Hi,
Compiling the kernel with option KUBSAN finds undefined behavior.
Here are some easy fixes that shift signed values too far.
kubsan: arch/amd64/amd64/identcpu.c:882:17: shift: left shift of negative value
-1
kubsan: kern/kern_descrip.c:159:30: shift: left shift of 1 by 31 places cannot
be represented in type 'int'
kubsan: kern/kern_descrip.c:170:26: shift: left shift of 1 by 31 places cannot
be represented in type 'int'
kubsan: kern/kern_descrip.c:189:28: shift: left shift of 1 by 31 places cannot
be represented in type 'int'
kubsan: kern/kern_sched.c:265:25: shift: left shift of 1 by 31 places cannot be
represented in type 'int'
kubsan: kern/kern_sched.c:289:27: shift: left shift of 1 by 31 places cannot be
represented in type 'int'
kubsan: kern/subr_pool.c:964:7: shift: left shift of 1 by 31 places cannot be
represented in type 'int'
kubsan: netinet/in_pcb.c:200:11: shift: left shift of 1 by 31 places cannot be
represented in type 'int'
kubsan: netinet/ip_esp.c:1005:13: shift: left shift of 1 by 31 places cannot be
represented in type 'int'
kubsan: kern/kern_descrip.c:159:30: shift: left shift of 1 by 31 places cannot
be represented in type 'int'
kubsan: kern/kern_descrip.c:189:28: shift: left shift of 1 by 31 places cannot
be represented in type 'int'
kubsan: net/rtsock.c:1429:31: shift: left shift of 1 by 31 places cannot be
represented in type 'int'
kubsan: netinet/in_pcb.c:200:11: shift: left shift of 1 by 31 places cannot be
represented in type 'int'
kubsan: netinet/in_pcb.c:207:11: shift: left shift of 1 by 31 places cannot be
represented in type 'int'
ok?
bluhm
Index: arch/amd64/amd64/identcpu.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/identcpu.c,v
retrieving revision 1.121
diff -u -p -r1.121 identcpu.c
--- arch/amd64/amd64/identcpu.c 2 Nov 2021 23:30:15 -0000 1.121
+++ arch/amd64/amd64/identcpu.c 19 Jan 2022 22:48:46 -0000
@@ -854,7 +854,7 @@ cpu_topology(struct cpu_info *ci)
ci->ci_pkg_id = apicid >> core_bits;
/* Get rid of the package bits */
- core_mask = (1 << core_bits) - 1;
+ core_mask = (1U << core_bits) - 1;
thread_id = apicid & core_mask;
/* Cut logical thread_id into core id, and smt id in a core */
@@ -872,14 +872,14 @@ cpu_topology(struct cpu_info *ci)
max_coreid = ((eax >> 26) & 0x3f) + 1;
/* SMT */
smt_bits = mask_width(max_apicid / max_coreid);
- smt_mask = (1 << smt_bits) - 1;
+ smt_mask = (1U << smt_bits) - 1;
/* Core */
core_bits = log2(max_coreid);
- core_mask = (1 << (core_bits + smt_bits)) - 1;
+ core_mask = (1U << (core_bits + smt_bits)) - 1;
core_mask ^= smt_mask;
/* Pkg */
pkg_bits = core_bits + smt_bits;
- pkg_mask = -1 << core_bits;
+ pkg_mask = ~0U << core_bits;
ci->ci_smt_id = apicid & smt_mask;
ci->ci_core_id = (apicid & core_mask) >> smt_bits;
Index: kern/kern_descrip.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/kern_descrip.c,v
retrieving revision 1.204
diff -u -p -r1.204 kern_descrip.c
--- kern/kern_descrip.c 25 Oct 2021 10:24:54 -0000 1.204
+++ kern/kern_descrip.c 19 Jan 2022 22:48:46 -0000
@@ -156,7 +156,7 @@ fd_inuse(struct filedesc *fdp, int fd)
{
u_int off = fd >> NDENTRYSHIFT;
- if (fdp->fd_lomap[off] & (1 << (fd & NDENTRYMASK)))
+ if (fdp->fd_lomap[off] & (1U << (fd & NDENTRYMASK)))
return 1;
return 0;
@@ -167,9 +167,9 @@ fd_used(struct filedesc *fdp, int fd)
{
u_int off = fd >> NDENTRYSHIFT;
- fdp->fd_lomap[off] |= 1 << (fd & NDENTRYMASK);
+ fdp->fd_lomap[off] |= 1U << (fd & NDENTRYMASK);
if (fdp->fd_lomap[off] == ~0)
- fdp->fd_himap[off >> NDENTRYSHIFT] |= 1 << (off & NDENTRYMASK);
+ fdp->fd_himap[off >> NDENTRYSHIFT] |= 1U << (off & NDENTRYMASK);
if (fd > fdp->fd_lastfile)
fdp->fd_lastfile = fd;
@@ -185,8 +185,8 @@ fd_unused(struct filedesc *fdp, int fd)
fdp->fd_freefile = fd;
if (fdp->fd_lomap[off] == ~0)
- fdp->fd_himap[off >> NDENTRYSHIFT] &= ~(1 << (off &
NDENTRYMASK));
- fdp->fd_lomap[off] &= ~(1 << (fd & NDENTRYMASK));
+ fdp->fd_himap[off >> NDENTRYSHIFT] &= ~(1U << (off &
NDENTRYMASK));
+ fdp->fd_lomap[off] &= ~(1U << (fd & NDENTRYMASK));
#ifdef DIAGNOSTIC
if (fd > fdp->fd_lastfile)
Index: kern/kern_sched.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/kern_sched.c,v
retrieving revision 1.73
diff -u -p -r1.73 kern_sched.c
--- kern/kern_sched.c 9 Sep 2021 18:41:39 -0000 1.73
+++ kern/kern_sched.c 19 Jan 2022 22:48:46 -0000
@@ -262,7 +262,7 @@ setrunqueue(struct cpu_info *ci, struct
p->p_p->ps_pid);
TAILQ_INSERT_TAIL(&spc->spc_qs[queue], p, p_runq);
- spc->spc_whichqs |= (1 << queue);
+ spc->spc_whichqs |= (1U << queue);
cpuset_add(&sched_queued_cpus, p->p_cpu);
if (cpuset_isset(&sched_idle_cpus, p->p_cpu))
@@ -286,7 +286,7 @@ remrunqueue(struct proc *p)
TAILQ_REMOVE(&spc->spc_qs[queue], p, p_runq);
if (TAILQ_EMPTY(&spc->spc_qs[queue])) {
- spc->spc_whichqs &= ~(1 << queue);
+ spc->spc_whichqs &= ~(1U << queue);
if (spc->spc_whichqs == 0)
cpuset_del(&sched_queued_cpus, p->p_cpu);
}
@@ -757,21 +757,21 @@ void
cpuset_add(struct cpuset *cs, struct cpu_info *ci)
{
unsigned int num = CPU_INFO_UNIT(ci);
- atomic_setbits_int(&cs->cs_set[num/32], (1 << (num % 32)));
+ atomic_setbits_int(&cs->cs_set[num/32], (1U << (num % 32)));
}
void
cpuset_del(struct cpuset *cs, struct cpu_info *ci)
{
unsigned int num = CPU_INFO_UNIT(ci);
- atomic_clearbits_int(&cs->cs_set[num/32], (1 << (num % 32)));
+ atomic_clearbits_int(&cs->cs_set[num/32], (1U << (num % 32)));
}
int
cpuset_isset(struct cpuset *cs, struct cpu_info *ci)
{
unsigned int num = CPU_INFO_UNIT(ci);
- return (cs->cs_set[num/32] & (1 << (num % 32)));
+ return (cs->cs_set[num/32] & (1U << (num % 32)));
}
void
Index: kern/subr_pool.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/subr_pool.c,v
retrieving revision 1.234
diff -u -p -r1.234 subr_pool.c
--- kern/subr_pool.c 15 Jun 2021 05:24:46 -0000 1.234
+++ kern/subr_pool.c 19 Jan 2022 22:48:46 -0000
@@ -961,7 +961,7 @@ pool_p_alloc(struct pool *pp, int flags,
order = arc4random();
o = 0;
}
- if (ISSET(order, 1 << o++))
+ if (ISSET(order, 1U << o++))
XSIMPLEQ_INSERT_TAIL(&ph->ph_items, pi, pi_list);
else
XSIMPLEQ_INSERT_HEAD(&ph->ph_items, pi, pi_list);
Index: net/rtsock.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/rtsock.c,v
retrieving revision 1.323
diff -u -p -r1.323 rtsock.c
--- net/rtsock.c 16 Dec 2021 09:33:56 -0000 1.323
+++ net/rtsock.c 19 Jan 2022 22:48:46 -0000
@@ -538,7 +538,7 @@ route_input(struct mbuf *m0, struct sock
/* but RTM_DESYNC can't be filtered */
if (rtm->rtm_type != RTM_DESYNC) {
if (rop->rop_msgfilter != 0 &&
- !(rop->rop_msgfilter & (1 << rtm->rtm_type)))
+ !(rop->rop_msgfilter & (1U << rtm->rtm_type)))
goto next;
if (ISSET(rop->rop_flagfilter, rtm->rtm_flags))
goto next;
@@ -1426,7 +1426,7 @@ rtm_xaddrs(caddr_t cp, caddr_t cplim, st
*/
bzero(rtinfo->rti_info, sizeof(rtinfo->rti_info));
for (i = 0; i < sizeof(rtinfo->rti_addrs) * 8; i++) {
- if ((rtinfo->rti_addrs & (1 << i)) == 0)
+ if ((rtinfo->rti_addrs & (1U << i)) == 0)
continue;
if (i >= RTAX_MAX || cp + sizeof(socklen_t) > cplim)
return (EINVAL);
@@ -1605,7 +1605,7 @@ rtm_msg1(int type, struct rt_addrinfo *r
for (i = 0; i < RTAX_MAX; i++) {
if (rtinfo == NULL || (sa = rtinfo->rti_info[i]) == NULL)
continue;
- rtinfo->rti_addrs |= (1 << i);
+ rtinfo->rti_addrs |= (1U << i);
dlen = ROUNDUP(sa->sa_len);
if (m_copyback(m, len, dlen, sa, M_NOWAIT)) {
m_freem(m);
@@ -1650,7 +1650,7 @@ again:
if ((sa = rtinfo->rti_info[i]) == NULL)
continue;
- rtinfo->rti_addrs |= (1 << i);
+ rtinfo->rti_addrs |= (1U << i);
dlen = ROUNDUP(sa->sa_len);
if (cp) {
bcopy(sa, cp, (size_t)dlen);
Index: netinet/in_pcb.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/in_pcb.h,v
retrieving revision 1.121
diff -u -p -r1.121 in_pcb.h
--- netinet/in_pcb.h 25 Jan 2021 03:40:46 -0000 1.121
+++ netinet/in_pcb.h 19 Jan 2022 22:48:46 -0000
@@ -226,9 +226,9 @@ struct inpcbtable {
/* macros for handling bitmap of ports not to allocate dynamically */
#define DP_MAPBITS (sizeof(u_int32_t) * NBBY)
#define DP_MAPSIZE (howmany(65536, DP_MAPBITS))
-#define DP_SET(m, p) ((m)[(p) / DP_MAPBITS] |= (1 << ((p) %
DP_MAPBITS)))
-#define DP_CLR(m, p) ((m)[(p) / DP_MAPBITS] &= ~(1 << ((p) %
DP_MAPBITS)))
-#define DP_ISSET(m, p) ((m)[(p) / DP_MAPBITS] & (1 << ((p) %
DP_MAPBITS)))
+#define DP_SET(m, p) ((m)[(p) / DP_MAPBITS] |= (1U << ((p) %
DP_MAPBITS)))
+#define DP_CLR(m, p) ((m)[(p) / DP_MAPBITS] &= ~(1U << ((p) %
DP_MAPBITS)))
+#define DP_ISSET(m, p) ((m)[(p) / DP_MAPBITS] & (1U << ((p) %
DP_MAPBITS)))
/* default values for baddynamicports [see ip_init()] */
#define DEFBADDYNAMICPORTS_TCP { \
Index: netinet/ip_esp.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_esp.c,v
retrieving revision 1.193
diff -u -p -r1.193 ip_esp.c
--- netinet/ip_esp.c 23 Dec 2021 22:35:11 -0000 1.193
+++ netinet/ip_esp.c 19 Jan 2022 22:48:46 -0000
@@ -1002,7 +1002,7 @@ checkreplaywindow(struct tdb *tdb, u_int
wl = tl - window + 1;
idx = (seq % TDB_REPLAYMAX) / 32;
- packet = 1 << (31 - (seq & 31));
+ packet = 1U << (31 - (seq & 31));
/*
* We keep the high part intact when:
