lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Zrzk8hilADAj+QTg@gmail.com>
Date: Wed, 14 Aug 2024 10:10:10 -0700
From: Breno Leitao <leitao@...ian.org>
To: kees@...nel.org, elver@...gle.com, andreyknvl@...il.com,
	ryabinin.a.a@...il.com
Cc: kasan-dev@...glegroups.com, linux-hardening@...r.kernel.org,
	axboe@...nel.dk, asml.silence@...il.com, netdev@...r.kernel.org
Subject: UBSAN: annotation to skip sanitization in variable that will wrap

Hello,

I am seeing some signed-integer-overflow in percpu reference counters.

	UBSAN: signed-integer-overflow in ./arch/arm64/include/asm/atomic_lse.h:204:1
	-9223372036854775808 - 1 cannot be represented in type 's64' (aka 'long long')
	Call trace:

	 handle_overflow
	 __ubsan_handle_sub_overflow
	 percpu_ref_put_many
	 css_put
	 cgroup_sk_free
	 __sk_destruct
	 __sk_free
	 sk_free
	 unix_release_sock
	 unix_release
	 sock_close

This overflow is probably happening in percpu_ref->percpu_ref_data->count.

Looking at the code documentation, it seems that overflows are fine in
per-cpu values. The lib/percpu-refcount.c code comment says:

 * Note that the counter on a particular cpu can (and will) wrap - this
 * is fine, when we go to shutdown the percpu counters will all sum to
 * the correct value

Is there a way to annotate the code to tell UBSAN that this overflow is
expected and it shouldn't be reported?

Thanks
--breno

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ