lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202404151110.8D4AD8E@keescook>
Date: Mon, 15 Apr 2024 11:15:05 -0700
From: Kees Cook <keescook@...omium.org>
To: Nathan Chancellor <nathan@...nel.org>
Cc: gustavoars@...nel.org, justinstitt@...gle.com,
	linux-hardening@...r.kernel.org, patches@...ts.linux.dev
Subject: Re: [PATCH 0/2] configs/hardening: Some fixes for UBSAN

On Thu, Apr 11, 2024 at 11:11:05AM -0700, Nathan Chancellor wrote:
>   [    0.189542] Internal error: UBSAN: unrecognized failure code: 00000000f2005515 [#1] PREEMPT SMP

Oops! Yes, I didn't update the (arm64) trap handler to notice integer
overflows. I think I need something like:

diff --git a/lib/ubsan.c b/lib/ubsan.c
index 5fc107f61934..a2fb19f75825 100644
--- a/lib/ubsan.c
+++ b/lib/ubsan.c
@@ -77,6 +77,14 @@ const char *report_ubsan_failure(struct pt_regs *regs, u32 check_type)
 		return "UBSAN: alignment assumption";
 	case ubsan_type_mismatch:
 		return "UBSAN: type mismatch";
+#endif
+#ifdef CONFIG_UBSAN_SIGNED_INTEGER_WRAP
+	case ubsan_add_overflow:
+		return "UBSAN: integer addition overflow";
+	case ubsan_sub_overflow:
+		return "UBSAN: integer subtraction overflow";
+	case ubsan_mul_overflow:
+		return "UBSAN: integer multiplication overflow";
 #endif
 	default:
 		return "UBSAN: unrecognized failure code";

>   [    0.198326] Call trace:
>   [    0.198544]  cancel_delayed_work+0x54/0x94
>   [    0.198810]  deferred_probe_extend_timeout+0x20/0x6c
>   [    0.198988]  driver_register+0xa8/0x10c
>   [    0.199122]  __platform_driver_register+0x28/0x38
>   [    0.199258]  tegra194_cbb_init+0x24/0x34

Justin, does this trace match anything you found running syzkaller
against SIO? (I assume not -- this seems to be a tegra code path...)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ