lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250730063155.2612379-1-acelan.kao@canonical.com>
Date: Wed, 30 Jul 2025 14:31:55 +0800
From: "Chia-Lin Kao (AceLan)" <acelan.kao@...onical.com>
To: Tony Luck <tony.luck@...el.com>,
	Borislav Petkov <bp@...en8.de>,
	James Morse <james.morse@....com>,
	Mauro Carvalho Chehab <mchehab@...nel.org>,
	Robert Richter <rric@...nel.org>,
	Qiuxu Zhuo <qiuxu.zhuo@...el.com>,
	linux-edac@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] EDAC/skx_common: Fix potential negative values in DIMM size calculation

The skx_get_dimm_attr() function can return a negative error code,
which is then assigned to 'ranks', 'rows', or 'cols'.

[    9.344702] EDAC DEBUG: skx_get_dimm_attr: bad ranks = 3 (raw=0xffffffff)
[    9.344703] EDAC DEBUG: skx_get_dimm_attr: bad rows = 7 (raw=0xffffffff)
[    9.344703] EDAC DEBUG: skx_get_dimm_attr: bad cols = 3 (raw=0xffffffff)
[    9.344704] ------------[ cut here ]------------
[    9.344705] UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:2
[    9.344707] shift exponent -66 is negative

The 3 values, rows, cols, and ranks are all -EINVAL(-22), so this line
   (1ull << (rows + cols + ranks)
would become
   (1ull << ((-22) + (-22) + (-22))
Which leads to shift exponent -66 error

Add a check to ensure that 'ranks', 'rows', and 'cols' are not
negative before they are used in the size calculation. This prevents
the use of invalid values.

Fixes: 88a242c98740 ("EDAC, skx_common: Separate common code out from skx_edac")
Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@...onical.com>
---
 drivers/edac/skx_common.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/edac/skx_common.c b/drivers/edac/skx_common.c
index 39c733dbc5b9..36dd14320d70 100644
--- a/drivers/edac/skx_common.c
+++ b/drivers/edac/skx_common.c
@@ -436,6 +436,9 @@ int skx_get_dimm_info(u32 mtr, u32 mcmtr, u32 amap, struct dimm_info *dimm,
 	rows = numrow(mtr);
 	cols = imc->hbm_mc ? 6 : numcol(mtr);
 
+	if (ranks < 0 || rows < 0 || cols < 0)
+		return 0;
+
 	if (imc->hbm_mc) {
 		banks = 32;
 		mtype = MEM_HBM2;
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ