lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20170616134802.GH20222@alitoo>
Date:   Fri, 16 Jun 2017 22:48:02 +0900
From:   Alice Ferrazzi <alicef@...too.org>
To:     tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
        x86@...nel.org, broonie@...nel.org, linux-kernel@...r.kernel.org
Subject: [RFC] ubsan: signed integer overflow in atomc.h atomic_add_return

A Gentoo user reported a UBSAN signed integer overflow in atomic_add_return.

/**
 * atomic_add_return - add integer and return
 * @i: integer value to add
 * @v: pointer of type atomic_t
 *
 * Atomically adds @i to @v and returns @i + @v
 */
static __always_inline int atomic_add_return(int i, atomic_t *v)
{
	return i + xadd(&v->counter, i);
}

shall we change something?

================================================================================
kernel: UBSAN: Undefined behaviour in ./arch/x86/include/asm/atomic.h:156:2
kernel: signed integer overflow:
kernel: 2147483647 + 1 cannot be represented in type 'int'
kernel: CPU: 1 PID: 37 Comm: kswapd0 Tainted: P        W  O
4.9.25-gentoo #4
kernel: Hardware name: XXXXXX, BIOS YYYYYY
kernel: ec38fc0c d1f444f2 00000007 ec38fc3c 00000001 ec38fc1c d1fc8ffe
ec38fc1c
kernel: d2b1146c ec38fca0 d1fc934b d28b15c0 ec38fc40 0000002b ec38fc68
d2b1146c
kernel: 0000002b 00000002 37343132 36333834 00003734 c2f91260 00000025
ec38fc74
kernel: Call Trace:
kernel: [<d1f444f2>] dump_stack+0x59/0x87
kernel: [<d1fc8ffe>] ubsan_epilogue+0xe/0x40
kernel: [<d1fc934b>] handle_overflow+0xbb/0xf0
kernel: [<d1f50884>] ? radix_tree_clear_tags+0x34/0xa0
kernel: [<d189e464>] ? __delete_from_page_cache+0x464/0x9c0
kernel: [<d1fc9392>] __ubsan_handle_add_overflow+0x12/0x20
kernel: [<d18fd266>] workingset_eviction+0xe6/0x120
kernel: [<d18c869b>] __remove_mapping+0x1bb/0x390
kernel: [<d18cb786>] shrink_page_list+0x3a6/0x14d0
kernel: [<d18cd7fa>] shrink_inactive_list+0x2aa/0x8f0
kernel: [<d18ceb62>] shrink_node_memcg+0x742/0xd70
kernel: [<d18cf282>] shrink_node+0xf2/0x7c0
kernel: [<d18d12f2>] kswapd+0x362/0xb00
kernel: [<d18d0f90>] ? mem_cgroup_shrink_node+0x210/0x210
kernel: [<d16dca33>] kthread+0xe3/0x170
kernel: [<d26590e8>] ? _raw_spin_unlock_irq+0x8/0x10
kernel: [<d18d0f90>] ? mem_cgroup_shrink_node+0x210/0x210
kernel: [<d16dc950>] ? kthread_park+0x50/0x50
kernel: [<d2659383>] ret_from_fork+0x1b/0x28
kernel:
================================================================================

Thanks,
Alice

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ