diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-25 15:34:06 -0400 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-25 15:34:06 -0400 |
commit | 0d7a5d013d8efd1fb47085cb5c6e4f696510ff6e (patch) | |
tree | 457bd2a9cdd502bbfc020ea3edd7fbee04b3c1aa | |
parent | cb1dbc6568b53b439d4163aa7a2f5fa56e3231c6 (diff) | |
download | longterm-queue-4.12-0d7a5d013d8efd1fb47085cb5c6e4f696510ff6e.tar.gz |
scsi: add fix for fixes
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-rw-r--r-- | queue/scsi-aacraid-address-UBSAN-warning-regression.patch | 65 | ||||
-rw-r--r-- | queue/series | 1 |
2 files changed, 66 insertions, 0 deletions
diff --git a/queue/scsi-aacraid-address-UBSAN-warning-regression.patch b/queue/scsi-aacraid-address-UBSAN-warning-regression.patch new file mode 100644 index 0000000..1786e51 --- /dev/null +++ b/queue/scsi-aacraid-address-UBSAN-warning-regression.patch @@ -0,0 +1,65 @@ +From d18539754d97876503275efc7d00a1901bb0cfad Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann <arnd@arndb.de> +Date: Tue, 28 Nov 2017 14:25:25 +0100 +Subject: [PATCH] scsi: aacraid: address UBSAN warning regression + +commit d18539754d97876503275efc7d00a1901bb0cfad upstream. + +As reported by Meelis Roos, my previous patch causes an incorrect +calculation of the timeout, through an undefined signed integer +overflow: + +[ 12.228155] UBSAN: Undefined behaviour in drivers/scsi/aacraid/commsup.c:2514:49 +[ 12.228229] signed integer overflow: +[ 12.228283] 964297611 * 250 cannot be represented in type 'long int' + +The problem is that doing a multiplication with HZ first and then +dividing by USEC_PER_SEC worked correctly for 32-bit microseconds, +but not for 32-bit nanoseconds, which would require up to 41 bits. + +This reworks the calculation to first convert the nanoseconds into +jiffies, which should give us the same result as before and not overflow. + +Unfortunately I did not understand the exact intention of the algorithm, +in particular the part where we add half a second, so it's possible that +there is still a preexisting problem in this function. I added a comment +that this would be handled more nicely using usleep_range(), which +generally works better for waking up at a particular time than the +current schedule_timeout() based implementation. I did not feel +comfortable trying to implement that without being sure what the +intent is here though. + +Fixes: 820f18865912 ("scsi: aacraid: use timespec64 instead of timeval") +Tested-by: Meelis Roos <mroos@linux.ee> +Signed-off-by: Arnd Bergmann <arnd@arndb.de> +Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> + +diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c +index bec9f3193f60..80a8cb26cdea 100644 +--- a/drivers/scsi/aacraid/commsup.c ++++ b/drivers/scsi/aacraid/commsup.c +@@ -2482,8 +2482,8 @@ int aac_command_thread(void *data) + /* Synchronize our watches */ + if (((NSEC_PER_SEC - (NSEC_PER_SEC / HZ)) > now.tv_nsec) + && (now.tv_nsec > (NSEC_PER_SEC / HZ))) +- difference = (((NSEC_PER_SEC - now.tv_nsec) * HZ) +- + NSEC_PER_SEC / 2) / NSEC_PER_SEC; ++ difference = HZ + HZ / 2 - ++ now.tv_nsec / (NSEC_PER_SEC / HZ); + else { + if (now.tv_nsec > NSEC_PER_SEC / 2) + ++now.tv_sec; +@@ -2507,6 +2507,10 @@ int aac_command_thread(void *data) + if (kthread_should_stop()) + break; + ++ /* ++ * we probably want usleep_range() here instead of the ++ * jiffies computation ++ */ + schedule_timeout(difference); + + if (kthread_should_stop()) +-- +2.15.0 + diff --git a/queue/series b/queue/series index 41aa367..9d34ae8 100644 --- a/queue/series +++ b/queue/series @@ -32,6 +32,7 @@ video-fbdev-au1200fb-Release-some-resources-if-a-mem.patch video-fbdev-au1200fb-Return-an-error-code-if-a-memor.patch rtc-pcf8563-fix-output-clock-rate.patch scsi-aacraid-use-timespec64-instead-of-timeval.patch +scsi-aacraid-address-UBSAN-warning-regression.patch PM-s2idle-Clear-the-events_check_enabled-flag.patch ASoC-Intel-Skylake-Fix-uuid_module-memory-leak-in-fa.patch dmaengine-ti-dma-crossbar-Correct-am335x-am43xx-mux-.patch |