From: Jaegeuk Kim <jaegeuk@kernel.org>
To: David Laight <David.Laight@aculab.com>
Cc: Sergey Shtylyov <s.shtylyov@omp.ru>,
"lvc-project@linuxtesting.org" <lvc-project@linuxtesting.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Karina Yankevich <k.yankevich@omp.ru>,
"linux-f2fs-devel@lists.sourceforge.net"
<linux-f2fs-devel@lists.sourceforge.net>,
'Roman Smirnov' <r.smirnov@omp.ru>
Subject: Re: [f2fs-dev] [PATCH] f2fs: Cast expression type to unsigned long in __count_extent_cache()
Date: Mon, 11 Mar 2024 13:37:03 -0700 [thread overview]
Message-ID: <Ze9rb0dRKt98kK54@google.com> (raw)
In-Reply-To: <b4f9780714e243a6af9f77ab00593ec1@AcuMS.aculab.com>
On 03/10, David Laight wrote:
> From: Roman Smirnov
> > Sent: 05 March 2024 08:10
> >
> > Cast expression type to unsigned long in __count_extent_cache()
> > to prevent integer overflow.
> >
> > Found by Linux Verification Center (linuxtesting.org) with Svace.
>
> Another broken analysis tool :-)
>
> > Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
> > Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
> > ---
> > fs/f2fs/shrinker.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/f2fs/shrinker.c b/fs/f2fs/shrinker.c
> > index 83d6fb97dcae..bb86a06c5d5e 100644
> > --- a/fs/f2fs/shrinker.c
> > +++ b/fs/f2fs/shrinker.c
> > @@ -33,7 +33,7 @@ static unsigned long __count_extent_cache(struct f2fs_sb_info *sbi,
> > {
> > struct extent_tree_info *eti = &sbi->extent_tree[type];
> >
> > - return atomic_read(&eti->total_zombie_tree) +
> > + return (unsigned long)atomic_read(&eti->total_zombie_tree) +
> > atomic_read(&eti->total_ext_node);
>
> Makes diddly-squit difference.
>
> Both total_zombie_tree and totat_ext_node are 'int'.
> If they are large enough that their sum wraps then the values
> can individually wrap (to negative values).
>
> You really don't want to cast 'int' to 'unsigned long' here
> at all - implicitly or explicitly.
> The cast will first promote 'int' to 'signed long'.
> So a negative value will get sign extended to a very big value.
I thought, since total_zombie_tree won't get overflowed theoritically, the first
cast to (unsigned long) could expand the space to cover the following
total_ext_node.
>
> The best you can hope for is a 33bit result from wrapped 32bit
> signed counters.
> To get that you need to convert 'int' => 'unsigned int' => 'unsigned long'.
> One way would be:
> return (atomic_read(&eti->total_zombie_tree) + 0u + 0ul) +
> (atomic_read(&eti->total_ext_node) + 0u);
>
> Although changing the return type to 'unsigned int' would probably
> be better.
> I don't know what the values are, but if they are stats counters
> then that would give a value that nicely wraps at 2^32 rather
> that the strange wrap that the sum of two wrapping 32bit counters
> has.
>
> OTOH it may be that they are counts - and just can't get any where
> near that big.
>
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
WARNING: multiple messages have this Message-ID (diff)
From: Jaegeuk Kim <jaegeuk@kernel.org>
To: David Laight <David.Laight@aculab.com>
Cc: 'Roman Smirnov' <r.smirnov@omp.ru>, Chao Yu <chao@kernel.org>,
Sergey Shtylyov <s.shtylyov@omp.ru>,
Karina Yankevich <k.yankevich@omp.ru>,
"linux-f2fs-devel@lists.sourceforge.net"
<linux-f2fs-devel@lists.sourceforge.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"lvc-project@linuxtesting.org" <lvc-project@linuxtesting.org>
Subject: Re: [PATCH] f2fs: Cast expression type to unsigned long in __count_extent_cache()
Date: Mon, 11 Mar 2024 13:37:03 -0700 [thread overview]
Message-ID: <Ze9rb0dRKt98kK54@google.com> (raw)
In-Reply-To: <b4f9780714e243a6af9f77ab00593ec1@AcuMS.aculab.com>
On 03/10, David Laight wrote:
> From: Roman Smirnov
> > Sent: 05 March 2024 08:10
> >
> > Cast expression type to unsigned long in __count_extent_cache()
> > to prevent integer overflow.
> >
> > Found by Linux Verification Center (linuxtesting.org) with Svace.
>
> Another broken analysis tool :-)
>
> > Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
> > Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
> > ---
> > fs/f2fs/shrinker.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/f2fs/shrinker.c b/fs/f2fs/shrinker.c
> > index 83d6fb97dcae..bb86a06c5d5e 100644
> > --- a/fs/f2fs/shrinker.c
> > +++ b/fs/f2fs/shrinker.c
> > @@ -33,7 +33,7 @@ static unsigned long __count_extent_cache(struct f2fs_sb_info *sbi,
> > {
> > struct extent_tree_info *eti = &sbi->extent_tree[type];
> >
> > - return atomic_read(&eti->total_zombie_tree) +
> > + return (unsigned long)atomic_read(&eti->total_zombie_tree) +
> > atomic_read(&eti->total_ext_node);
>
> Makes diddly-squit difference.
>
> Both total_zombie_tree and totat_ext_node are 'int'.
> If they are large enough that their sum wraps then the values
> can individually wrap (to negative values).
>
> You really don't want to cast 'int' to 'unsigned long' here
> at all - implicitly or explicitly.
> The cast will first promote 'int' to 'signed long'.
> So a negative value will get sign extended to a very big value.
I thought, since total_zombie_tree won't get overflowed theoritically, the first
cast to (unsigned long) could expand the space to cover the following
total_ext_node.
>
> The best you can hope for is a 33bit result from wrapped 32bit
> signed counters.
> To get that you need to convert 'int' => 'unsigned int' => 'unsigned long'.
> One way would be:
> return (atomic_read(&eti->total_zombie_tree) + 0u + 0ul) +
> (atomic_read(&eti->total_ext_node) + 0u);
>
> Although changing the return type to 'unsigned int' would probably
> be better.
> I don't know what the values are, but if they are stats counters
> then that would give a value that nicely wraps at 2^32 rather
> that the strange wrap that the sum of two wrapping 32bit counters
> has.
>
> OTOH it may be that they are counts - and just can't get any where
> near that big.
>
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2024-03-11 20:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-05 8:09 [f2fs-dev] [PATCH] f2fs: Cast expression type to unsigned long in __count_extent_cache() Roman Smirnov
2024-03-05 8:09 ` Roman Smirnov
2024-03-06 1:48 ` [f2fs-dev] " Chao Yu
2024-03-06 1:48 ` Chao Yu
2024-03-06 17:50 ` [f2fs-dev] " patchwork-bot+f2fs
2024-03-06 17:50 ` patchwork-bot+f2fs
2024-03-10 17:46 ` David Laight
2024-03-10 17:46 ` David Laight
2024-03-11 20:37 ` Jaegeuk Kim [this message]
2024-03-11 20:37 ` Jaegeuk Kim
2024-03-11 21:19 ` [f2fs-dev] " David Laight
2024-03-11 21:19 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ze9rb0dRKt98kK54@google.com \
--to=jaegeuk@kernel.org \
--cc=David.Laight@aculab.com \
--cc=k.yankevich@omp.ru \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=r.smirnov@omp.ru \
--cc=s.shtylyov@omp.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.