From patchwork Tue Dec  5 13:46:10 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ding Tianhong <dingtianhong@huawei.com>
X-Patchwork-Id: 120649
Delivered-To: patch@linaro.org
Received: by 10.140.22.227 with SMTP id 90csp5767601qgn;
 Tue, 5 Dec 2017 05:47:24 -0800 (PST)
X-Google-Smtp-Source: AGs4zMbS99gp7VkzKEmVV9waiWDxZ3/+jdt/W/EsTMobHejV1zXPHPjWNk5RsA1canFtZsXGylgV
X-Received: by 10.99.125.71 with SMTP id m7mr17941028pgn.349.1512481644063; 
 Tue, 05 Dec 2017 05:47:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1512481644; cv=none;
 d=google.com; s=arc-20160816;
 b=kpgSC8aLoEuDVTApb0FSpoo7i+mwEb7P41F5J/chssqcR1or4zPghYHP9v2CPYglEJ
 KZ0s/jDqTrP6ZgsEc1MNZBXEPPf2SxANVvQwThIphdMpxsDV6nbmPQ5luvUNW0mynK+H
 6fIumCUdoVvkBTW8AJFXBX1OzuI4OHv1qnqZ8zPd7x0gI0HSczCKcflJiJU24nelkZQm
 DybWMuAR0oN9DsiWiCOHOdqaM5kh6ZPWDc2oX+VuNrPfMKtGYEMA6JVwom08o+nLZwSi
 mIMDeV2EjvCTIGiNY1KO9X7q83yPtBUClUvDLDIsPsNhd6oTQApQ/Twt6D7cCFZU5Y6v
 nk8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:content-transfer-encoding:mime-version
 :user-agent:date:message-id:subject:from:to
 :arc-authentication-results;
 bh=8RSqh07NFUVDVxlbdlwwD70oA6idfXX6Gtw68IDFuow=;
 b=1BvgURnO7bhQIx+OfJuCJs0MFTfdDhe31fUMEdmznbCF5nfC2Ha1+fjDbRsF2rH307
 V8ue/AdmpVcXx79TNNF68WmmcLjIyZksfvCgoJXgNwYxTt8C/WPQvpJDem/OO9LOn/mO
 qJ3C8OT3NkaU2HF0Ef4BODk4Y4pKXhw1jc5kJMKOHk4p0mJOguKeUI41ZXz1tlKl2ZYG
 61nBbuWHuaFcgleZts0D3eT8o/77r3aOw035uAOL7NtQ7/Kd9WUzsHOaamxxnjwXA5wr
 Q9Y4itikSKisX8KhNnoxmzUAtlotlHDPi+QqgYg/KxWSWYPs9vH1zhUvdbvXfxzta0aH
 nvFw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 y192si117194pgd.109.2017.12.05.05.47.23; 
 Tue, 05 Dec 2017 05:47:24 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1752909AbdLENrU (ORCPT <rfc822; dan.rue@linaro.org> + 28 others); 
 Tue, 5 Dec 2017 08:47:20 -0500
Received: from szxga05-in.huawei.com ([45.249.212.191]:11511 "EHLO
 szxga05-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1751416AbdLENrT (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Tue, 5 Dec 2017 08:47:19 -0500
Received: from 172.30.72.58 (EHLO DGGEMS401-HUB.china.huawei.com)
 ([172.30.72.58])
 by dggrg05-dlp.huawei.com (MOS 4.4.6-GA FastPath queued)
 with ESMTP id DLW50442; Tue, 05 Dec 2017 21:46:37 +0800 (CST)
Received: from [127.0.0.1] (10.177.23.32) by DGGEMS401-HUB.china.huawei.com
 (10.3.19.201) with Microsoft SMTP Server id 14.3.361.1;
 Tue, 5 Dec 2017 21:46:27 +0800
To: Al Viro <viro@ZenIV.linux.org.uk>, <linux-fsdevel@vger.kernel.org>,
 <linux-kernel@vger.kernel.org>, LinuxArm <linuxarm@huawei.com>
From: Ding Tianhong <dingtianhong@huawei.com>
Subject: [PATCH] fs/sync: fix the signed integer overflow warning
Message-ID: <4d9e1313-2b39-fe9a-6911-a925946e4353@huawei.com>
Date: Tue, 5 Dec 2017 21:46:10 +0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
X-Originating-IP: [10.177.23.32]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
 refid=str=0001.0A090204.5A26A33E.0009, ss=1, re=0.000, recu=0.000,
 reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0,
 so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: baae386c799bfdcb7d8312c928bcb521
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The syzkaller report the warning when enable the UBSAN:

UBSAN: Undefined behaviour in fs/sync.c:290:10
signed integer overflow:
-1 + -9223372036854775808 cannot be represented in type 'long long int'
CPU: 0 PID: 3149 Comm: syz-executor3 Not tainted 4.xx #2
Hardware name: linux,dummy-virt (DT)
Call trace:
[<ffffffc00008f4d0>] dump_backtrace+0x0/0x2a0
[<ffffffc00008f790>] show_stack+0x20/0x30
[<ffffffc000ec3b5c>] dump_stack+0x11c/0x16c
[<ffffffc000ec3e80>] ubsan_epilogue+0x18/0x70
[<ffffffc000ec4ca0>] handle_overflow+0x14c/0x188
[<ffffffc000ec4d10>] __ubsan_handle_add_overflow+0x34/0x44
[<ffffffc00038c9f0>] SyS_sync_file_range+0x118/0x210

-- 
1.8.3.1

===========================================================================

The problem is that the input parameter is a wrong value, resulting in
an overflow of the 'endbyte', also it will not cause any serious problem
and return out in the next step.

This patch only fix the warning and no change the logic.

Signed-off-by: Ding Tianhong <dingtianhong@huawei.com>
---
 fs/sync.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/sync.c b/fs/sync.c
index 6e0a2cb..0f77586 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -293,10 +293,11 @@ static int do_fsync(unsigned int fd, int datasync)
 	if (flags & ~VALID_FLAGS)
 		goto out;

-	endbyte = offset + nbytes;
-
 	if ((s64)offset < 0)
 		goto out;
+
+	endbyte = offset + nbytes;
+
 	if ((s64)endbyte < 0)
 		goto out;
 	if (endbyte < offset)