From: feng.zhou Date: Mon, 2 Feb 2026 09:41:40 +0000 (+0800) Subject: printk: Fix _DESCS_COUNT type for 64-bit systems X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9095f233c0258e9a05e958c7d822eb38681e7a5a;p=thirdparty%2Flinux.git printk: Fix _DESCS_COUNT type for 64-bit systems The _DESCS_COUNT macro currently uses 1U (32-bit unsigned) instead of 1UL (unsigned long), which breaks the intended overflow testing design on 64-bit systems. Problem Analysis: ---------------- The printk_ringbuffer uses a deliberate design choice to initialize descriptor IDs near the maximum 62-bit value to trigger overflow early in the system's lifetime. This is documented in printk_ringbuffer.h: "initial values are chosen that map to the correct initial array indexes, but will result in overflows soon." The DESC0_ID macro calculates: DESC0_ID(ct_bits) = DESC_ID(-(_DESCS_COUNT(ct_bits) + 1)) On 64-bit systems with typical configuration (descbits=16): - Current buggy behavior: DESC0_ID = 0xfffeffff - Expected behavior: DESC0_ID = 0x3ffffffffffeffff The buggy version only uses 32 bits, which means: 1. The initial ID is nowhere near 2^62 2. It would take ~140 trillion wraps to trigger 62-bit overflow 3. The overflow handling code is never tested in practice Root Cause: ---------- The issue is in this line: #define _DESCS_COUNT(ct_bits) (1U << (ct_bits)) When _DESCS_COUNT(16) is calculated: 1U << 16 = 0x10000 (32-bit value) -(0x10000 + 1) = -0x10001 = 0xFFFEFFFF (32-bit two's complement) On 64-bit systems, this 32-bit value doesn't get extended to create the intended 62-bit ID near the maximum value. Impact: ------ While index calculations still work correctly in the short term, this bug has several implications: 1. Violates the design intention documented in the code 2. Overflow handling code paths remain untested 3. ABA detection code doesn't get exercised under overflow conditions 4. In extreme long-term running scenarios (though unlikely), could potentially cause issues when ID actually reaches 2^62 Verification: ------------ Tested on ARM64 system with CONFIG_LOG_BUF_SHIFT=20 (descbits=15): - Before fix: DESC0_ID(16) = 0xfffeffff - After fix: DESC0_ID(16) = 0x3fffffffffff7fff The fix aligns _DESCS_COUNT with _DATA_SIZE, which already correctly uses 1UL: #define _DATA_SIZE(sz_bits) (1UL << (sz_bits)) Signed-off-by: feng.zhou Reviewed-by: Petr Mladek Tested-by: Petr Mladek Link: https://patch.msgid.link/20260202094140.9518-1-realsummitzhou@gmail.com Signed-off-by: Petr Mladek --- diff --git a/kernel/printk/printk_ringbuffer.h b/kernel/printk/printk_ringbuffer.h index 4ef81349d9fbe..4f49497006762 100644 --- a/kernel/printk/printk_ringbuffer.h +++ b/kernel/printk/printk_ringbuffer.h @@ -122,7 +122,7 @@ enum desc_state { }; #define _DATA_SIZE(sz_bits) (1UL << (sz_bits)) -#define _DESCS_COUNT(ct_bits) (1U << (ct_bits)) +#define _DESCS_COUNT(ct_bits) (1UL << (ct_bits)) #define DESC_SV_BITS BITS_PER_LONG #define DESC_FLAGS_SHIFT (DESC_SV_BITS - 2) #define DESC_FLAGS_MASK (3UL << DESC_FLAGS_SHIFT)