[LLVM-19] signed-integer-overflow in <build-dir>/include/linux/atomic/atomic-arch-fallback.h

[cgzones]

Running v6.10.9 built with LLVM 19 and LTO and CFI and UBSAN enabled produces the following signed integer overflow:

Sep 08 19:44:43 debianBullseye kernel: ------------[ cut here ]------------
Sep 08 19:44:43 debianBullseye kernel: UBSAN: signed-integer-overflow in /build/source-ro/include/linux/atomic/atomic-arch-fallback.h:4557:46
Sep 08 19:44:43 debianBullseye kernel: 9223372036854775807 + 1 cannot be represented in type 's64' (aka 'long long')
Sep 08 19:44:43 debianBullseye kernel: CPU: 4 PID: 0 Comm: swapper/4 Tainted: G                T  6.10.9-dhome #1
Sep 08 19:44:43 debianBullseye kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Sep 08 19:44:43 debianBullseye kernel: Call Trace:
Sep 08 19:44:43 debianBullseye kernel:  <IRQ>
Sep 08 19:44:43 debianBullseye kernel:  handle_overflow+0x158/0x200
Sep 08 19:44:43 debianBullseye kernel:  uncharge_folio+0xcb/0x5b0
Sep 08 19:44:43 debianBullseye kernel:  __folio_put+0x11e/0x180
Sep 08 19:44:43 debianBullseye kernel:  tlb_remove_table_rcu+0x55/0x110
Sep 08 19:44:43 debianBullseye kernel:  rcu_do_batch+0x275/0x900
Sep 08 19:44:43 debianBullseye kernel:  ? srso_alias_return_thunk+0x5/0xfbef5
Sep 08 19:44:43 debianBullseye kernel:  rcu_core+0x246/0x4f0
Sep 08 19:44:43 debianBullseye kernel:  ? srso_alias_return_thunk+0x5/0xfbef5
Sep 08 19:44:43 debianBullseye kernel:  handle_softirqs+0x121/0x3b0
Sep 08 19:44:43 debianBullseye kernel:  __irq_exit_rcu+0x73/0x1d0
Sep 08 19:44:43 debianBullseye kernel:  sysvec_apic_timer_interrupt+0x95/0xb0
Sep 08 19:44:43 debianBullseye kernel:  </IRQ>
Sep 08 19:44:43 debianBullseye kernel:  <TASK>
Sep 08 19:44:43 debianBullseye kernel:  asm_sysvec_apic_timer_interrupt+0x1a/0x20
Sep 08 19:44:43 debianBullseye kernel: RIP: 0010:pv_native_safe_halt+0x13/0x20
Sep 08 19:44:43 debianBullseye kernel: Code: 30 00 cc 0f 1f 40 00 b8 17 51 06 ac 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 23 18 7c 00 f3 0f 1e fa fb f4 <e9> 53 7d 30 00 cc 0f 1f 80 00 00 00 00 b8 50 d2 88 a7 90 90 90 90
Sep 08 19:44:43 debianBullseye kernel: RSP: 0018:ffffb510400dbeb0 EFLAGS: 00000202
Sep 08 19:44:43 debianBullseye kernel: RAX: 0000000000000004 RBX: 0000000000000004 RCX: 0000000080000001
Sep 08 19:44:43 debianBullseye kernel: RDX: 0000000000000004 RSI: ffffffffaaf235b6 RDI: ffffffffaada8299
Sep 08 19:44:43 debianBullseye kernel: RBP: 0000000000000000 R08: 00000001236b1b27 R09: ffffffffab155518
Sep 08 19:44:43 debianBullseye kernel: R10: 0000000000000000 R11: ffffffffa94e0460 R12: 0000000000000000
Sep 08 19:44:43 debianBullseye kernel: R13: ffff932200814080 R14: 0000000000000000 R15: ffffb510400dbeff
Sep 08 19:44:43 debianBullseye kernel:  ? __cfi_kvm_clock_get_cycles+0x10/0x10
Sep 08 19:44:43 debianBullseye kernel:  default_idle+0x9/0x20
Sep 08 19:44:43 debianBullseye kernel:  default_idle_call+0x3b/0x70
Sep 08 19:44:43 debianBullseye kernel:  do_idle+0x1e1/0x5f0
Sep 08 19:44:43 debianBullseye kernel:  cpu_startup_entry+0x35/0x40
Sep 08 19:44:43 debianBullseye kernel:  start_secondary+0xc6/0xe0
Sep 08 19:44:43 debianBullseye kernel:  common_startup_64+0x13e/0x150
Sep 08 19:44:43 debianBullseye kernel:  </TASK>
Sep 08 19:44:43 debianBullseye kernel: ---[ end trace ]---

[nathanchance]

cc @kees @JustinStitt

It is my understanding that the signed integer overflow sanitizer is not really ready for widespread consumption.

I think this one was solved with this series but there was resistance upstream: https://lore.kernel.org/20240424191225.work.780-kees@kernel.org/

[JustinStitt]

It is my understanding that the signed integer overflow sanitizer is not really ready for widespread consumption.

Right, it can be very noisy right now. We have compiler features coming that better help regulate this sanitizer for kernel use.

[cgzones]

So CONFIG_UBSAN_SIGNED_WRAP is not recommended with LLVM 19?
(LLVM 18 seemed fine.)

[JustinStitt]

So CONFIG_UBSAN_SIGNED_WRAP is not recommended with LLVM 19?
(LLVM 18 seemed fine.)

Clang 18 had some configuration differences with how -fwrapv and the signed overflow sanitizer interacted -- essentially disabling it.

llvm/llvm-project#82432