scsi: add fix for fixes

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

2 files changed, 66 insertions, 0 deletions

diff --git a/queue/scsi-aacraid-address-UBSAN-warning-regression.patch b/queue/scsi-aacraid-address-UBSAN-warning-regression.patch
new file mode 100644
index 0000000..1786e51
--- /dev/null
+++ b/queue/scsi-aacraid-address-UBSAN-warning-regression.patch
@@ -0,0 +1,65 @@
+From d18539754d97876503275efc7d00a1901bb0cfad Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Tue, 28 Nov 2017 14:25:25 +0100
+Subject: [PATCH] scsi: aacraid: address UBSAN warning regression
+
+commit d18539754d97876503275efc7d00a1901bb0cfad upstream.
+
+As reported by Meelis Roos, my previous patch causes an incorrect
+calculation of the timeout, through an undefined signed integer
+overflow:
+
+[   12.228155] UBSAN: Undefined behaviour in drivers/scsi/aacraid/commsup.c:2514:49
+[   12.228229] signed integer overflow:
+[   12.228283] 964297611 * 250 cannot be represented in type 'long int'
+
+The problem is that doing a multiplication with HZ first and then
+dividing by USEC_PER_SEC worked correctly for 32-bit microseconds,
+but not for 32-bit nanoseconds, which would require up to 41 bits.
+
+This reworks the calculation to first convert the nanoseconds into
+jiffies, which should give us the same result as before and not overflow.
+
+Unfortunately I did not understand the exact intention of the algorithm,
+in particular the part where we add half a second, so it's possible that
+there is still a preexisting problem in this function. I added a comment
+that this would be handled more nicely using usleep_range(), which
+generally works better for waking up at a particular time than the
+current schedule_timeout() based implementation. I did not feel
+comfortable trying to implement that without being sure what the
+intent is here though.
+
+Fixes: 820f18865912 ("scsi: aacraid: use timespec64 instead of timeval")
+Tested-by: Meelis Roos <mroos@linux.ee>
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+
+diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c
+index bec9f3193f60..80a8cb26cdea 100644
+--- a/drivers/scsi/aacraid/commsup.c
++++ b/drivers/scsi/aacraid/commsup.c
+@@ -2482,8 +2482,8 @@ int aac_command_thread(void *data)
+ 			/* Synchronize our watches */
+ 			if (((NSEC_PER_SEC - (NSEC_PER_SEC / HZ)) > now.tv_nsec)
+ 			 && (now.tv_nsec > (NSEC_PER_SEC / HZ)))
+-				difference = (((NSEC_PER_SEC - now.tv_nsec) * HZ)
+-				  + NSEC_PER_SEC / 2) / NSEC_PER_SEC;
++				difference = HZ + HZ / 2 -
++					     now.tv_nsec / (NSEC_PER_SEC / HZ);
+ 			else {
+ 				if (now.tv_nsec > NSEC_PER_SEC / 2)
+ 					++now.tv_sec;
+@@ -2507,6 +2507,10 @@ int aac_command_thread(void *data)
+ 		if (kthread_should_stop())
+ 			break;
+ 
++		/*
++		 * we probably want usleep_range() here instead of the
++		 * jiffies computation
++		 */
+ 		schedule_timeout(difference);
+ 
+ 		if (kthread_should_stop())
+-- 
+2.15.0
+
diff --git a/queue/series b/queue/series
index 41aa367..9d34ae8 100644
--- a/queue/series
+++ b/queue/series
@@ -32,6 +32,7 @@ video-fbdev-au1200fb-Release-some-resources-if-a-mem.patch
 video-fbdev-au1200fb-Return-an-error-code-if-a-memor.patch
 rtc-pcf8563-fix-output-clock-rate.patch
 scsi-aacraid-use-timespec64-instead-of-timeval.patch
+scsi-aacraid-address-UBSAN-warning-regression.patch
 PM-s2idle-Clear-the-events_check_enabled-flag.patch
 ASoC-Intel-Skylake-Fix-uuid_module-memory-leak-in-fa.patch
 dmaengine-ti-dma-crossbar-Correct-am335x-am43xx-mux-.patch