lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <18e6ef70-2fa3-3f70-0fcd-3eadef2cfceb@infradead.org>
Date:   Tue, 11 Jun 2019 20:17:20 -0700
From:   Randy Dunlap <rdunlap@...radead.org>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     "linux-next@...r.kernel.org" <linux-next@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Guenter Roeck <linux@...ck-us.net>,
        Jean Delvare <jdelvare@...e.com>
Subject: Re: linux-next 20190611: objtool warning

On 6/11/19 7:52 PM, Josh Poimboeuf wrote:
> On Tue, Jun 11, 2019 at 06:59:22PM -0700, Randy Dunlap wrote:
>> Hi,
>>
>> New warning AFAIK:
>>
>> drivers/hwmon/smsc47m1.o: warning: objtool: fan_div_store()+0x11f: sibling call from callable instruction with modified stack frame
> 
> I'm getting a different warning:
> 
>   drivers/hwmon/smsc47m1.o: warning: objtool: fan_div_store()+0xb6: can't find jump dest instruction at .text+0x93a
> 
> But I bet the root cause is the same.
> 
> This fixes it for me:
> 
> From: Josh Poimboeuf <jpoimboe@...hat.com>
> Subject: [PATCH] hwmon/smsc47m1: Fix objtool warning caused by undefined behavior
> 
> Objtool is reporting the following warning:
> 
>   drivers/hwmon/smsc47m1.o: warning: objtool: fan_div_store()+0xb6: can't find jump dest instruction at .text+0x93a
> 
> It's apparently caused by
> 
>   2cf6745e69d1 ("hwmon: (smsc47m1) fix (suspicious) outside array bounds warnings")
> 
> which is somehow convincing GCC to add a jump past the end of the
> function:
> 
>   793:   45 85 ed                test   %r13d,%r13d
>   796:   0f 88 9e 01 00 00       js     93a <fan_div_store+0x25a>
>   ...
>   930:   e9 5e fe ff ff          jmpq   793 <fan_div_store+0xb3>
>   935:   e8 00 00 00 00          callq  93a <fan_div_store+0x25a>
> 			936: R_X86_64_PLT32     __stack_chk_fail-0x4
>   <function end>
> 
> I suppose this falls under the category of undefined behavior, so we
> probably can't call it a GCC bug.  But if the value of "nr" were out of
> range somehow then it would start executing random code.  Use a runtime
> BUG() assertion to avoid undefined behavior.
> 
> Fixes: 2cf6745e69d1 ("hwmon: (smsc47m1) fix (suspicious) outside array bounds warnings")
> Reported-by: Randy Dunlap <rdunlap@...radead.org>
> Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>

Yes, that works for me.  Thanks.

Acked-by: Randy Dunlap <rdunlap@...radead.org>

> ---
>  drivers/hwmon/smsc47m1.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/hwmon/smsc47m1.c b/drivers/hwmon/smsc47m1.c
> index 6d366c9cb906..b637836b58a1 100644
> --- a/drivers/hwmon/smsc47m1.c
> +++ b/drivers/hwmon/smsc47m1.c
> @@ -352,7 +352,7 @@ static ssize_t fan_div_store(struct device *dev,
>  		smsc47m1_write_value(data, SMSC47M2_REG_FANDIV3, tmp);
>  		break;
>  	default:
> -		unreachable();
> +		BUG();
>  	}
>  
>  	/* Preserve fan min */
> 


-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ