lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 11 Jun 2019 22:09:47 -0700
From:   Guenter Roeck <linux@...ck-us.net>
To:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Randy Dunlap <rdunlap@...radead.org>
Cc:     "linux-next@...r.kernel.org" <linux-next@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Jean Delvare <jdelvare@...e.com>
Subject: Re: linux-next 20190611: objtool warning

On 6/11/19 7:52 PM, Josh Poimboeuf wrote:
> On Tue, Jun 11, 2019 at 06:59:22PM -0700, Randy Dunlap wrote:
>> Hi,
>>
>> New warning AFAIK:
>>
>> drivers/hwmon/smsc47m1.o: warning: objtool: fan_div_store()+0x11f: sibling call from callable instruction with modified stack frame
> 
> I'm getting a different warning:
> 
>    drivers/hwmon/smsc47m1.o: warning: objtool: fan_div_store()+0xb6: can't find jump dest instruction at .text+0x93a
> 
> But I bet the root cause is the same.
> 
> This fixes it for me:
> 
> From: Josh Poimboeuf <jpoimboe@...hat.com>
> Subject: [PATCH] hwmon/smsc47m1: Fix objtool warning caused by undefined behavior
> 
> Objtool is reporting the following warning:
> 
>    drivers/hwmon/smsc47m1.o: warning: objtool: fan_div_store()+0xb6: can't find jump dest instruction at .text+0x93a
> 
> It's apparently caused by
> 
>    2cf6745e69d1 ("hwmon: (smsc47m1) fix (suspicious) outside array bounds warnings")
> 
> which is somehow convincing GCC to add a jump past the end of the
> function:
> 
>    793:   45 85 ed                test   %r13d,%r13d
>    796:   0f 88 9e 01 00 00       js     93a <fan_div_store+0x25a>
>    ...
>    930:   e9 5e fe ff ff          jmpq   793 <fan_div_store+0xb3>
>    935:   e8 00 00 00 00          callq  93a <fan_div_store+0x25a>
> 			936: R_X86_64_PLT32     __stack_chk_fail-0x4
>    <function end>
> 
> I suppose this falls under the category of undefined behavior, so we
> probably can't call it a GCC bug.  But if the value of "nr" were out of
> range somehow then it would start executing random code.  Use a runtime
> BUG() assertion to avoid undefined behavior.
> 
> Fixes: 2cf6745e69d1 ("hwmon: (smsc47m1) fix (suspicious) outside array bounds warnings")
> Reported-by: Randy Dunlap <rdunlap@...radead.org>
> Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
> ---
>   drivers/hwmon/smsc47m1.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/hwmon/smsc47m1.c b/drivers/hwmon/smsc47m1.c
> index 6d366c9cb906..b637836b58a1 100644
> --- a/drivers/hwmon/smsc47m1.c
> +++ b/drivers/hwmon/smsc47m1.c
> @@ -352,7 +352,7 @@ static ssize_t fan_div_store(struct device *dev,
>   		smsc47m1_write_value(data, SMSC47M2_REG_FANDIV3, tmp);
>   		break;
>   	default:
> -		unreachable();
> +		BUG();

Sigh. And I wanted to avoid BUG() because this is all just to make
the compiler happy to start with. Oh well. I updated the offending
patch to use BUG().

Guenter

>   	}
>   
>   	/* Preserve fan min */
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ