| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1D65AD7F-DEE2-48DC-8C5D-5814B53FA0A5@gmail.com>
Date: Wed, 24 Sep 2025 09:27:15 +0800
From: 陈华昭(Lyican) <lyican53@...il.com>
To: Viacheslav Dubeyko <Slava.Dubeyko@....com>
Cc: "ceph-devel@...r.kernel.org" <ceph-devel@...r.kernel.org>,
"idryomov@...il.com" <idryomov@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Xiubo Li <xiubli@...hat.com>
Subject: Re: [PATCH] ceph: Fix potential undefined behavior in crush_ln() with
GCC 11.1.0
Hi Slava,
I apologize for the confusion with multiple patch versions. Here is one single formal patch that I have thoroughly tested and verified on multiple platforms:
**Testing verification**:
- Successfully tested on macOS with `git am`
- Successfully tested on Windows with `git am`
- Verified using `git apply --check` and `patch --dry-run`
- Confirmed to apply cleanly to Linux v6.17-rc6 (commit f83ec76bf285bea5727f478a68b894f5543ca76e)
---
From f83ec76bf285bea5727f478a68b894f5543ca76e Mon Sep 23 09:05:00 2025
From: Huazhao Chen <lyican53@...il.com>
Date: Mon, 23 Sep 2025 09:00:00 +0800
Subject: [PATCH] ceph: Fix potential undefined behavior in crush_ln() with GCC
11.1.0
When x & 0x1FFFF equals zero, __builtin_clz() is called with a zero
argument, which results in undefined behavior. This can happen during
ceph's consistent hashing calculations and may lead to incorrect
placement group mappings.
Fix by checking if the masked value is non-zero before calling
__builtin_clz(). If the masked value is zero, use the expected
result of 16 directly.
Signed-off-by: Huazhao Chen <lyican53@...il.com>
---
net/ceph/crush/mapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ceph/crush/mapper.c b/net/ceph/crush/mapper.c
index 3a5bd1cd1..000f7a633 100644
--- a/net/ceph/crush/mapper.c
+++ b/net/ceph/crush/mapper.c
@@ -262,7 +262,7 @@ static __u64 crush_ln(unsigned int xin)
* do it in one step instead of iteratively
*/
if (!(x & 0x18000)) {
- int bits = __builtin_clz(x & 0x1FFFF) - 16;
+ int bits = (x & 0x1FFFF) ? __builtin_clz(x & 0x1FFFF) - 16 : 16;
x <<= bits;
iexpon = 15 - bits;
}
--
2.39.5 (Apple Git-154)
---
**Important clarification about git diff format**:
I understand your confusion about the line numbers. The "@@ -262,7 +262,7 @@" header is **git's automatic context display format**, not an indication of which line I'm trying to modify. Here's what it means:
- `-262,7`: Git shows 7 lines of context starting from line 262 in the original file
- `+262,7`: Git shows 7 lines of context starting from line 262 in the modified file
- **The actual code change is on line 265**: `int bits = __builtin_clz(x & 0x1FFFF) - 16;`
This is exactly the line you referenced in your message [1]. Git automatically chooses context lines to make patches unambiguous - I did not manually specify line 262.
**Cross-platform testing results**:
- macOS: `git am` successful
- Windows: `git am` successful
- Validation: `git apply --check` and `patch --dry-run` both pass
The patch is ready for your review and should apply without any issues.
I would be grateful if you could review this patch again. If you encounter any issues during application, please let me know and I'll be happy to provide additional assistance.
Thank you for your patience and thorough review process.
Best regards,
Huazhao Chen
[1] https://elixir.bootlin.com/linux/v6.17-rc6/source/net/ceph/crush/mapper.c#L265
Powered by blists - more mailing lists