| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Jan 2024 09:34:19 +0800 From: Oliver Sang <oliver.sang@...el.com> To: Kees Cook <keescook@...omium.org> CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, Justin Stitt <justinstitt@...gle.com>, Miguel Ojeda <ojeda@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, "Peter Zijlstra" <peterz@...radead.org>, Marco Elver <elver@...gle.com>, Hao Luo <haoluo@...gle.com>, Przemek Kitszel <przemyslaw.kitszel@...el.com>, <workflows@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <linux-kbuild@...r.kernel.org>, <oliver.sang@...el.com> Subject: Re: [kees:devel/overflow/sanitizers] [overflow] 660787b56e: UBSAN:signed-integer-overflow_in_lib/test_memcat_p.c hi, Kees, On Tue, Jan 30, 2024 at 04:23:06PM -0800, Kees Cook wrote: > On Tue, Jan 30, 2024 at 10:52:56PM +0800, kernel test robot wrote: > > .. > > while testing, we observed below different (and same part) between parent and > > this commit: > > > > ea804316c9db5148 660787b56e6e97ddc34c7882cbe > > ---------------- --------------------------- > > fail:runs %reproduction fail:runs > > | | | > > 6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_arch/x86/kernel/cpu/intel.c > > 6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_arch/x86/kernel/cpu/topology.c > > 6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_fs/namespace.c > > 6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_fs/read_write.c > > 6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_include/linux/rhashtable.h > > 6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_include/net/tcp.h > > Are these shift-out-of-bounds warnings new? no, they also happen on parent commit. thanks a lot for all guildance! > > > :6 100% 6:6 dmesg.UBSAN:signed-integer-overflow_in_lib/test_memcat_p.c > > This is new for sure, catching an issue you show below... > > > this looks like the commit uncovered issue. but since it's hard for us to back > > port this commit to each commit while bisecting, we cannot capture the real > > first bad commit. not sure if this report could help somebody to investigate > > the real issue? > > Yeah, I think there is an unexpected wrap-around in test_memcat_p.c: > > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > > the same patch/commit), kindly add following tags > > | Reported-by: kernel test robot <oliver.sang@...el.com> > > | Closes: https://lore.kernel.org/oe-lkp/202401302219.db90a6d5-oliver.sang@intel.com > > > > > > [ 42.894536][ T1] ------------[ cut here ]------------ > > [ 42.895474][ T1] UBSAN: signed-integer-overflow in lib/test_memcat_p.c:47:10 > > [ 42.897128][ T1] 6570 * 725861 cannot be represented in type 'int' > > I'm surprised to see the sanitizer catching anything here since the > kernel is built with -fno-strict-overflow, but regardless, I'll send a > patch... > > -Kees > > -- > Kees Cook
Powered by blists - more mailing lists