| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YEJBCA362sKGD1jp@mit.edu>
Date: Fri, 5 Mar 2021 09:32:40 -0500
From: "Theodore Ts'o" <tytso@....edu>
To: Sabyrzhan Tasbolatov <snovitoll@...il.com>
Cc: jack@...e.cz, adilger.kernel@...ger.ca, linux-ext4@...r.kernel.org,
linux-kernel@...r.kernel.org,
syzbot+a8b4b0c60155e87e9484@...kaller.appspotmail.com
Subject: Re: [PATCH v2] fs/ext4: fix integer overflow in s_log_groups_per_flex
On Wed, Feb 24, 2021 at 03:58:00PM +0600, Sabyrzhan Tasbolatov wrote:
> syzbot found UBSAN: shift-out-of-bounds in ext4_mb_init [1], when
> 1 << sbi->s_es->s_log_groups_per_flex is bigger than UINT_MAX,
> where sbi->s_mb_prefetch is unsigned integer type.
>
> 32 is the maximum allowed power of s_log_groups_per_flex. Following if
> check will also trigger UBSAN shift-out-of-bound:
>
> if (1 << sbi->s_es->s_log_groups_per_flex >= UINT_MAX) {
>
> So I'm checking it against the raw number, perhaps there is another way
> to calculate UINT_MAX max power. Also use min_t as to make sure it's
> uint type.
>
> [1] UBSAN: shift-out-of-bounds in fs/ext4/mballoc.c:2713:24
> shift exponent 60 is too large for 32-bit type 'int'
> Call Trace:
> __dump_stack lib/dump_stack.c:79 [inline]
> dump_stack+0x137/0x1be lib/dump_stack.c:120
> ubsan_epilogue lib/ubsan.c:148 [inline]
> __ubsan_handle_shift_out_of_bounds+0x432/0x4d0 lib/ubsan.c:395
> ext4_mb_init_backend fs/ext4/mballoc.c:2713 [inline]
> ext4_mb_init+0x19bc/0x19f0 fs/ext4/mballoc.c:2898
> ext4_fill_super+0xc2ec/0xfbe0 fs/ext4/super.c:4983
>
> Reported-by: syzbot+a8b4b0c60155e87e9484@...kaller.appspotmail.com
> Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@...il.com>
Applied, thanks.
- Ted
Powered by blists - more mailing lists