCndoaWNoIGlzIG5vcm1hbC4KCk5vIHRpbWUgdG8gaW52ZXN0aWdhdGUgbW9y ZSByaWdodCBub3csIGJ1dCBob3BlZnVsbHkgb3RoZXJzIGhhdmUgc29tZQppZGVhcy4KCi0tIApL YWxsZSBWYWxvCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f XwphdGgxMGsgbWFpbGluZyBsaXN0CmF0aDEwa0BsaXN0cy5pbmZyYWRlYWQub3JnCmh0dHA6Ly9s aXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4vbGlzdGluZm8vYXRoMTBrCg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from smtp.codeaurora.org ([198.145.29.96]:33274 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754930AbeASKYS (ORCPT ); Fri, 19 Jan 2018 05:24:18 -0500 From: Kalle Valo To: Paul Menzel Cc: , , "Mario Limonciello" , , linux-wireless@vger.kernel.org Subject: Re: UBSAN: Undefined behaviour in drivers/net/wireless/ath/ath10k/mac.c:3092:53: signed integer overflow References: <70aa931f-2f02-dd26-c98b-695d1321f71b@molgen.mpg.de> Date: Fri, 19 Jan 2018 12:24:11 +0200 In-Reply-To: <70aa931f-2f02-dd26-c98b-695d1321f71b@molgen.mpg.de> (Paul Menzel's message of "Wed, 3 Jan 2018 17:34:08 +0100") Message-ID: <87d1269mes.fsf@kamboji.qca.qualcomm.com> (sfid-20180119_112424_157025_9072AFFB) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Sender: linux-wireless-owner@vger.kernel.org List-ID: Adding linux-wireless.=20 For linux-wireless the full report is here: https://lkml.kernel.org/r/70aa931f-2f02-dd26-c98b-695d1321f71b@molgen.mpg.de Paul Menzel writes: > I enabled the undefined behavior sanitizer, and built Linus=E2=80=99 mast= er > branch under Ubuntu 16.04 with gcc (Ubuntu 5.4.0-6ubuntu1~16.04.5) > 5.4.0 20160609. As you just recently enabled UBSAN I guess I can assume that this isn't a new regression but instead the bug is an old issue? Can you reproduce the problem easily? That would help with testing patches. > ``` > $ grep UBSAN /boot/config-4.15.0-rc6+ > CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=3Dy > # CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set > CONFIG_UBSAN=3Dy > CONFIG_UBSAN_SANITIZE_ALL=3Dy > # CONFIG_UBSAN_ALIGNMENT is not set > CONFIG_UBSAN_NULL=3Dy > ``` > > Suspending and resuming the system *Dell XPS 13 9360* from ACPI S3 the > messages below are printed. > > ``` > $ git describe --tags > 4.15-rc6 > $ git log --oneline -1 > 30a7acd Linux 4.15-rc6 > $ dmesg > [=E2=80=A6] > [ 960.737724] > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > [ 960.737730] UBSAN: Undefined behaviour in > drivers/net/wireless/ath/ath10k/mac.c:3092:53 This line is from ath10k_update_channel_list(): ch->max_antenna_gain =3D channel->max_antenna_gain * 2; > [ 960.737733] signed integer overflow: > [ 960.737735] 2147483647 * 2 cannot be represented in type 'int' 2147483647 is MAX_INT but I can't immeaditely figure out where that's coming from. Maybe unitialised stack somewhere? > [ 960.737738] CPU: 1 PID: 2663 Comm: crda Not tainted 4.15.0-rc6+ #36 > [ 960.737739] Hardware name: Dell Inc. XPS 13 9360/0839Y6, BIOS 2.4.2 > 11/21/2017 > [ 960.737740] Call Trace: > [ 960.737749] dump_stack+0x70/0xb2 > [ 960.737753] ubsan_epilogue+0x9/0x40 > [ 960.737758] handle_overflow+0xce/0xf0 > [ 960.737762] ? ecryptfs_decode_and_decrypt_filename+0x104/0x530 > [ 960.737764] ? __kmalloc+0x265/0x370 > [ 960.737774] ath10k_regd_update+0x39d/0x5f0 [ath10k_core] > [ 960.737782] ath10k_reg_notifier+0x114/0x180 [ath10k_core] > [ 960.737802] set_regdom+0x275/0x910 [cfg80211] > [ 960.737821] nl80211_set_reg+0x19c/0x630 [cfg80211] > [ 960.737826] genl_family_rcv_msg+0x2c4/0x610 > [ 960.737830] ? radix_tree_next_chunk+0x9f/0x570 > [ 960.737832] genl_rcv_msg+0x5d/0xe0 > [ 960.737835] ? __alloc_skb+0x82/0x260 > [ 960.737838] ? genl_family_rcv_msg+0x610/0x610 > [ 960.737840] netlink_rcv_skb+0xd5/0x130 > [ 960.737842] genl_rcv+0x24/0x40 > [ 960.737844] netlink_unicast+0x1cc/0x300 > [ 960.737847] netlink_sendmsg+0x29a/0x5f0 > [ 960.737850] sock_sendmsg+0x4c/0xa0 > [ 960.737853] ___sys_sendmsg+0x30e/0x440 > [ 960.737857] ? pagevec_lru_move_fn+0xc3/0x130 > [ 960.737859] ? trace_event_raw_event_mm_lru_activate+0x100/0x100 > [ 960.737862] ? __lru_cache_add+0x6a/0xb0 > [ 960.737865] ? __sys_sendmsg+0x51/0x90 > [ 960.737868] __sys_sendmsg+0x51/0x90 > [ 960.737872] entry_SYSCALL_64_fastpath+0x1e/0x81 Ok, so crda calls NL80211_CMD_SET_REG and somehow ath10k gets max_antenna_gain as MAX_INT, but no idea why. > [ 960.737875] RIP: 0033:0x7ff956d7c450 > [ 960.737877] RSP: 002b:00007ffd454a2418 EFLAGS: 00000246 ORIG_RAX: > 000000000000002e > [ 960.737879] RAX: ffffffffffffffda RBX: 00007ff957038b20 RCX: > 00007ff956d7c450 > [ 960.737880] RDX: 0000000000000000 RSI: 00007ffd454a24a0 RDI: > 0000000000000000 > [ 960.737881] RBP: 0000000000001010 R08: 0000000000000000 R09: > 0000000001254010 > [ 960.737882] R10: 00000000000000eb R11: 0000000000000246 R12: > 00007ff957038b78 > [ 960.737883] R13: 000000000125c360 R14: 0000000001254000 R15: > 0000000001254000 > [ 960.737885] > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > [ 970.814067] PM: suspend entry (deep) > [ 970.814103] PM: Syncing filesystems ... done. > [ 970.830679] Freezing user space processes ... (elapsed 0.001 > seconds) done. > [ 970.832429] OOM killer disabled. > [ 970.832430] Freezing remaining freezable tasks ... (elapsed 0.001 > seconds) done. > [ 970.833581] Suspending console(s) (use no_console_suspend to debug) > [ 971.250651] psmouse serio1: Failed to disable mouse on isa0060/serio1 > [=E2=80=A6] > [ 975.724595] ath10k_pci 0000:3a:00.0: Unknown eventid: 90118 > [ 975.780813] IPv6: ADDRCONF(NETDEV_UP): wlp58s0: link is not ready > [ 975.874965] IPv6: ADDRCONF(NETDEV_UP): wlp58s0: link is not ready > [ 985.562004] wlp58s0: authenticate with 6c:f3:7f:10:ae:18 > [ 985.562028] > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > [ 985.562037] UBSAN: Undefined behaviour in > drivers/net/wireless/ath/ath10k/mac.c:1444:65 > [ 985.562041] signed integer overflow: > [ 985.562044] 2147483647 * 2 cannot be represented in type 'int' Again max_antenna_gain with MAX_INT but now from ath10k_vdev_start_restart(): arg.channel.max_antenna_gain =3D chandef->chan->max_antenna_gain * 2; > [ 985.562049] CPU: 0 PID: 1135 Comm: wpa_supplicant Not tainted > 4.15.0-rc6+ #36 > [ 985.562051] Hardware name: Dell Inc. XPS 13 9360/0839Y6, BIOS 2.4.2 > 11/21/2017 > [ 985.562052] Call Trace: > [ 985.562064] dump_stack+0x70/0xb2 > [ 985.562069] ubsan_epilogue+0x9/0x40 > [ 985.562075] handle_overflow+0xce/0xf0 > [ 985.562107] ? cfg80211_iter_combinations+0x2b8/0x670 [cfg80211] > [ 985.562124] ath10k_vdev_start_restart+0x42c/0x5d0 [ath10k_core] > [ 985.562138] ath10k_mac_op_assign_vif_chanctx+0x6e/0x310 [ath10k_core] > [ 985.562150] ? ath10k_config+0xd0/0xd0 [ath10k_core] > [ 985.562190] ieee80211_assign_vif_chanctx+0x1ff/0x960 [mac80211] > [ 985.562229] ieee80211_vif_use_channel+0x1a6/0x480 [mac80211] > [ 985.562265] ieee80211_prep_connection+0x48f/0xfb0 [mac80211] > [ 985.562300] ? __sdata_info+0x68/0x100 [mac80211] > [ 985.562336] ieee80211_mgd_auth+0x32b/0x4c0 [mac80211] > [ 985.562375] cfg80211_mlme_auth+0x17f/0x480 [cfg80211] > [ 985.562383] ? sock_poll+0x64/0x150 > [ 985.562412] nl80211_authenticate+0x3e7/0x7c0 [cfg80211] > [ 985.562420] genl_family_rcv_msg+0x2c4/0x610 > [ 985.562426] ? ep_poll_callback+0x14e/0x4e0 > [ 985.562431] genl_rcv_msg+0x5d/0xe0 > [ 985.562434] ? __alloc_skb+0x82/0x260 > [ 985.562437] ? genl_family_rcv_msg+0x610/0x610 > [ 985.562440] netlink_rcv_skb+0xd5/0x130 > [ 985.562445] genl_rcv+0x24/0x40 > [ 985.562448] netlink_unicast+0x1cc/0x300 > [ 985.562451] netlink_sendmsg+0x29a/0x5f0 > [ 985.562456] sock_sendmsg+0x4c/0xa0 > [ 985.562460] ___sys_sendmsg+0x30e/0x440 > [ 985.562465] ? sock_sendmsg+0x4c/0xa0 > [ 985.562468] ? SYSC_sendto+0xef/0x1a0 > [ 985.562473] ? __sys_sendmsg+0x51/0x90 > [ 985.562476] __sys_sendmsg+0x51/0x90 > [ 985.562483] entry_SYSCALL_64_fastpath+0x1e/0x81 This time wpasupplicant calling NL80211_CMD_AUTHENTICATE after resume, which is normal. No time to investigate more right now, but hopefully others have some ideas. --=20 Kalle Valo From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755474AbeASKY2 (ORCPT ); Fri, 19 Jan 2018 05:24:28 -0500 Received: from smtp.codeaurora.org ([198.145.29.96]:33274 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754930AbeASKYS (ORCPT ); Fri, 19 Jan 2018 05:24:18 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org E1F0860712 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=kvalo@codeaurora.org From: Kalle Valo To: Paul Menzel Cc: , , "Mario Limonciello" , , linux-wireless@vger.kernel.org Subject: Re: UBSAN: Undefined behaviour in drivers/net/wireless/ath/ath10k/mac.c:3092:53: signed integer overflow References: <70aa931f-2f02-dd26-c98b-695d1321f71b@molgen.mpg.de> Date: Fri, 19 Jan 2018 12:24:11 +0200 In-Reply-To: <70aa931f-2f02-dd26-c98b-695d1321f71b@molgen.mpg.de> (Paul Menzel's message of "Wed, 3 Jan 2018 17:34:08 +0100") Message-ID: <87d1269mes.fsf@kamboji.qca.qualcomm.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id w0JAObs6018437 Adding linux-wireless. For linux-wireless the full report is here: https://lkml.kernel.org/r/70aa931f-2f02-dd26-c98b-695d1321f71b@molgen.mpg.de Paul Menzel writes: > I enabled the undefined behavior sanitizer, and built Linus’ master > branch under Ubuntu 16.04 with gcc (Ubuntu 5.4.0-6ubuntu1~16.04.5) > 5.4.0 20160609. As you just recently enabled UBSAN I guess I can assume that this isn't a new regression but instead the bug is an old issue? Can you reproduce the problem easily? That would help with testing patches. > ``` > $ grep UBSAN /boot/config-4.15.0-rc6+ > CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y > # CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set > CONFIG_UBSAN=y > CONFIG_UBSAN_SANITIZE_ALL=y > # CONFIG_UBSAN_ALIGNMENT is not set > CONFIG_UBSAN_NULL=y > ``` > > Suspending and resuming the system *Dell XPS 13 9360* from ACPI S3 the > messages below are printed. > > ``` > $ git describe --tags > 4.15-rc6 > $ git log --oneline -1 > 30a7acd Linux 4.15-rc6 > $ dmesg > […] > [ 960.737724] > ================================================================================ > [ 960.737730] UBSAN: Undefined behaviour in > drivers/net/wireless/ath/ath10k/mac.c:3092:53 This line is from ath10k_update_channel_list(): ch->max_antenna_gain = channel->max_antenna_gain * 2; > [ 960.737733] signed integer overflow: > [ 960.737735] 2147483647 * 2 cannot be represented in type 'int' 2147483647 is MAX_INT but I can't immeaditely figure out where that's coming from. Maybe unitialised stack somewhere? > [ 960.737738] CPU: 1 PID: 2663 Comm: crda Not tainted 4.15.0-rc6+ #36 > [ 960.737739] Hardware name: Dell Inc. XPS 13 9360/0839Y6, BIOS 2.4.2 > 11/21/2017 > [ 960.737740] Call Trace: > [ 960.737749] dump_stack+0x70/0xb2 > [ 960.737753] ubsan_epilogue+0x9/0x40 > [ 960.737758] handle_overflow+0xce/0xf0 > [ 960.737762] ? ecryptfs_decode_and_decrypt_filename+0x104/0x530 > [ 960.737764] ? __kmalloc+0x265/0x370 > [ 960.737774] ath10k_regd_update+0x39d/0x5f0 [ath10k_core] > [ 960.737782] ath10k_reg_notifier+0x114/0x180 [ath10k_core] > [ 960.737802] set_regdom+0x275/0x910 [cfg80211] > [ 960.737821] nl80211_set_reg+0x19c/0x630 [cfg80211] > [ 960.737826] genl_family_rcv_msg+0x2c4/0x610 > [ 960.737830] ? radix_tree_next_chunk+0x9f/0x570 > [ 960.737832] genl_rcv_msg+0x5d/0xe0 > [ 960.737835] ? __alloc_skb+0x82/0x260 > [ 960.737838] ? genl_family_rcv_msg+0x610/0x610 > [ 960.737840] netlink_rcv_skb+0xd5/0x130 > [ 960.737842] genl_rcv+0x24/0x40 > [ 960.737844] netlink_unicast+0x1cc/0x300 > [ 960.737847] netlink_sendmsg+0x29a/0x5f0 > [ 960.737850] sock_sendmsg+0x4c/0xa0 > [ 960.737853] ___sys_sendmsg+0x30e/0x440 > [ 960.737857] ? pagevec_lru_move_fn+0xc3/0x130 > [ 960.737859] ? trace_event_raw_event_mm_lru_activate+0x100/0x100 > [ 960.737862] ? __lru_cache_add+0x6a/0xb0 > [ 960.737865] ? __sys_sendmsg+0x51/0x90 > [ 960.737868] __sys_sendmsg+0x51/0x90 > [ 960.737872] entry_SYSCALL_64_fastpath+0x1e/0x81 Ok, so crda calls NL80211_CMD_SET_REG and somehow ath10k gets max_antenna_gain as MAX_INT, but no idea why. > [ 960.737875] RIP: 0033:0x7ff956d7c450 > [ 960.737877] RSP: 002b:00007ffd454a2418 EFLAGS: 00000246 ORIG_RAX: > 000000000000002e > [ 960.737879] RAX: ffffffffffffffda RBX: 00007ff957038b20 RCX: > 00007ff956d7c450 > [ 960.737880] RDX: 0000000000000000 RSI: 00007ffd454a24a0 RDI: > 0000000000000000 > [ 960.737881] RBP: 0000000000001010 R08: 0000000000000000 R09: > 0000000001254010 > [ 960.737882] R10: 00000000000000eb R11: 0000000000000246 R12: > 00007ff957038b78 > [ 960.737883] R13: 000000000125c360 R14: 0000000001254000 R15: > 0000000001254000 > [ 960.737885] > ================================================================================ > [ 970.814067] PM: suspend entry (deep) > [ 970.814103] PM: Syncing filesystems ... done. > [ 970.830679] Freezing user space processes ... (elapsed 0.001 > seconds) done. > [ 970.832429] OOM killer disabled. > [ 970.832430] Freezing remaining freezable tasks ... (elapsed 0.001 > seconds) done. > [ 970.833581] Suspending console(s) (use no_console_suspend to debug) > [ 971.250651] psmouse serio1: Failed to disable mouse on isa0060/serio1 > […] > [ 975.724595] ath10k_pci 0000:3a:00.0: Unknown eventid: 90118 > [ 975.780813] IPv6: ADDRCONF(NETDEV_UP): wlp58s0: link is not ready > [ 975.874965] IPv6: ADDRCONF(NETDEV_UP): wlp58s0: link is not ready > [ 985.562004] wlp58s0: authenticate with 6c:f3:7f:10:ae:18 > [ 985.562028] > ================================================================================ > [ 985.562037] UBSAN: Undefined behaviour in > drivers/net/wireless/ath/ath10k/mac.c:1444:65 > [ 985.562041] signed integer overflow: > [ 985.562044] 2147483647 * 2 cannot be represented in type 'int' Again max_antenna_gain with MAX_INT but now from ath10k_vdev_start_restart(): arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain * 2; > [ 985.562049] CPU: 0 PID: 1135 Comm: wpa_supplicant Not tainted > 4.15.0-rc6+ #36 > [ 985.562051] Hardware name: Dell Inc. XPS 13 9360/0839Y6, BIOS 2.4.2 > 11/21/2017 > [ 985.562052] Call Trace: > [ 985.562064] dump_stack+0x70/0xb2 > [ 985.562069] ubsan_epilogue+0x9/0x40 > [ 985.562075] handle_overflow+0xce/0xf0 > [ 985.562107] ? cfg80211_iter_combinations+0x2b8/0x670 [cfg80211] > [ 985.562124] ath10k_vdev_start_restart+0x42c/0x5d0 [ath10k_core] > [ 985.562138] ath10k_mac_op_assign_vif_chanctx+0x6e/0x310 [ath10k_core] > [ 985.562150] ? ath10k_config+0xd0/0xd0 [ath10k_core] > [ 985.562190] ieee80211_assign_vif_chanctx+0x1ff/0x960 [mac80211] > [ 985.562229] ieee80211_vif_use_channel+0x1a6/0x480 [mac80211] > [ 985.562265] ieee80211_prep_connection+0x48f/0xfb0 [mac80211] > [ 985.562300] ? __sdata_info+0x68/0x100 [mac80211] > [ 985.562336] ieee80211_mgd_auth+0x32b/0x4c0 [mac80211] > [ 985.562375] cfg80211_mlme_auth+0x17f/0x480 [cfg80211] > [ 985.562383] ? sock_poll+0x64/0x150 > [ 985.562412] nl80211_authenticate+0x3e7/0x7c0 [cfg80211] > [ 985.562420] genl_family_rcv_msg+0x2c4/0x610 > [ 985.562426] ? ep_poll_callback+0x14e/0x4e0 > [ 985.562431] genl_rcv_msg+0x5d/0xe0 > [ 985.562434] ? __alloc_skb+0x82/0x260 > [ 985.562437] ? genl_family_rcv_msg+0x610/0x610 > [ 985.562440] netlink_rcv_skb+0xd5/0x130 > [ 985.562445] genl_rcv+0x24/0x40 > [ 985.562448] netlink_unicast+0x1cc/0x300 > [ 985.562451] netlink_sendmsg+0x29a/0x5f0 > [ 985.562456] sock_sendmsg+0x4c/0xa0 > [ 985.562460] ___sys_sendmsg+0x30e/0x440 > [ 985.562465] ? sock_sendmsg+0x4c/0xa0 > [ 985.562468] ? SYSC_sendto+0xef/0x1a0 > [ 985.562473] ? __sys_sendmsg+0x51/0x90 > [ 985.562476] __sys_sendmsg+0x51/0x90 > [ 985.562483] entry_SYSCALL_64_fastpath+0x1e/0x81 This time wpasupplicant calling NL80211_CMD_AUTHENTICATE after resume, which is normal. No time to investigate more right now, but hopefully others have some ideas. -- Kalle Valo