Hi, Compiling the kernel with option KUBSAN finds undefined behavior. Here are some easy fixes that shift signed values too far.
kubsan: arch/amd64/amd64/identcpu.c:882:17: shift: left shift of negative value -1 kubsan: kern/kern_descrip.c:159:30: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: kern/kern_descrip.c:170:26: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: kern/kern_descrip.c:189:28: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: kern/kern_sched.c:265:25: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: kern/kern_sched.c:289:27: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: kern/subr_pool.c:964:7: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: netinet/in_pcb.c:200:11: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: netinet/ip_esp.c:1005:13: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: kern/kern_descrip.c:159:30: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: kern/kern_descrip.c:189:28: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: net/rtsock.c:1429:31: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: netinet/in_pcb.c:200:11: shift: left shift of 1 by 31 places cannot be represented in type 'int' kubsan: netinet/in_pcb.c:207:11: shift: left shift of 1 by 31 places cannot be represented in type 'int' ok? bluhm Index: arch/amd64/amd64/identcpu.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/identcpu.c,v retrieving revision 1.121 diff -u -p -r1.121 identcpu.c --- arch/amd64/amd64/identcpu.c 2 Nov 2021 23:30:15 -0000 1.121 +++ arch/amd64/amd64/identcpu.c 19 Jan 2022 22:48:46 -0000 @@ -854,7 +854,7 @@ cpu_topology(struct cpu_info *ci) ci->ci_pkg_id = apicid >> core_bits; /* Get rid of the package bits */ - core_mask = (1 << core_bits) - 1; + core_mask = (1U << core_bits) - 1; thread_id = apicid & core_mask; /* Cut logical thread_id into core id, and smt id in a core */ @@ -872,14 +872,14 @@ cpu_topology(struct cpu_info *ci) max_coreid = ((eax >> 26) & 0x3f) + 1; /* SMT */ smt_bits = mask_width(max_apicid / max_coreid); - smt_mask = (1 << smt_bits) - 1; + smt_mask = (1U << smt_bits) - 1; /* Core */ core_bits = log2(max_coreid); - core_mask = (1 << (core_bits + smt_bits)) - 1; + core_mask = (1U << (core_bits + smt_bits)) - 1; core_mask ^= smt_mask; /* Pkg */ pkg_bits = core_bits + smt_bits; - pkg_mask = -1 << core_bits; + pkg_mask = ~0U << core_bits; ci->ci_smt_id = apicid & smt_mask; ci->ci_core_id = (apicid & core_mask) >> smt_bits; Index: kern/kern_descrip.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/kern/kern_descrip.c,v retrieving revision 1.204 diff -u -p -r1.204 kern_descrip.c --- kern/kern_descrip.c 25 Oct 2021 10:24:54 -0000 1.204 +++ kern/kern_descrip.c 19 Jan 2022 22:48:46 -0000 @@ -156,7 +156,7 @@ fd_inuse(struct filedesc *fdp, int fd) { u_int off = fd >> NDENTRYSHIFT; - if (fdp->fd_lomap[off] & (1 << (fd & NDENTRYMASK))) + if (fdp->fd_lomap[off] & (1U << (fd & NDENTRYMASK))) return 1; return 0; @@ -167,9 +167,9 @@ fd_used(struct filedesc *fdp, int fd) { u_int off = fd >> NDENTRYSHIFT; - fdp->fd_lomap[off] |= 1 << (fd & NDENTRYMASK); + fdp->fd_lomap[off] |= 1U << (fd & NDENTRYMASK); if (fdp->fd_lomap[off] == ~0) - fdp->fd_himap[off >> NDENTRYSHIFT] |= 1 << (off & NDENTRYMASK); + fdp->fd_himap[off >> NDENTRYSHIFT] |= 1U << (off & NDENTRYMASK); if (fd > fdp->fd_lastfile) fdp->fd_lastfile = fd; @@ -185,8 +185,8 @@ fd_unused(struct filedesc *fdp, int fd) fdp->fd_freefile = fd; if (fdp->fd_lomap[off] == ~0) - fdp->fd_himap[off >> NDENTRYSHIFT] &= ~(1 << (off & NDENTRYMASK)); - fdp->fd_lomap[off] &= ~(1 << (fd & NDENTRYMASK)); + fdp->fd_himap[off >> NDENTRYSHIFT] &= ~(1U << (off & NDENTRYMASK)); + fdp->fd_lomap[off] &= ~(1U << (fd & NDENTRYMASK)); #ifdef DIAGNOSTIC if (fd > fdp->fd_lastfile) Index: kern/kern_sched.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/kern/kern_sched.c,v retrieving revision 1.73 diff -u -p -r1.73 kern_sched.c --- kern/kern_sched.c 9 Sep 2021 18:41:39 -0000 1.73 +++ kern/kern_sched.c 19 Jan 2022 22:48:46 -0000 @@ -262,7 +262,7 @@ setrunqueue(struct cpu_info *ci, struct p->p_p->ps_pid); TAILQ_INSERT_TAIL(&spc->spc_qs[queue], p, p_runq); - spc->spc_whichqs |= (1 << queue); + spc->spc_whichqs |= (1U << queue); cpuset_add(&sched_queued_cpus, p->p_cpu); if (cpuset_isset(&sched_idle_cpus, p->p_cpu)) @@ -286,7 +286,7 @@ remrunqueue(struct proc *p) TAILQ_REMOVE(&spc->spc_qs[queue], p, p_runq); if (TAILQ_EMPTY(&spc->spc_qs[queue])) { - spc->spc_whichqs &= ~(1 << queue); + spc->spc_whichqs &= ~(1U << queue); if (spc->spc_whichqs == 0) cpuset_del(&sched_queued_cpus, p->p_cpu); } @@ -757,21 +757,21 @@ void cpuset_add(struct cpuset *cs, struct cpu_info *ci) { unsigned int num = CPU_INFO_UNIT(ci); - atomic_setbits_int(&cs->cs_set[num/32], (1 << (num % 32))); + atomic_setbits_int(&cs->cs_set[num/32], (1U << (num % 32))); } void cpuset_del(struct cpuset *cs, struct cpu_info *ci) { unsigned int num = CPU_INFO_UNIT(ci); - atomic_clearbits_int(&cs->cs_set[num/32], (1 << (num % 32))); + atomic_clearbits_int(&cs->cs_set[num/32], (1U << (num % 32))); } int cpuset_isset(struct cpuset *cs, struct cpu_info *ci) { unsigned int num = CPU_INFO_UNIT(ci); - return (cs->cs_set[num/32] & (1 << (num % 32))); + return (cs->cs_set[num/32] & (1U << (num % 32))); } void Index: kern/subr_pool.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/kern/subr_pool.c,v retrieving revision 1.234 diff -u -p -r1.234 subr_pool.c --- kern/subr_pool.c 15 Jun 2021 05:24:46 -0000 1.234 +++ kern/subr_pool.c 19 Jan 2022 22:48:46 -0000 @@ -961,7 +961,7 @@ pool_p_alloc(struct pool *pp, int flags, order = arc4random(); o = 0; } - if (ISSET(order, 1 << o++)) + if (ISSET(order, 1U << o++)) XSIMPLEQ_INSERT_TAIL(&ph->ph_items, pi, pi_list); else XSIMPLEQ_INSERT_HEAD(&ph->ph_items, pi, pi_list); Index: net/rtsock.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/net/rtsock.c,v retrieving revision 1.323 diff -u -p -r1.323 rtsock.c --- net/rtsock.c 16 Dec 2021 09:33:56 -0000 1.323 +++ net/rtsock.c 19 Jan 2022 22:48:46 -0000 @@ -538,7 +538,7 @@ route_input(struct mbuf *m0, struct sock /* but RTM_DESYNC can't be filtered */ if (rtm->rtm_type != RTM_DESYNC) { if (rop->rop_msgfilter != 0 && - !(rop->rop_msgfilter & (1 << rtm->rtm_type))) + !(rop->rop_msgfilter & (1U << rtm->rtm_type))) goto next; if (ISSET(rop->rop_flagfilter, rtm->rtm_flags)) goto next; @@ -1426,7 +1426,7 @@ rtm_xaddrs(caddr_t cp, caddr_t cplim, st */ bzero(rtinfo->rti_info, sizeof(rtinfo->rti_info)); for (i = 0; i < sizeof(rtinfo->rti_addrs) * 8; i++) { - if ((rtinfo->rti_addrs & (1 << i)) == 0) + if ((rtinfo->rti_addrs & (1U << i)) == 0) continue; if (i >= RTAX_MAX || cp + sizeof(socklen_t) > cplim) return (EINVAL); @@ -1605,7 +1605,7 @@ rtm_msg1(int type, struct rt_addrinfo *r for (i = 0; i < RTAX_MAX; i++) { if (rtinfo == NULL || (sa = rtinfo->rti_info[i]) == NULL) continue; - rtinfo->rti_addrs |= (1 << i); + rtinfo->rti_addrs |= (1U << i); dlen = ROUNDUP(sa->sa_len); if (m_copyback(m, len, dlen, sa, M_NOWAIT)) { m_freem(m); @@ -1650,7 +1650,7 @@ again: if ((sa = rtinfo->rti_info[i]) == NULL) continue; - rtinfo->rti_addrs |= (1 << i); + rtinfo->rti_addrs |= (1U << i); dlen = ROUNDUP(sa->sa_len); if (cp) { bcopy(sa, cp, (size_t)dlen); Index: netinet/in_pcb.h =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/in_pcb.h,v retrieving revision 1.121 diff -u -p -r1.121 in_pcb.h --- netinet/in_pcb.h 25 Jan 2021 03:40:46 -0000 1.121 +++ netinet/in_pcb.h 19 Jan 2022 22:48:46 -0000 @@ -226,9 +226,9 @@ struct inpcbtable { /* macros for handling bitmap of ports not to allocate dynamically */ #define DP_MAPBITS (sizeof(u_int32_t) * NBBY) #define DP_MAPSIZE (howmany(65536, DP_MAPBITS)) -#define DP_SET(m, p) ((m)[(p) / DP_MAPBITS] |= (1 << ((p) % DP_MAPBITS))) -#define DP_CLR(m, p) ((m)[(p) / DP_MAPBITS] &= ~(1 << ((p) % DP_MAPBITS))) -#define DP_ISSET(m, p) ((m)[(p) / DP_MAPBITS] & (1 << ((p) % DP_MAPBITS))) +#define DP_SET(m, p) ((m)[(p) / DP_MAPBITS] |= (1U << ((p) % DP_MAPBITS))) +#define DP_CLR(m, p) ((m)[(p) / DP_MAPBITS] &= ~(1U << ((p) % DP_MAPBITS))) +#define DP_ISSET(m, p) ((m)[(p) / DP_MAPBITS] & (1U << ((p) % DP_MAPBITS))) /* default values for baddynamicports [see ip_init()] */ #define DEFBADDYNAMICPORTS_TCP { \ Index: netinet/ip_esp.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_esp.c,v retrieving revision 1.193 diff -u -p -r1.193 ip_esp.c --- netinet/ip_esp.c 23 Dec 2021 22:35:11 -0000 1.193 +++ netinet/ip_esp.c 19 Jan 2022 22:48:46 -0000 @@ -1002,7 +1002,7 @@ checkreplaywindow(struct tdb *tdb, u_int wl = tl - window + 1; idx = (seq % TDB_REPLAYMAX) / 32; - packet = 1 << (31 - (seq & 31)); + packet = 1U << (31 - (seq & 31)); /* * We keep the high part intact when: