lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CY8PR11MB7134149FA7DF6E6C0FC7A9BD8924A@CY8PR11MB7134.namprd11.prod.outlook.com>
Date: Wed, 30 Jul 2025 07:56:18 +0000
From: "Zhuo, Qiuxu" <qiuxu.zhuo@...el.com>
To: "kao, acelan" <acelan.kao@...onical.com>, "Luck, Tony"
	<tony.luck@...el.com>, Borislav Petkov <bp@...en8.de>, James Morse
	<james.morse@....com>, Mauro Carvalho Chehab <mchehab@...nel.org>, "Robert
 Richter" <rric@...nel.org>, "linux-edac@...r.kernel.org"
	<linux-edac@...r.kernel.org>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] EDAC/skx_common: Fix potential negative values in DIMM
 size calculation

Hi AceLan,

> From: AceLan Kao <acelan@...il.com> On Behalf Of Chia-Lin Kao (AceLan)
> Sent: Wednesday, July 30, 2025 2:32 PM
> To: Luck, Tony <tony.luck@...el.com>; Borislav Petkov <bp@...en8.de>; James
> Morse <james.morse@....com>; Mauro Carvalho Chehab
> <mchehab@...nel.org>; Robert Richter <rric@...nel.org>; Zhuo, Qiuxu
> <qiuxu.zhuo@...el.com>; linux-edac@...r.kernel.org; linux-
> kernel@...r.kernel.org
> Subject: [PATCH] EDAC/skx_common: Fix potential negative values in DIMM
> size calculation
> 
> The skx_get_dimm_attr() function can return a negative error code, which is
> then assigned to 'ranks', 'rows', or 'cols'.
> 
> [    9.344702] EDAC DEBUG: skx_get_dimm_attr: bad ranks = 3 (raw=0xffffffff)
> [    9.344703] EDAC DEBUG: skx_get_dimm_attr: bad rows = 7 (raw=0xffffffff)
> [    9.344703] EDAC DEBUG: skx_get_dimm_attr: bad cols = 3 (raw=0xffffffff)
> [    9.344704] ------------[ cut here ]------------
> [    9.344705] UBSAN: shift-out-of-bounds in
> drivers/edac/skx_common.c:453:2
> [    9.344707] shift exponent -66 is negative
> 
> The 3 values, rows, cols, and ranks are all -EINVAL(-22), so this line
>    (1ull << (rows + cols + ranks)
> would become
>    (1ull << ((-22) + (-22) + (-22))
> Which leads to shift exponent -66 error
> 
> Add a check to ensure that 'ranks', 'rows', and 'cols' are not negative before
> they are used in the size calculation. This prevents the use of invalid values.
> 
> Fixes: 88a242c98740 ("EDAC, skx_common: Separate common code out from
> skx_edac")
> Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@...onical.com>
>

Thanks for reporting this. 

Which CPU did you test it on? 
Would you mind taking a complete dmesg log with the kernel option 
CONFIG_EDAC_DEBUG=y (your current log showed this option had been enabled)? 

Thanks!
-Qiuxu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ