AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-05 20:15:31 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
5f16a046f8
linux_dsm_epyc7002/arch
History
Will Deacon 5f16a046f8 arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage 
FUTEX_OP_OPARG_SHIFT instructs the futex code to treat the 12-bit oparg
field as a shift value, potentially leading to a left shift value that
is negative or with an absolute value that is significantly larger then
the size of the type. UBSAN chokes with:

================================================================================
UBSAN: Undefined behaviour in ./arch/arm64/include/asm/futex.h:60:13
shift exponent -1 is negative
CPU: 1 PID: 1449 Comm: syz-executor0 Not tainted 4.11.0-rc4-00005-g977eb52-dirty #11
Hardware name: linux,dummy-virt (DT)
Call trace:
[<ffff200008094778>] dump_backtrace+0x0/0x538 arch/arm64/kernel/traps.c:73
[<ffff200008094cd0>] show_stack+0x20/0x30 arch/arm64/kernel/traps.c:228
[<ffff200008c194a8>] __dump_stack lib/dump_stack.c:16 [inline]
[<ffff200008c194a8>] dump_stack+0x120/0x188 lib/dump_stack.c:52
[<ffff200008cc24b8>] ubsan_epilogue+0x18/0x98 lib/ubsan.c:164
[<ffff200008cc3098>] __ubsan_handle_shift_out_of_bounds+0x250/0x294 lib/ubsan.c:421
[<ffff20000832002c>] futex_atomic_op_inuser arch/arm64/include/asm/futex.h:60 [inline]
[<ffff20000832002c>] futex_wake_op kernel/futex.c:1489 [inline]
[<ffff20000832002c>] do_futex+0x137c/0x1740 kernel/futex.c:3231
[<ffff200008320504>] SYSC_futex kernel/futex.c:3281 [inline]
[<ffff200008320504>] SyS_futex+0x114/0x268 kernel/futex.c:3249
[<ffff200008084770>] el0_svc_naked+0x24/0x28
================================================================================
syz-executor1 uses obsolete (PF_INET,SOCK_PACKET)
sock: process `syz-executor0' is using obsolete setsockopt SO_BSDCOMPAT

This patch attempts to fix some of this by:

  * Making encoded_op an unsigned type, so we can shift it left even if
    the top bit is set.

  * Casting to signed prior to shifting right when extracting oparg
    and cmparg

  * Consider only the bottom 5 bits of oparg when using it as a left-shift
    value.

Whilst I think this catches all of the issues, I'd much prefer to remove
this stuff, as I think it's unused and the bugs are copy-pasted between
a bunch of architectures.

Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-05-30 11:07:42 +01:00
..
alpha osf_wait4(): fix infoleak 2017-05-21 13:10:07 -04:00
arc Kbuild UAPI header export updates for v4.12 2017-05-10 20:45:36 -07:00
arm KVM fixes for v4.12-rc2 2017-05-19 15:13:13 -07:00
arm64 arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage 2017-05-30 11:07:42 +01:00
blackfin uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
c6x uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
cris devicetree: Move include prefixes from arch to separate directory 2017-05-18 23:55:48 -07:00
frv Kbuild UAPI header export updates for v4.12 2017-05-10 20:45:36 -07:00
h8300 uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
hexagon uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
ia64 Kbuild UAPI header export updates for v4.12 2017-05-10 20:45:36 -07:00
m32r uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
m68k uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
metag devicetree: Move include prefixes from arch to separate directory 2017-05-18 23:55:48 -07:00
microblaze uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
mips devicetree: Move include prefixes from arch to separate directory 2017-05-18 23:55:48 -07:00
mn10300 uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
nios2 nios2 update for v4.12-rc1 2017-05-12 09:53:16 -07:00
openrisc uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
parisc uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
powerpc powerpc fixes for 4.12 #4 2017-05-27 09:28:34 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2017-05-16 09:24:44 -07:00
score uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
sh Kbuild UAPI header export updates for v4.12 2017-05-10 20:45:36 -07:00
sparc sparc/ftrace: Fix ftrace graph time measurement 2017-05-17 12:07:47 -07:00
tile arch/include: remove empty Kbuild files 2017-05-11 00:22:18 +09:00
um Merge branch 'for-linus-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2017-05-13 10:20:02 -07:00
unicore32 Kbuild UAPI header export updates for v4.12 2017-05-10 20:45:36 -07:00
x86 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-27 09:17:58 -07:00
xtensa uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
.gitignore
Kconfig Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-10 10:30:46 -07:00