| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240123002814.1396804-12-keescook@chromium.org> Date: Mon, 22 Jan 2024 16:26:47 -0800 From: Kees Cook <keescook@...omium.org> To: linux-hardening@...r.kernel.org Cc: Kees Cook <keescook@...omium.org>, Jakub Kicinski <kuba@...nel.org>, "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, linux-kernel@...r.kernel.org Subject: [PATCH 12/82] ipv4: Silence intentional wrapping addition The overflow sanitizer quickly noticed what appears to have been an old sore spot involving intended wrap around: [ 22.192362] ------------[ cut here ]------------ [ 22.193329] UBSAN: signed-integer-overflow in ../arch/x86/include/asm/atomic.h:85:11 [ 22.194844] 1469769800 + 1671667352 cannot be represented in type 'int' [ 22.195975] CPU: 2 PID: 2260 Comm: nmbd Not tainted 6.7.0 #1 [ 22.196927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 [ 22.198231] Call Trace: [ 22.198641] <TASK> [ 22.198641] dump_stack_lvl+0x64/0x80 [ 22.199533] handle_overflow+0x152/0x1a0 [ 22.200382] __ip_select_ident+0xe3/0x100 Explicitly perform a wrapping addition to solve for the needed -fno-strict-overflow behavior but still allow the sanitizers to operate correctly. To see the (unchanged) assembly results more clearly, see: https://godbolt.org/z/EhYhz6zTT Cc: Jakub Kicinski <kuba@...nel.org> Cc: "David S. Miller" <davem@...emloft.net> Cc: David Ahern <dsahern@...nel.org> Cc: Eric Dumazet <edumazet@...gle.com> Cc: Paolo Abeni <pabeni@...hat.com> Cc: netdev@...r.kernel.org Signed-off-by: Kees Cook <keescook@...omium.org> --- net/ipv4/route.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 16615d107cf0..c52e85b06fe7 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -473,11 +473,11 @@ static u32 ip_idents_reserve(u32 hash, int segs) if (old != now && cmpxchg(p_tstamp, old, now) == old) delta = get_random_u32_below(now - old); - /* If UBSAN reports an error there, please make sure your compiler - * supports -fno-strict-overflow before reporting it that was a bug - * in UBSAN, and it has been fixed in GCC-8. + /* If UBSAN reports an error there, please make sure your arch's + * atomic_add_return() implementation has been annotated with + * __signed_wrap. */ - return atomic_add_return(segs + delta, p_id) - segs; + return atomic_add_return(add_wrap(segs, delta), p_id) - segs; } void __ip_select_ident(struct net *net, struct iphdr *iph, int segs) -- 2.34.1
Powered by blists - more mailing lists