From: "Theodore Ts'o" <tytso@mit.edu>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ingo Molnar <mingo@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
David Miller <davem@davemloft.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>,
Network Development <netdev@vger.kernel.org>,
"linux-ext4@vger.kernel.org" <linux-ext4@vger.kernel.org>
Subject: Re: Unsigned widening casts of binary "not" operations..
Date: Tue, 23 Apr 2013 09:00:42 -0400 [thread overview]
Message-ID: <20130423130041.GB31170@thunk.org> (raw)
In-Reply-To: <CA+55aFwpLu0qNms=hkQr43yqD0K9DgESNm91OEWKT1ZuT8MU6Q@mail.gmail.com>
On Mon, Apr 22, 2013 at 05:15:19PM -0700, Linus Torvalds wrote:
> Here's a ext4 code snippet that looks like an actual bug (but seems to only
> hit read-ahead):
>
> ext4_fsblk_t b, block;
>
> b = block & ~(EXT4_SB(sb)->s_inode_readahead_blks-1);
>
> where "b" actually ends up having the upper bits cleared, because the
> s_inode_readahead_blks thing is an unsigned int, so you're masking off not
> just the low bits, but the high bits too. Ted? Of course, it's just
> read-ahead, so it probably doesn't matter, but.
Yep, it's a bug alright. Thanks for catching it!
- Ted
>From 0d606e2c9fccdd4e67febf1e2da500e1bfe9e045 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Tue, 23 Apr 2013 08:59:35 -0400
Subject: [PATCH] ext4: fix type-widening bug in inode table readahead code
Due to a missing cast, the high 32-bits of a 64-bit block number used
when calculating the readahead block for inode tables can get lost.
This means we can end up fetching the wrong blocks for readahead for
file systems > 16TB.
Linus found this when experimenting with an enhacement to the sparse
static code checker which checks for missing widening casts before
binary "not" operators.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
---
fs/ext4/inode.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index d7518e2..793d44b 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4011,13 +4011,14 @@ make_io:
if (EXT4_SB(sb)->s_inode_readahead_blks) {
ext4_fsblk_t b, end, table;
unsigned num;
+ __u32 ra_blks = EXT4_SB(sb)->s_inode_readahead_blks;
table = ext4_inode_table(sb, gdp);
/* s_inode_readahead_blks is always a power of 2 */
- b = block & ~(EXT4_SB(sb)->s_inode_readahead_blks-1);
+ b = block & ~((ext4_fsblk_t) ra_blks - 1);
if (table > b)
b = table;
- end = b + EXT4_SB(sb)->s_inode_readahead_blks;
+ end = b + ra_blks;
num = EXT4_INODES_PER_GROUP(sb);
if (ext4_has_group_desc_csum(sb))
num -= ext4_itable_unused_count(sb, gdp);
--
1.7.12.rc0.22.gcdd159b
next prev parent reply other threads:[~2013-04-23 13:00 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CA+55aFwpLu0qNms=hkQr43yqD0K9DgESNm91OEWKT1ZuT8MU6Q@mail.gmail.com>
2013-04-23 0:23 ` Unsigned widening casts of binary "not" operations Linus Torvalds
2013-04-23 8:59 ` David Laight
2013-04-23 14:29 ` Linus Torvalds
2013-04-23 15:24 ` David Laight
2013-04-23 15:42 ` Linus Torvalds
2013-04-23 15:52 ` Theodore Ts'o
2013-04-23 16:05 ` Linus Torvalds
2013-04-23 17:37 ` David Miller
2013-04-23 17:52 ` Linus Torvalds
2013-04-23 17:56 ` David Miller
2013-04-23 18:21 ` Linus Torvalds
2013-04-24 12:36 ` Geert Uytterhoeven
2013-04-23 0:32 ` H. Peter Anvin
2013-04-23 13:00 ` Theodore Ts'o [this message]
2013-04-24 7:26 ` Ingo Molnar
2013-04-24 7:47 ` Cyrill Gorcunov
2013-04-25 1:13 ` Lin Ming
2013-04-24 17:07 ` [PATCH] x86: make DR*_RESERVED unsigned long Oleg Nesterov
2013-04-24 18:45 ` H. Peter Anvin
2013-04-25 14:48 ` Oleg Nesterov
2013-04-26 16:38 ` [PATCH v2] " Oleg Nesterov
2013-04-26 16:44 ` H. Peter Anvin
2013-04-26 17:15 ` Oleg Nesterov
2013-04-27 14:45 ` Oleg Nesterov
2013-04-27 16:20 ` H. Peter Anvin
2013-04-28 0:58 ` Frederic Weisbecker
2013-04-28 17:27 ` Oleg Nesterov
2013-04-28 17:32 ` H. Peter Anvin
2013-04-28 17:39 ` Oleg Nesterov
2013-04-28 17:43 ` H. Peter Anvin
2013-04-24 22:48 ` [PATCH] " Frederic Weisbecker
2013-04-24 23:06 ` H. Peter Anvin
2013-04-24 23:31 ` Frederic Weisbecker
2013-04-25 1:20 ` H. Peter Anvin
2013-04-26 14:20 ` [tip:perf/core] perf/x86/intel/P4: Robistify P4 PMU types tip-bot for Ingo Molnar
2013-04-26 16:13 ` Borislav Petkov
2013-04-26 16:24 ` Cyrill Gorcunov
2013-04-26 16:39 ` Borislav Petkov
2013-04-26 16:46 ` Cyrill Gorcunov
2013-04-27 16:14 ` Borislav Petkov
2013-04-27 16:33 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130423130041.GB31170@thunk.org \
--to=tytso@mit.edu \
--cc=davem@davemloft.net \
--cc=hpa@zytor.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox