| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Aug 2021 08:07:44 -0700
From: Randy Dunlap <rdunlap@...radead.org>
To: Steve French <smfrench@...il.com>,
LKML <linux-kernel@...r.kernel.org>,
Netdev <netdev@...r.kernel.org>
Subject: Re: signed integer overflow in atomic.h
On 8/11/21 10:41 PM, Steve French wrote:
> ===============
> [ 28.345189] UBSAN: signed-integer-overflow in
> ./arch/x86/include/asm/atomic.h:165:11
> [ 28.345196] 484501395 + 2024361625 cannot be represented in type 'int'
> [ 28.345202] CPU: 6 PID: 987 Comm: nmbd Not tainted 5.11.22 #1
> [ 28.345208] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
> [ 28.345212] Call Trace:
> [ 28.345218] dump_stack+0x8d/0xb5
> [ 28.345233] ubsan_epilogue+0x5/0x50
> [ 28.345242] handle_overflow+0xa3/0xb0
> [ 28.345257] ? rcu_read_lock_sched_held+0x39/0x80
> [ 28.345270] ip_idents_reserve+0x8d/0xb0
> [ 28.345283] __ip_select_ident+0x3f/0x70
> [ 28.345292] __ip_make_skb+0x279/0x450
> [ 28.345302] ? ip_reply_glue_bits+0x40/0x40
> [ 28.345314] ip_make_skb+0x10d/0x130
> [ 28.345326] ? ip_route_output_key_hash+0xee/0x190
> [ 28.345344] udp_sendmsg+0x79b/0x13b0
> [ 28.345365] ? ip_reply_glue_bits+0x40/0x40
> [ 28.345403] ? find_held_lock+0x29/0xb0
> [ 28.345420] ? sock_sendmsg+0x54/0x60
> [ 28.345426] sock_sendmsg+0x54/0x60
from net/ipv4/route.c:
/* If UBSAN reports an error there, please make sure your compiler
* supports -fno-strict-overflow before reporting it that was a bug
* in UBSAN, and it has been fixed in GCC-8.
*/
return atomic_add_return(segs + delta, p_id) - segs;
--
~Randy
Powered by blists - more mailing lists