[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202404151110.8D4AD8E@keescook>
Date: Mon, 15 Apr 2024 11:15:05 -0700
From: Kees Cook <keescook@...omium.org>
To: Nathan Chancellor <nathan@...nel.org>
Cc: gustavoars@...nel.org, justinstitt@...gle.com,
linux-hardening@...r.kernel.org, patches@...ts.linux.dev
Subject: Re: [PATCH 0/2] configs/hardening: Some fixes for UBSAN
On Thu, Apr 11, 2024 at 11:11:05AM -0700, Nathan Chancellor wrote:
> [ 0.189542] Internal error: UBSAN: unrecognized failure code: 00000000f2005515 [#1] PREEMPT SMP
Oops! Yes, I didn't update the (arm64) trap handler to notice integer
overflows. I think I need something like:
diff --git a/lib/ubsan.c b/lib/ubsan.c
index 5fc107f61934..a2fb19f75825 100644
--- a/lib/ubsan.c
+++ b/lib/ubsan.c
@@ -77,6 +77,14 @@ const char *report_ubsan_failure(struct pt_regs *regs, u32 check_type)
return "UBSAN: alignment assumption";
case ubsan_type_mismatch:
return "UBSAN: type mismatch";
+#endif
+#ifdef CONFIG_UBSAN_SIGNED_INTEGER_WRAP
+ case ubsan_add_overflow:
+ return "UBSAN: integer addition overflow";
+ case ubsan_sub_overflow:
+ return "UBSAN: integer subtraction overflow";
+ case ubsan_mul_overflow:
+ return "UBSAN: integer multiplication overflow";
#endif
default:
return "UBSAN: unrecognized failure code";
> [ 0.198326] Call trace:
> [ 0.198544] cancel_delayed_work+0x54/0x94
> [ 0.198810] deferred_probe_extend_timeout+0x20/0x6c
> [ 0.198988] driver_register+0xa8/0x10c
> [ 0.199122] __platform_driver_register+0x28/0x38
> [ 0.199258] tegra194_cbb_init+0x24/0x34
Justin, does this trace match anything you found running syzkaller
against SIO? (I assume not -- this seems to be a tegra code path...)
--
Kees Cook
Powered by blists - more mailing lists