lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c4be5b17-3071-0d99-f896-40040c81d9d3@linuxfoundation.org>
Date:   Wed, 13 Oct 2021 11:09:15 -0600
From:   Shuah Khan <skhan@...uxfoundation.org>
To:     kernel test robot <lkp@...el.com>,
        Luis Chamberlain <mcgrof@...nel.org>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
        Shuah Khan <skhan@...uxfoundation.org>
Subject: Re: [mcgrof:modules-next 1/1] include/linux/kern_levels.h:5:18:
 warning: format '%llu' expects argument of type 'long long unsigned int', but
 argument 3 has type 'Elf32_Off' {aka 'unsigned int'}

Hi Luis,

On 10/13/21 10:42 AM, kernel test robot wrote:
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux.git modules-next
> head:   8b1185a4427b772b9f02376a08272c3019777581
> commit: 8b1185a4427b772b9f02376a08272c3019777581 [1/1] module: change to print useful messages from elf_validity_check()
> config: um-i386_defconfig (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> reproduce (this is a W=1 build):
>          # https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux.git/commit/?id=8b1185a4427b772b9f02376a08272c3019777581
>          git remote add mcgrof https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux.git
>          git fetch --no-tags mcgrof modules-next
>          git checkout 8b1185a4427b772b9f02376a08272c3019777581
>          # save the attached .config to linux build tree
>          make W=1 ARCH=um SUBARCH=i386
> 
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@...el.com>
> 
> All warnings (new ones prefixed by >>):
> 

All of these warnings can be fixed easily by leaving out the fields that
are the problem. I can send a patch for that.

This one is real issue though;

static int validate_section_offset(struct load_info *info, Elf_Shdr *shdr)
{
         unsigned long secend; /* too short when sh_offset is Elf64_Off */

         /*
          * Check for both overflow and offset/size being
          * too large.
          */
         secend = shdr->sh_offset + shdr->sh_size;


secend is unsigned long which is too short when sh_offset is Elf64_Off

It appears to me that some sections of this elf validation code probably
needs to be arch specific. validate_section_offset() is one with this
potential for secend overflow.

We can introduce arch specific header print routine. Easy option is not
printing any info., which we know isn't very useful.

Let me know your thoughts.

thanks,
-- Shuah

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ