Details
-
Bug
-
Resolution: Fixed
-
Minor
-
Lustre 2.11.0
-
None
-
upstream client / standard lustre client.
-
3
-
9223372036854775807
Description
After landing the patch for LU-7890 Dan Carpenter ran a static checker on the lustre code and reported the following error:
The patch 476f575cf070: "staging: lustre: lov: Ensure correct
operation for large object sizes" from Jul 26, 2017, leads to the
following static checker warning:
drivers/staging/lustre/lustre/lov/lov_ea.c:207 lsm_unpackmd_common()
warn: signed overflow undefined. 'min_stripe_maxbytes * stripe_count < min_stripe_maxbytes'
drivers/staging/lustre/lustre/lov/lov_ea.c
148 static int lsm_unpackmd_common(struct lov_obd *lov,
149 struct lov_stripe_md *lsm,
150 struct lov_mds_md *lmm,
151 struct lov_ost_data_v1 *objects)
152 {
153 loff_t min_stripe_maxbytes = 0;
^^^^^^
loff_t is long long.
154 unsigned int stripe_count;
155 struct lov_oinfo *loi;
156 loff_t lov_bytes;
157 unsigned int i;
158
159 /*
160 * This supposes lov_mds_md_v1/v3 first fields are
161 * are the same
162 */
163 lmm_oi_le_to_cpu(&lsm->lsm_oi, &lmm->lmm_oi);
164 lsm->lsm_stripe_size = le32_to_cpu(lmm->lmm_stripe_size);
165 lsm->lsm_pattern = le32_to_cpu(lmm->lmm_pattern);
166 lsm->lsm_layout_gen = le16_to_cpu(lmm->lmm_layout_gen);
167 lsm->lsm_pool_name[0] = '\0';
168
169 stripe_count = lsm_is_released(lsm) ? 0 : lsm->lsm_stripe_count;
170
171 for (i = 0; i < stripe_count; i++) {
172 loi = lsm->lsm_oinfo[i];
173 ostid_le_to_cpu(&objects[i].l_ost_oi, &loi->loi_oi);
174 loi->loi_ost_idx = le32_to_cpu(objects[i].l_ost_idx);
175 loi->loi_ost_gen = le32_to_cpu(objects[i].l_ost_gen);
176 if (lov_oinfo_is_dummy(loi))
177 continue;
178
179 if (loi->loi_ost_idx >= lov->desc.ld_tgt_count &&
180 !lov2obd(lov)->obd_process_conf) {
181 CERROR("%s: OST index %d more than OST count %d\n",
182 (char *)lov->desc.ld_uuid.uuid,
183 loi->loi_ost_idx, lov->desc.ld_tgt_count);
184 lov_dump_lmm_v1(D_WARNING, lmm);
185 return -EINVAL;
186 }
187
188 if (!lov->lov_tgts[loi->loi_ost_idx]) {
189 CERROR("%s: OST index %d missing\n",
190 (char *)lov->desc.ld_uuid.uuid,
191 loi->loi_ost_idx);
192 lov_dump_lmm_v1(D_WARNING, lmm);
193 continue;
194 }
195
196 lov_bytes = lov_tgt_maxbytes(lov->lov_tgts[loi->loi_ost_idx]);
197 if (min_stripe_maxbytes == 0 || lov_bytes < min_stripe_maxbytes)
198 min_stripe_maxbytes = lov_bytes;
199 }
200
201 if (min_stripe_maxbytes == 0)
202 min_stripe_maxbytes = LUSTRE_EXT3_STRIPE_MAXBYTES;
203
204 stripe_count = lsm->lsm_stripe_count ?: lov->desc.ld_tgt_count;
205 lov_bytes = min_stripe_maxbytes * stripe_count;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is undefined in C.
206
207 if (lov_bytes < min_stripe_maxbytes) /* handle overflow */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
So this might be wrong.
208 lsm->lsm_maxbytes = MAX_LFS_FILESIZE;
209 else
210 lsm->lsm_maxbytes = lov_bytes;
211
212 return 0;
213 }
