lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 7 May 2018 10:34:00 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     netdev@...r.kernel.org
Subject: Fw: [Bug 199643] New: UBSAN: Undefined behaviour in
 ./include/net/route.h:240:2



Begin forwarded message:

Date: Mon, 07 May 2018 16:36:49 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2


https://bugzilla.kernel.org/show_bug.cgi?id=199643

            Bug ID: 199643
           Summary: UBSAN: Undefined behaviour in
                    ./include/net/route.h:240:2
           Product: Networking
           Version: 2.5
    Kernel Version: 4.16.7-CUSTOM
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
          Assignee: stephen@...workplumber.org
          Reporter: combuster@...hlinux.us
        Regression: No

After recompiling the 4.16.7 kernel with gcc 8.1, UBSAN reports the following:

[   26.312176]
================================================================================
[   26.312179] UBSAN: Undefined behaviour in ./include/net/route.h:240:2
[   26.312180] member access within null pointer of type 'struct rtable'
[   26.312183] CPU: 2 PID: 311 Comm: sd-resolve Not tainted 4.16.7-CUSTOM #1
[   26.312185] Hardware name: Gigabyte Technology Co., Ltd.
H67MA-UD2H-B3/H67MA-UD2H-B3, BIOS F8 03/27/2012
[   26.312186] Call Trace:
[   26.312188]  <IRQ>
[   26.312194]  dump_stack+0x62/0x9f
[   26.312199]  ubsan_epilogue+0x9/0x35
[   26.312201]  handle_null_ptr_deref+0x80/0x90
[   26.312204]  __ubsan_handle_type_mismatch_v1+0x6a/0x80
[   26.312208]  icmp_send+0xbb0/0xd90
[   26.312218]  __udp4_lib_rcv+0x760/0x1440
[   26.312223]  ? lock_acquire+0x69/0x100
[   26.312226]  ? ip_local_deliver_finish+0x62/0x4a0
[   26.312229]  ip_local_deliver_finish+0xf3/0x4a0
[   26.312233]  ip_local_deliver+0xa6/0x240
[   26.312237]  ip_rcv+0x33e/0x660
[   26.312241]  ? ip_local_deliver+0x240/0x240
[   26.312246]  __netif_receive_skb_core+0xaef/0x1bb0
[   26.312254]  ? process_backlog+0xcd/0x370
[   26.312256]  ? process_backlog+0xfd/0x370
[   26.312258]  process_backlog+0xfd/0x370
[   26.312260]  ? process_backlog+0xcd/0x370
[   26.312264]  net_rx_action+0x3cb/0xe40
[   26.312270]  ? __do_softirq+0x119/0x376
[   26.312275]  ? do_softirq_own_stack+0x2a/0x40
[   26.312276]  </IRQ>
[   26.312280]  ? do_softirq.part.1+0x21/0x30
[   26.312282]  ? __local_bh_enable_ip+0x4f/0x60
[   26.312284]  ? ip_finish_output2+0x3af/0x720
[   26.312288]  ? ip_output+0xdc/0x270
[   26.312290]  ? ip_output+0xdc/0x270
[   26.312295]  ? ip_send_skb+0x1c/0x80
[   26.312297]  ? udp_send_skb+0x1bf/0x480
[   26.312301]  ? udp_sendmsg+0xbb7/0x1020
[   26.312304]  ? ip_reply_glue_bits+0x60/0x60
[   26.312308]  ? rw_copy_check_uvector+0x5d/0x210
[   26.312316]  ? sock_sendmsg+0x49/0xb0
[   26.312319]  ? ___sys_sendmsg+0x194/0x3b0
[   26.312323]  ? __fget+0x125/0x290
[   26.312330]  ? __sys_sendmmsg+0xdd/0x180
[   26.312337]  ? SyS_sendmmsg+0x5/0x10
[   26.312340]  ? do_syscall_64+0xad/0x5cc
[   26.312345]  ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   26.312349]
================================================================================
[   26.312358]
================================================================================
[   26.312359] UBSAN: Undefined behaviour in ./include/net/route.h:240:2
[   26.312360] member access within null pointer of type 'struct rtable'
[   26.312362] CPU: 2 PID: 311 Comm: sd-resolve Not tainted 4.16.7-CUSTOM #1
[   26.312363] Hardware name: Gigabyte Technology Co., Ltd.
H67MA-UD2H-B3/H67MA-UD2H-B3, BIOS F8 03/27/2012
[   26.312364] Call Trace:
[   26.312367]  dump_stack+0x62/0x9f
[   26.312370]  ubsan_epilogue+0x9/0x35
[   26.312372]  handle_null_ptr_deref+0x80/0x90
[   26.312375]  __ubsan_handle_type_mismatch_v1+0x6a/0x80
[   26.312378]  udp_sendmsg+0xc37/0x1020
[   26.312382]  ? ip_reply_glue_bits+0x60/0x60
[   26.312384]  ? rw_copy_check_uvector+0x5d/0x210
[   26.312391]  sock_sendmsg+0x49/0xb0
[   26.312394]  ___sys_sendmsg+0x194/0x3b0
[   26.312398]  ? __fget+0x125/0x290
[   26.312405]  __sys_sendmmsg+0xdd/0x180
[   26.312413]  SyS_sendmmsg+0x5/0x10
[   26.312415]  do_syscall_64+0xad/0x5cc
[   26.312420]  ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   26.312424]
================================================================================
[  206.391361]
================================================================================
[  206.391370] UBSAN: Undefined behaviour in ./include/net/route.h:240:2
[  206.391372] member access within null pointer of type 'struct rtable'
[  206.391376] CPU: 0 PID: 624 Comm: CompositorTileW Not tainted 4.16.7-CUSTOM
#1
[  206.391378] Hardware name: Gigabyte Technology Co., Ltd.
H67MA-UD2H-B3/H67MA-UD2H-B3, BIOS F8 03/27/2012
[  206.391381] Call Trace:
[  206.391386]  <IRQ>
[  206.391398]  dump_stack+0x62/0x9f
[  206.391405]  ubsan_epilogue+0x9/0x35
[  206.391409]  handle_null_ptr_deref+0x80/0x90
[  206.391412]  __ubsan_handle_type_mismatch_v1+0x6a/0x80
[  206.391419]  ip_send_unicast_reply+0x626/0x691
[  206.391429]  tcp_v4_send_reset+0x50f/0x990
[  206.391433]  ? inet_csk_destroy_sock+0xbe/0x180
[  206.391439]  ? tcp_v4_do_rcv+0x21a/0x2d0
[  206.391442]  tcp_v4_do_rcv+0x21a/0x2d0
[  206.391447]  ? _raw_spin_lock_nested+0x37/0x60
[  206.391450]  tcp_v4_rcv+0xd2f/0x1420
[  206.391457]  ? lock_acquire+0x69/0x100
[  206.391460]  ? ip_local_deliver_finish+0x62/0x4a0
[  206.391464]  ? ip_local_deliver_finish+0xf3/0x4a0
[  206.391468]  ? ip_local_deliver+0xa6/0x240
[  206.391472]  ? inet_add_protocol.cold.0+0x23/0x23
[  206.391475]  ? ip_rcv+0x33e/0x660
[  206.391479]  ? __local_bh_enable_ip+0x2e/0x60
[  206.391482]  ? ip_local_deliver_finish+0x4a0/0x4a0
[  206.391485]  ? ip_local_deliver+0x240/0x240
[  206.391492]  ? __netif_receive_skb_core+0xaef/0x1bb0
[  206.391495]  ? match_held_lock+0x1f0/0x280
[  206.391502]  ? netif_receive_skb_internal+0x7b/0x2b0
[  206.391505]  ? netif_receive_skb_internal+0x7b/0x2b0
[  206.391509]  ? napi_gro_receive+0x5d/0xe0
[  206.391519]  ? rtl8169_poll+0x224/0x880 [r8169]
[  206.391524]  ? net_rx_action+0x3cb/0xe40
[  206.391530]  ? __do_softirq+0x119/0x376
[  206.391535]  ? handle_irq+0x17e/0x31e
[  206.391538]  ? irq_exit+0x81/0xb0
[  206.391541]  ? do_IRQ+0x9f/0x140
[  206.391545]  ? common_interrupt+0xf/0xf
[  206.391547]  </IRQ>
[  206.391551]
================================================================================

UBSAN reported nothing when the same kernel was compiled with gcc 7.3.1 from
Arch Linux repositories.

I saw the comment about dst_release but, if this is the intended behaviour, how
can we stop UBSAN from kicking in?

-- 
You are receiving this mail because:
You are the assignee for the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ