From: Sasha Levin <sasha.levin@oracle.com>
To: Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>,
Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>,
syzkaller <syzkaller@googlegroups.com>,
Kostya Serebryany <kcc@google.com>,
Alexander Potapenko <glider@google.com>,
Eric Dumazet <edumazet@google.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: time: signed integer overflow in ktime_add_safe
Date: Fri, 4 Dec 2015 07:49:09 -0500 [thread overview]
Message-ID: <56618BC5.6020400@oracle.com> (raw)
In-Reply-To: <CACT4Y+Y4HfK3BJujAFHfVBKUWhveAFQAfJkBb3MSbYUVNXv6HA@mail.gmail.com>
On 12/04/2015 06:49 AM, Dmitry Vyukov wrote:
>> I'm not so sure. It finds real bugs, e.g. 32a8df4e0b33f ("sched: Fix odd values in effective_load() calculations")
>> > was caught by UBSAN
>> > I guess that we could fix most signed overflows simply by casting to unsigned type.
>
> Yeah, overflows can be just unexpected in some places (not an intended
> reliance on defined overflow). If we want to continue finding real
> bugs, we need to start fixing the false positives.
Right, this check finds real bugs, but quite a few false positives because
we tell gcc specifically that this overflow is really okay, and people have
relied on that.
On the other hand, we can't "fix" the code that's triggering it since nothing
is actually broken - in ktime_add_safe() for example we'd overflow, but then
we're checking for overflow, so the code is perfectly fine.
Maybe UBSAN annotations are the way to go here?
Thanks,
Sasha
prev parent reply other threads:[~2015-12-04 12:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-04 11:05 time: signed integer overflow in ktime_add_safe Dmitry Vyukov
2015-12-04 11:29 ` Hannes Frederic Sowa
2015-12-04 11:32 ` Andrey Ryabinin
2015-12-04 11:33 ` Dmitry Vyukov
2015-12-04 11:44 ` Andrey Ryabinin
2015-12-04 11:49 ` Dmitry Vyukov
2015-12-04 12:49 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56618BC5.6020400@oracle.com \
--to=sasha.levin@oracle.com \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=glider@google.com \
--cc=hannes@stressinduktion.org \
--cc=kcc@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ryabinin.a.a@gmail.com \
--cc=syzkaller@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox