lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 20 Oct 2014 08:49:29 -0400
From:	Theodore Ts'o <>
To:	Andrey Ryabinin <>
Cc:	Andrew Morton <>,
	Thomas Gleixner <>,
	Ingo Molnar <>,
	"H. Peter Anvin" <>,
	Peter Zijlstra <>,
	Michal Marek <>,
	Sasha Levin <>,,,,
	Andreas Dilger <>,
	Dmitry Vyukov <>,
	Konstantin Khlebnikov <>
Subject: Re: drivers: random: Shift out-of-bounds in _mix_pool_bytes

On Mon, Oct 20, 2014 at 03:03:22PM +0400, Andrey Ryabinin wrote:
> Hi, Theodore.
> I've got this while booting kernel with ubsan:
>     [    0.000000] ================================================================================
>     [    0.000000] UBSan: Undefined behaviour in ../include/linux/bitops.h:107:33
>     [    0.000000] shift exponent 32 is to large for 32-bit type 'unsigned int'
>     [    0.000000] _mix_pool_bytes (/home/andrew/linux/ubsan_x86//include/linux/bitopsh:107 /home/andrew/linux/ubsan_x86//drivers/char/randomc:509)

So this doesn't make any sense to me.   This is triggering here:

	w = rol32(*bytes++, input_rotate);

.... but input_rotate should never be >= 32, since it is set this way:

	input_rotate = (input_rotate + (i ? 7 : 14)) & 31;

Just to be sure I've tried adding a:

	WARN_ON(input_rotate >= 32);

before the rol32 line, and it's not triggering for me after booting
under kvm using an i386 kernel.

Is this something you can reliably reproduce?  Can you try putting a
WARN_ON before the rol32() on a kernel w/o usbsan, just to make sure
this isn't some kind of false positive?  And then can you tell me
something more about the .config you are using to build your test kernel?


						- Ted
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists