| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <70a20532-3602-4e3d-9d48-28fbb1f23060@intel.com>
Date: Thu, 10 Jul 2025 08:49:40 -0700
From: Jacob Keller <jacob.e.keller@...el.com>
To: Jakub Kicinski <kuba@...nel.org>
CC: <davem@...emloft.net>, <netdev@...r.kernel.org>, <edumazet@...gle.com>,
<pabeni@...hat.com>, <andrew+netdev@...n.ch>, <horms@...nel.org>, "Alexander
Duyck" <alexanderduyck@...com>, <lee@...ger.us>
Subject: Re: [PATCH net-next] eth: fbnic: fix ubsan complaints about OOB
accesses
On 7/9/2025 5:11 PM, Jakub Kicinski wrote:
> On Wed, 9 Jul 2025 14:23:11 -0700 Jacob Keller wrote:
>>> head = list_first_entry(&log->entries, typeof(*head), list);
>>> - entry = (struct fbnic_fw_log_entry *)&head->msg[head->len + 1];
>>
>> I am guessing that UBSAN gets info about the hint for the length of the
>> msg, via the counted_by annotation in the structure? Then it realizes
>> that this is too large. Strictly taking address of a value doesn't
>> actually directly access the memory... However, you then later access
>> the value via the entry variable.. Perhaps UBSAN is complaining about that?
>
> Could be.. The splat includes the line info for the line whether entry
> is computed, but maybe that's just a nicety and the detection is done
> at access time..
It might just be the way the pointer is generated. I think I had issues
with something similar when working on lib/pldmfw too... Been a while
since I had an UBSAN splat though.
Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (237 bytes)
Powered by blists - more mailing lists