linux/drivers/s390/block
Christian Borntraeger 0f02c4e749 s390/dasd: avoid undefined behaviour
the mdc value can be quite big (like 65535), so we are in undefined
territory when doing the multiplication with the (also signed)
FCX_MAX_DATA_FACTOR as outlined by UBSAN:

UBSAN: Undefined behaviour in drivers/s390/block/dasd_eckd.c:1678:14
signed integer overflow:
65535 * 65536 cannot be represented in type 'int'
CPU: 5 PID: 183 Comm: kworker/u512:1 Not tainted 4.7.0+ #150
Workqueue: events_unbound async_run_entry_fn
000000fb8b59f900 000000fb8b59f990 0000000000000002 0000000000000000
000000fb8b59fa30 000000fb8b59f9a8 000000fb8b59f9a8 000000000011732e
00000000000000a4 0000000000a309e2 0000000000a4c072 000000000000000b
000000fb8b59f9f0 000000fb8b59f990 0000000000000000 0000000000000000
0400000000d83238 000000000011732e 000000fb8b59f990 000000fb8b59f9f0
Call Trace:
([<0000000000117260>] show_trace+0x98/0xa8)
([<00000000001172e0>] show_stack+0x70/0xf0)
([<000000000053ac96>] dump_stack+0x86/0xb8)
([<000000000057f5f8>] ubsan_epilogue+0x28/0x70)
([<000000000057fe9e>] handle_overflow+0xde/0xf0)
([<00000000006c322a>] dasd_eckd_check_characteristics+0x50a/0x550)
([<00000000006b42ca>] dasd_generic_set_online+0xba/0x380)
([<0000000000693d82>] ccw_device_set_online+0x192/0x550)
([<00000000006ac1ae>] dasd_generic_auto_online+0x2e/0x70)
([<0000000000172130>] async_run_entry_fn+0x70/0x270)
([<0000000000165a72>] process_one_work+0x26a/0x638)
([<0000000000165e8a>] worker_thread+0x4a/0x658)
([<000000000016dd9c>] kthread+0x10c/0x110)
([<00000000008963ae>] kernel_thread_starter+0x6/0xc)
([<00000000008963a8>] kernel_thread_starter+0x0/0xc)

As this is a runtime value there is actually no risk of any sane
compiler to detect and (ab)use this undefinedness, but let's make
the multiplication defined by making mdc unsigned.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Stefan Haberland <sth@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-10-17 11:25:25 +02:00
..
dasd_3990_erp.c s390/dasd: Add new ioctl BIODASDCHECKFMT 2016-04-15 18:16:39 +02:00
dasd_alias.c s390/dasd: reorder lcu and device lock 2016-03-17 13:18:25 +01:00
dasd_devmap.c s390/dasd: fix panic during offline processing 2016-09-26 16:45:29 +02:00
dasd_diag.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2016-03-16 10:47:45 -07:00
dasd_diag.h s390: remove 31 bit support 2015-03-25 11:49:33 +01:00
dasd_eckd.c s390/dasd: avoid undefined behaviour 2016-10-17 11:25:25 +02:00
dasd_eckd.h s390/dasd: Add new ioctl BIODASDCHECKFMT 2016-04-15 18:16:39 +02:00
dasd_eer.c s390/time: rename tod clock access functions 2013-02-14 15:55:10 +01:00
dasd_erp.c s390/dasd: add missing \n to end of dev_err messages 2016-09-28 09:18:48 +02:00
dasd_fba.c s390/dasd: remove casts to dasd_*_private 2016-03-07 13:12:02 +01:00
dasd_fba.h s390/comments: unify copyright messages and remove file names 2012-07-20 11:15:04 +02:00
dasd_genhd.c block: convert to device_add_disk() 2016-06-27 12:26:08 -07:00
dasd_int.h s390/dasd: fix panic during offline processing 2016-09-26 16:45:29 +02:00
dasd_ioctl.c s390/dasd: Add new ioctl BIODASDCHECKFMT 2016-04-15 18:16:39 +02:00
dasd_proc.c s390: Use pr_warn instead of pr_warning 2016-03-07 13:12:04 +01:00
dasd.c s390/dasd: fix panic during offline processing 2016-09-26 16:45:29 +02:00
dcssblk.c libnvdimm for 4.8 2016-07-28 17:38:16 -07:00
Kconfig s390/scm_block: force cluster writes 2012-09-26 15:45:01 +02:00
Makefile s390/scm_block: force cluster writes 2012-09-26 15:45:01 +02:00
scm_blk_cluster.c s390/scm_block: fix off by one during cluster reservation 2015-02-26 09:24:47 +01:00
scm_blk.c block: convert to device_add_disk() 2016-06-27 12:26:08 -07:00
scm_blk.h s390/scm_block: make the number of reqs per HW req configurable 2014-12-08 09:42:47 +01:00
scm_drv.c s390/scm_block: fix printk format string 2013-03-21 13:35:37 +01:00
xpram.c block: change ->make_request_fn() and users to return a queue cookie 2015-11-07 10:40:46 -07:00