Re: signed integer overflow in atomic.h

From: Randy Dunlap
Date: Thu Aug 12 2021 - 11:07:48 EST


On 8/11/21 10:41 PM, Steve French wrote:
===============
[ 28.345189] UBSAN: signed-integer-overflow in
./arch/x86/include/asm/atomic.h:165:11
[ 28.345196] 484501395 + 2024361625 cannot be represented in type 'int'
[ 28.345202] CPU: 6 PID: 987 Comm: nmbd Not tainted 5.11.22 #1
[ 28.345208] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 28.345212] Call Trace:
[ 28.345218] dump_stack+0x8d/0xb5
[ 28.345233] ubsan_epilogue+0x5/0x50
[ 28.345242] handle_overflow+0xa3/0xb0
[ 28.345257] ? rcu_read_lock_sched_held+0x39/0x80
[ 28.345270] ip_idents_reserve+0x8d/0xb0
[ 28.345283] __ip_select_ident+0x3f/0x70
[ 28.345292] __ip_make_skb+0x279/0x450
[ 28.345302] ? ip_reply_glue_bits+0x40/0x40
[ 28.345314] ip_make_skb+0x10d/0x130
[ 28.345326] ? ip_route_output_key_hash+0xee/0x190
[ 28.345344] udp_sendmsg+0x79b/0x13b0
[ 28.345365] ? ip_reply_glue_bits+0x40/0x40
[ 28.345403] ? find_held_lock+0x29/0xb0
[ 28.345420] ? sock_sendmsg+0x54/0x60
[ 28.345426] sock_sendmsg+0x54/0x60

from net/ipv4/route.c:

/* If UBSAN reports an error there, please make sure your compiler
* supports -fno-strict-overflow before reporting it that was a bug
* in UBSAN, and it has been fixed in GCC-8.
*/
return atomic_add_return(segs + delta, p_id) - segs;


--
~Randy