From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752864AbcEMF1A (ORCPT ); Fri, 13 May 2016 01:27:00 -0400 Received: from e32.co.us.ibm.com ([32.97.110.150]:46062 "EHLO e32.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750784AbcEMF06 (ORCPT ); Fri, 13 May 2016 01:26:58 -0400 X-IBM-Helo: d03dlp02.boulder.ibm.com X-IBM-MailFrom: jejb@linux.vnet.ibm.com X-IBM-RcptTo: imirkin@alum.mit.edu;mroos@linux.ee;martin.petersen@oracle.com;hare@suse.com;linux-kernel@vger.kernel.org;linux-scsi@vger.kernel.org Message-ID: <1463117202.2380.88.camel@linux.vnet.ibm.com> Subject: Re: UBSAN: Undefined behaviour in drivers/scsi/aic7xxx/aic7xxx_core.c:2831:31 From: James Bottomley To: Ilia Mirkin Cc: Meelis Roos , "linux-scsi@vger.kernel.org" , Linux Kernel list , Hannes Reinecke , "Martin K. Petersen" Date: Thu, 12 May 2016 22:26:42 -0700 In-Reply-To: References: <1463083710.2380.46.camel@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.16.5 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16051305-0005-0000-0000-00006CBD25CD X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2016-05-12 at 17:56 -0400, Ilia Mirkin wrote: > On Thu, May 12, 2016 at 4:08 PM, James Bottomley > wrote: > > On Thu, 2016-05-12 at 19:02 +0300, Meelis Roos wrote: > > > This is from a dual-AthlonMP 32-bit x86 system with onboard > > > Adaptec > > > SCSI > > > controller, once during bootup. > > > > > > [ 4.896307] > > > ================================================================= > > > ==== > > > =========== > > > [ 4.896471] UBSAN: Undefined behaviour in > > > drivers/scsi/aic7xxx/aic7xxx_core.c:2831:31 > > > [ 4.896629] shift exponent -1 is negative > > > > Is this some sort of false positive? The shift in question is > > > > devinfo->target_mask = (0x01 << devinfo->target_offset); > > > > The code which calls this in ahc_linux_initialize_scsi_bus() looks > > to > > be looping from 0-16 (or variations). Since the value passed in is > > unsigned, it would have to be set to ~0, which doesn't seem > > possible. > > It's getting called from ahc_reset_channel, which does: > > ahc_compile_devinfo(&devinfo, > CAM_TARGET_WILDCARD, > CAM_TARGET_WILDCARD, > CAM_LUN_WILDCARD, > channel, ROLE_UNKNOWN); > > drivers/scsi/aic7xxx/cam.h:#define CAM_TARGET_WILDCARD > ((u_int)~0) OK, thanks, you can mark it as a false positive because only the SPI parameters are actually used for this version of devinfo. James