lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <7817812.EvYhyI6sBW@steina-w>
Date: Tue, 10 Jun 2025 16:34:36 +0200
From: Alexander Stein <alexander.stein@...tq-group.com>
To: netdev@...r.kernel.org
Cc: Christophe Leroy <christophe.leroy@...roup.eu>,
 Xiaolei Wang <xiaolei.wang@...driver.com>,
 linux-arm-kernel@...ts.infradead.org
Subject: UBSAN: shift-out-of-bounds in include/soc/fsl/qman.h:70:9

Hi,

I'm running a Freescale LS1043A based platform and with enabled UBSAN the
QMAN driver raises the following trace:
> UBSAN: shift-out-of-bounds in include/soc/fsl/qman.h:70:9
> shift exponent -1024 is negative
> CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.16.0-rc1-next-20250610+
> #3065 PREEMPT  79669a76f0881c2711711352971d97872fae206d Hardware name:
> TQ-Systems GmbH LS1043A TQMLS1043A SoM on MBLS10xxA board (DT)> 
> Call trace:
>  show_stack+0x28/0x78 (C)
>  dump_stack_lvl+0x68/0x8c
>  dump_stack+0x14/0x1c
>  ubsan_epilogue+0xc/0x3c
>  __ubsan_handle_shift_out_of_bounds+0xa0/0x1a0
>  qman_resource_init+0x178/0x1a0
>  fsl_qman_probe+0x260/0x480
>  platform_probe+0x64/0x100
>  really_probe+0xc8/0x3b8
>  __driver_probe_device+0x84/0x16c
>  driver_probe_device+0x40/0x160
>  __driver_attach+0xd0/0x240
>  bus_for_each_dev+0x7c/0xd8
>  driver_attach+0x28/0x40
>  bus_add_driver+0x108/0x244
>  driver_register+0x64/0x120
>  __platform_driver_register+0x28/0x38
>  fsl_qman_driver_init+0x18/0x20
>  do_one_initcall+0x6c/0x39c
>  kernel_init_freeable+0x32c/0x394
>  kernel_init+0x30/0x160
>  ret_from_fork+0x10/0x20

AFAICT this happens in qman_resource_init() when QM_SDQCR_CHANNELS_POOL_CONV()
is used for channel 0-256. HW IP is revision 3.2, so qm_channel_pool1 is
set to 0x401.

I don't know why this works or this never raised an issue before.
Any ideas or suggestions?

Best regards,
Alexander
-- 
TQ-Systems GmbH | Mühlstraße 2, Gut Delling | 82229 Seefeld, Germany
Amtsgericht München, HRB 105018
Geschäftsführer: Detlef Schneider, Rüdiger Stahl, Stefan Schneider
http://www.tq-group.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ