From: Linus Torvalds <[email protected]>
To: Jens Axboe <[email protected]>,
Pavel Begunkov <[email protected]>,
Colin Ian King <[email protected]>
Cc: io-uring <[email protected]>,
"Eric W. Biederman" <[email protected]>
Subject: Re: [GIT PULL] io_uring fixes for 5.12-rc5
Date: Sun, 28 Mar 2021 12:02:42 -0700 [thread overview]
Message-ID: <CAHk-=wiHof59ZbJai7M7Xw7RYfm8KszApXztnoTHePke5mZBsA@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
On Sat, Mar 27, 2021 at 6:02 PM Jens Axboe <[email protected]> wrote:
>
> - Fix sign extension issue for IORING_OP_PROVIDE_BUFFERS
I don't think this fixes anything.
It may change the sign bit, but as far as I can tell, doesn't actually
fix anything at all. You're multiplying a 16-bit value with a signed
32-bit one. The cast to "unsigned long" makes sure it's done as an
unsigned multiply, but doesn't change anything funcamental.
- "p->len" is an explictly signed type (__s32). Don't ask me why.
- the size calculation takes that signed value, turns it into an
"unsigned long" (which sign-extends it), and then does an unsigned
multiply of that nonsensical value
- that can overflow both in 64-bit and 32-bit (since the 32-bit
signed value has been made an extremely large "unsigned long"
So there is absolutely nothing "right" about the typing there. Not
before, and not after. The whole cast is entirely meaningless, and
doesn't seem to fix anything. It is basically a random change.
If you want that calculation to make sense, you need to
(a) disallow the insane case of signed "len". Most certainly not
sign-extend it to a large unsigned value.
(b) actually make sure there is no overflow
because adding a random cast does neither of those things.
Linus
next prev parent reply other threads:[~2021-03-28 19:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-28 1:01 [GIT PULL] io_uring fixes for 5.12-rc5 Jens Axboe
2021-03-28 19:02 ` Linus Torvalds [this message]
2021-03-28 20:38 ` Pavel Begunkov
2021-03-28 19:11 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wiHof59ZbJai7M7Xw7RYfm8KszApXztnoTHePke5mZBsA@mail.gmail.com' \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox