Mellanox [mlx5] [bionic] UBSAN: Undefined behaviour in ./include/linux/net_dim.h
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
We see UBSAN: Undefined behaviour in ./include/
we saw the following trace during traffic in the regression:
[12885.292500] UBSAN: Undefined behaviour in ./include/
[12885.296358] signed integer overflow:
[12885.300100] 358869104 * 100 cannot be represented in type 'int'
[12885.304001] CPU: 2 PID: 19630 Comm: sock_stream_tes Tainted: G OE 4.15.0-
[12885.311856] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-
[12885.316091] Call Trace:
[12885.320234] <IRQ>
[12885.324366] dump_stack+
[12885.328586] ? dma_virt_
[12885.332804] ? val_to_
[12885.337055] ubsan_epilogue+
[12885.341345] handle_
[12885.345636] ? __ubsan_
[12885.349891] ? kvm_clock_
[12885.354230] ? ktime_get+
[12885.358654] ? getrawmonotonic
[12885.363116] ? mark_lock+
[12885.367624] ? inet_recvmsg+
[12885.372114] mlx5e_napi_
[12885.376774] ? mlx5e_rx_
[12885.381406] ? print_irqtrace_
[12885.385907] ? mark_held_
[12885.392099] ? print_irqtrace_
[12885.396589] ? trace_hardirqs_
[12885.401278] ? kasan_slab_
[12885.406000] ? pvclock_
[12885.410608] ? mark_held_
[12885.415251] net_rx_
[12885.419873] ? napi_complete_
[12885.424385] ? check_chain_
[12885.428784] ? debug_check_
[12885.433041] ? match_held_
[12885.437215] ? match_held_
[12885.441249] ? lock_downgrade+
[12885.445151] ? do_raw_
[12885.448970] ? save_trace+
[12885.452664] ? save_trace+
[12885.456224] ? match_held_
[12885.459668] ? pvclock_
[12885.463085] ? save_trace+
[12885.466361] ? preempt_
[12885.469566] ? __lock_
[12885.472665] ? preempt_
[12885.475653] ? __lock_
[12885.478529] ? mark_lock+
[12885.481276] ? match_held_
[12885.483984] ? print_irqtrace_
[12885.486679] ? save_trace+
[12885.490891] ? irq_exit+
[12885.493454] ? __napi_
[12885.495936] ? netdev_
[12885.498402] ? check_chain_
[12885.500774] ? __tasklet_
[12885.503086] ? match_held_
[12885.505431] ? mlx5_eq_
[12885.507775] ? save_trace+
[12885.510082] ? pvclock_
[12885.512416] ? pvclock_
[12885.514705] ? save_trace+
[12885.516995] ? __handle_
[12885.519305] ? __lock_
[12885.521630] __do_softirq+
[12885.523913] ? __irqentry_
[12885.526234] ? pvclock_
[12885.528563] ? pvclock_
[12885.530843] ? do_raw_
[12885.533178] ? kvm_clock_
[12885.535432] ? kvm_sched_
[12885.537702] ? sched_clock_
[12885.539968] irq_exit+0xf4/0x150
[12885.542186] do_IRQ+0xe8/0x1e0
[12885.544390] common_
[12885.546607] </IRQ>
There is int overflow in:
include/
#define IS_SIGNIFICANT_
(((100 * abs((val) - (ref))) / (ref)) > 10) /* more than 10% difference */
The include/
The upstream fix that fix this issue is
commit f97c3dc3c0e8d23
Author: Tal Gilboa <email address hidden>
Date: Thu Mar 29 13:53:52 2018 +0300
net/dim: Fix int overflow
When calculating difference between samples, the values
are multiplied by 100. Large values may cause int overflow
when multiplied (usually on first iteration).
Fixed by forcing 100 to be of type unsigned long.
Fixes: 4c4dbb4a7363 ("net/mlx5e: Move dynamic interrupt coalescing code to include/linux")
Signed-off-by: Tal Gilboa <email address hidden>
Reviewed-by: Andy Gospodarek <email address hidden>
Signed-off-by: David S. Miller <email address hidden>
diff --git a/include/
index bebeaad..29ed8fd 100644
--- a/include/
+++ b/include/
@@ -231,7 +231,7 @@ static inline void net_dim_
}
#define IS_SIGNIFICANT_
- (((100 * abs((val) - (ref))) / (ref)) > 10) /* more than 10% difference */
+ (((100UL * abs((val) - (ref))) / (ref)) > 10) /* more than 10% difference */
static inline int net_dim_
Will sent a patch to Ubuntu kernel mailing list with a backported patch to the old location
Changed in linux (Ubuntu): | |
status: | Incomplete → Fix Committed |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1763269
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.