| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Dec 2015 18:48:28 +0300
From: Andrey Ryabinin <aryabinin@...tuozzo.com>
To: Andrew Morton <akpm@...ux-foundation.org>
CC: <linux-kernel@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
Sasha Levin <sasha.levin@...cle.com>,
Randy Dunlap <rdunlap@...radead.org>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Jonathan Corbet <corbet@....net>,
Michal Marek <mmarek@...e.cz>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
Yury Gribov <y.gribov@...sung.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Konstantin Khlebnikov <koct9i@...il.com>,
Kostya Serebryany <kcc@...gle.com>, <x86@...nel.org>,
<linux-doc@...r.kernel.org>, <linux-kbuild@...r.kernel.org>
Subject: Re: [PATCH v4 0/3] UBSAN: run-time undefined behavior sanity checker
On 12/05/2015 03:37 AM, Andrew Morton wrote:
> On Thu, 3 Dec 2015 18:50:04 +0300 Andrey Ryabinin <aryabinin@...tuozzo.com> wrote:
>
>> UBSAN is run-time undefined behaviour checker. It uses compile-time
>> instrumentation to catch undefined behavior (UB). Compiler inserts code
>> that perform certain kinds of checks before operations that could cause UB.
>> If check fails (i.e. UB detected) __ubsan_handle_* function called to print error message.
>
> What I'd like to see in this changelog is a description of any kernel
> issues which this checker has already identified: what were they and
> what was their potential impact at runtime.
>
> This info will help us to understand the value of the proposed feature.
>
It's hard for me to judge about runtime impact of those bugs,
as don't know much about what that bugged code is doing.
Frankly speaking, nothing looks too scary for me, although some bugs would
be hard to find without UBSAN.
Found bugs:
* out-of-bounds access - 97840cb67ff5 ("netfilter: nfnetlink: fix insufficient validation in nfnetlink_bind")
undefined shifts:
* d48458d4a768 ("jbd2: use a better hash function for the revoke table")
* 10632008b9e1 ("clockevents: Prevent shift out of bounds")
* 'x << -1' shift in ext4 - http://lkml.kernel.org/r/<5444EF21.8020501@...sung.com>
* undefined rol32(0) - http://lkml.kernel.org/r/<1449198241-20654-1-git-send-email-sasha.levin@...cle.com>
* undefined dirty_ratelimit calculation - http://lkml.kernel.org/r/<566594E2.3050306@...n.com>
* undefined roundown_pow_of_two(0) - http://lkml.kernel.org/r/<1449156616-11474-1-git-send-email-sasha.levin@...cle.com>
* [WONTFIX] undefined shift in __bpf_prog_run - http://lkml.kernel.org/r/<CACT4Y+ZxoR3UjLgcNdUm4fECLMx2VdtfrENMtRRCdgHB2n0bJA@...l.gmail.com>
WONTFIX here because it should be fixed in bpf program, not in kernel.
signed overflows:
* 32a8df4e0b33f ("sched: Fix odd values in effective_load() calculations")
* mul overflow in ntp - http://lkml.kernel.org/r/<1449175608-1146-1-git-send-email-sasha.levin@...cle.com>
* incorrect conversion into rtc_time in rtc_time64_to_tm() - http://lkml.kernel.org/r/<1449187944-11730-1-git-send-email-sasha.levin@...cle.com>
* unvalidated timespec in io_getevents() - http://lkml.kernel.org/r/<CACT4Y+bBxVYLQ6LtOKrKtnLthqLHcw-BMp3aqP3mjdAvr9FULQ@...l.gmail.com>
* [NOTABUG] signed overflow in ktime_add_safe() - http://lkml.kernel.org/r/<CACT4Y+aJ4muRnWxsUe1CMnA6P8nooO33kwG-c8YZg=0Xc8rJqw@...l.gmail.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists