From: Alice Ferrazzi <alicef@gentoo.org>
To: jejb@linux.vnet.ibm.com, martin.petersen@oracle.com,
linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [RFC] ubsan: signed integer overflow in scsi_partsize
Date: Fri, 16 Jun 2017 22:29:32 +0900 [thread overview]
Message-ID: <20170616132932.GG20222@alitoo> (raw)
[-- Attachment #1: Type: text/plain, Size: 1763 bytes --]
A Gentoo user reported a USBAN signed integer overflow in scsicam.c
Shall we change something?
================================================================================
kernel: UBSAN: Undefined behaviour in drivers/scsi/scsicam.c:173:29
kernel: signed integer overflow:
kernel: 62015235 * 63 cannot be represented in type 'int'
kernel: CPU: 0 PID: 14131 Comm: fdisk Tainted: P O
4.9.25-gentoo #4
...
kernel: d6629cec d1f444f2 00000007 d6629d1c 0000003f d6629cfc d1fc8ffe
d6629cfc
kernel: d3037320 d6629d80 d1fc934b d28b15c0 d6629d20 0000002a d6629d48
d3037320
kernel: 0000002a 00003202 31303236 35333235 ecd1f900 ecd1f9a8 d6629d5c
d189d121
kernel: Call Trace:
kernel: [<d1f444f2>] dump_stack+0x59/0x87
kernel: [<d1fc8ffe>] ubsan_epilogue+0xe/0x40
kernel: [<d1fc934b>] handle_overflow+0xbb/0xf0
kernel: [<d189d121>] ? do_read_cache_page+0x71/0x570
kernel: [<d19fd000>] ? blkdev_readpages+0x20/0x20
kernel: [<d189d646>] ? read_cache_page+0x26/0x50
kernel: [<d1fc93d2>] __ubsan_handle_mul_overflow+0x12/0x20
kernel: [<d224bbf7>] scsi_partsize+0x217/0x2e0
kernel: [<d224bd06>] scsicam_bios_param+0x46/0x380
kernel: [<d2299604>] sd_getgeo+0x174/0x2d0
kernel: [<d1f02c91>] blkdev_ioctl+0x251/0x12c0
kernel: [<d19fd31c>] block_ioctl+0x4c/0xb0
kernel: [<d19ab140>] do_vfs_ioctl+0xc0/0xdf0
kernel: [<d19c7e13>] ? mntput+0x23/0x60
kernel: [<d1987c99>] ? __fput+0x1e9/0x4e0
kernel: [<d1987fd8>] ? ____fput+0x8/0x10
kernel: [<d16d9520>] ? task_work_run+0x60/0xd0
kernel: [<d19abe9e>] SyS_ioctl+0x2e/0x60
kernel: [<d1602c0d>] do_fast_syscall_32+0x11d/0x550
kernel: [<d19abe70>] ? do_vfs_ioctl+0xdf0/0xdf0
kernel: [<d265940a>] sysenter_past_esp+0x47/0x75
kernel:
================================================================================
Thanks,
Alice
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2017-06-16 13:29 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-16 13:29 Alice Ferrazzi [this message]
2017-06-16 15:01 ` [RFC] ubsan: signed integer overflow in scsi_partsize Bart Van Assche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170616132932.GG20222@alitoo \
--to=alicef@gentoo.org \
--cc=jejb@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox