From patchwork Tue Dec 5 13:46:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ding Tianhong X-Patchwork-Id: 120649 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5767601qgn; Tue, 5 Dec 2017 05:47:24 -0800 (PST) X-Google-Smtp-Source: AGs4zMbS99gp7VkzKEmVV9waiWDxZ3/+jdt/W/EsTMobHejV1zXPHPjWNk5RsA1canFtZsXGylgV X-Received: by 10.99.125.71 with SMTP id m7mr17941028pgn.349.1512481644063; Tue, 05 Dec 2017 05:47:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512481644; cv=none; d=google.com; s=arc-20160816; b=kpgSC8aLoEuDVTApb0FSpoo7i+mwEb7P41F5J/chssqcR1or4zPghYHP9v2CPYglEJ KZ0s/jDqTrP6ZgsEc1MNZBXEPPf2SxANVvQwThIphdMpxsDV6nbmPQ5luvUNW0mynK+H 6fIumCUdoVvkBTW8AJFXBX1OzuI4OHv1qnqZ8zPd7x0gI0HSczCKcflJiJU24nelkZQm DybWMuAR0oN9DsiWiCOHOdqaM5kh6ZPWDc2oX+VuNrPfMKtGYEMA6JVwom08o+nLZwSi mIMDeV2EjvCTIGiNY1KO9X7q83yPtBUClUvDLDIsPsNhd6oTQApQ/Twt6D7cCFZU5Y6v nk8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:date:message-id:subject:from:to :arc-authentication-results; bh=8RSqh07NFUVDVxlbdlwwD70oA6idfXX6Gtw68IDFuow=; b=1BvgURnO7bhQIx+OfJuCJs0MFTfdDhe31fUMEdmznbCF5nfC2Ha1+fjDbRsF2rH307 V8ue/AdmpVcXx79TNNF68WmmcLjIyZksfvCgoJXgNwYxTt8C/WPQvpJDem/OO9LOn/mO qJ3C8OT3NkaU2HF0Ef4BODk4Y4pKXhw1jc5kJMKOHk4p0mJOguKeUI41ZXz1tlKl2ZYG 61nBbuWHuaFcgleZts0D3eT8o/77r3aOw035uAOL7NtQ7/Kd9WUzsHOaamxxnjwXA5wr Q9Y4itikSKisX8KhNnoxmzUAtlotlHDPi+QqgYg/KxWSWYPs9vH1zhUvdbvXfxzta0aH nvFw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y192si117194pgd.109.2017.12.05.05.47.23; Tue, 05 Dec 2017 05:47:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752909AbdLENrU (ORCPT + 28 others); Tue, 5 Dec 2017 08:47:20 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:11511 "EHLO szxga05-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751416AbdLENrT (ORCPT ); Tue, 5 Dec 2017 08:47:19 -0500 Received: from 172.30.72.58 (EHLO DGGEMS401-HUB.china.huawei.com) ([172.30.72.58]) by dggrg05-dlp.huawei.com (MOS 4.4.6-GA FastPath queued) with ESMTP id DLW50442; Tue, 05 Dec 2017 21:46:37 +0800 (CST) Received: from [127.0.0.1] (10.177.23.32) by DGGEMS401-HUB.china.huawei.com (10.3.19.201) with Microsoft SMTP Server id 14.3.361.1; Tue, 5 Dec 2017 21:46:27 +0800 To: Al Viro , , , LinuxArm From: Ding Tianhong Subject: [PATCH] fs/sync: fix the signed integer overflow warning Message-ID: <4d9e1313-2b39-fe9a-6911-a925946e4353@huawei.com> Date: Tue, 5 Dec 2017 21:46:10 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 X-Originating-IP: [10.177.23.32] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090204.5A26A33E.0009, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: baae386c799bfdcb7d8312c928bcb521 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The syzkaller report the warning when enable the UBSAN: UBSAN: Undefined behaviour in fs/sync.c:290:10 signed integer overflow: -1 + -9223372036854775808 cannot be represented in type 'long long int' CPU: 0 PID: 3149 Comm: syz-executor3 Not tainted 4.xx #2 Hardware name: linux,dummy-virt (DT) Call trace: [] dump_backtrace+0x0/0x2a0 [] show_stack+0x20/0x30 [] dump_stack+0x11c/0x16c [] ubsan_epilogue+0x18/0x70 [] handle_overflow+0x14c/0x188 [] __ubsan_handle_add_overflow+0x34/0x44 [] SyS_sync_file_range+0x118/0x210 -- 1.8.3.1 =========================================================================== The problem is that the input parameter is a wrong value, resulting in an overflow of the 'endbyte', also it will not cause any serious problem and return out in the next step. This patch only fix the warning and no change the logic. Signed-off-by: Ding Tianhong --- fs/sync.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/sync.c b/fs/sync.c index 6e0a2cb..0f77586 100644 --- a/fs/sync.c +++ b/fs/sync.c @@ -293,10 +293,11 @@ static int do_fsync(unsigned int fd, int datasync) if (flags & ~VALID_FLAGS) goto out; - endbyte = offset + nbytes; - if ((s64)offset < 0) goto out; + + endbyte = offset + nbytes; + if ((s64)endbyte < 0) goto out; if (endbyte < offset)