[PATCH AUTOSEL 4.18 20/45] powerpc/nohash: fix undefined behaviour when testing page size support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Daniel Axtens <dja@axtens.net>,
	Michael Ellerman <mpe@ellerman.id.au>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.18 20/45] powerpc/nohash: fix undefined behaviour when testing page size support
Date: Sun,  4 Nov 2018 08:52:15 -0500	[thread overview]
Message-ID: <20181104135240.88431-20-sashal@kernel.org> (raw)
In-Reply-To: <20181104135240.88431-1-sashal@kernel.org>

From: Daniel Axtens <dja@axtens.net>

[ Upstream commit f5e284803a7206d43e26f9ffcae5de9626d95e37 ]

When enumerating page size definitions to check hardware support,
we construct a constant which is (1U << (def->shift - 10)).

However, the array of page size definitions is only initalised for
various MMU_PAGE_* constants, so it contains a number of 0-initialised
elements with def->shift == 0. This means we end up shifting by a
very large number, which gives the following UBSan splat:

================================================================================
UBSAN: Undefined behaviour in /home/dja/dev/linux/linux/arch/powerpc/mm/tlb_nohash.c:506:21
shift exponent 4294967286 is too large for 32-bit type 'unsigned int'
CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc3-00045-ga604f927b012-dirty #6
Call Trace:
[c00000000101bc20] [c000000000a13d54] .dump_stack+0xa8/0xec (unreliable)
[c00000000101bcb0] [c0000000004f20a8] .ubsan_epilogue+0x18/0x64
[c00000000101bd30] [c0000000004f2b10] .__ubsan_handle_shift_out_of_bounds+0x110/0x1a4
[c00000000101be20] [c000000000d21760] .early_init_mmu+0x1b4/0x5a0
[c00000000101bf10] [c000000000d1ba28] .early_setup+0x100/0x130
[c00000000101bf90] [c000000000000528] start_here_multiplatform+0x68/0x80
================================================================================

Fix this by first checking if the element exists (shift != 0) before
constructing the constant.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/mm/tlb_nohash.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/powerpc/mm/tlb_nohash.c b/arch/powerpc/mm/tlb_nohash.c
index 15fe5f0c8665..ae5d568e267f 100644
--- a/arch/powerpc/mm/tlb_nohash.c
+++ b/arch/powerpc/mm/tlb_nohash.c
@@ -503,6 +503,9 @@ static void setup_page_sizes(void)
 		for (psize = 0; psize < MMU_PAGE_COUNT; ++psize) {
 			struct mmu_psize_def *def = &mmu_psize_defs[psize];
 
+			if (!def->shift)
+				continue;
+
 			if (tlb1ps & (1U << (def->shift - 10))) {
 				def->flags |= MMU_PAGE_SIZE_DIRECT;
 
-- 
2.17.1

next prev parent reply	other threads:[~2018-11-04 14:03 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-04 13:51 [PATCH AUTOSEL 4.18 01/45] mm: thp: fix MADV_DONTNEED vs migrate_misplaced_transhuge_page race condition Sasha Levin
2018-11-04 13:51 ` [PATCH AUTOSEL 4.18 02/45] mm: thp: fix mmu_notifier in migrate_misplaced_transhuge_page() Sasha Levin
2018-11-04 13:51 ` [PATCH AUTOSEL 4.18 03/45] mm: calculate deferred pages after skipping mirrored memory Sasha Levin
2018-11-04 13:51 ` [PATCH AUTOSEL 4.18 04/45] mm/vmstat.c: assert that vmstat_text is in sync with stat_items_size Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 05/45] userfaultfd: allow get_mempolicy(MPOL_F_NODE|MPOL_F_ADDR) to trigger userfaults Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 06/45] mm: don't miss the last page because of round-off error Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 07/45] mm: don't warn about large allocations for slab Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 08/45] powerpc/traps: restore recoverability of machine_check interrupts Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 09/45] powerpc/64/module: REL32 relocation range check Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 10/45] powerpc/mm: Fix page table dump to work on Radix Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 11/45] powerpc/mm: fix always true/false warning in slice.c Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 12/45] drm/amd/display: fix bug of accessing invalid memory Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 13/45] Input: wm97xx-ts - fix exit path Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 14/45] powerpc/Makefile: Fix PPC_BOOK3S_64 ASFLAGS Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 15/45] powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 16/45] tty: check name length in tty_find_polling_driver() Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 17/45] tracing/kprobes: Check the probe on unloaded module correctly Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 18/45] drm/amdgpu/powerplay: fix missing break in switch statements Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 19/45] ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL Sasha Levin
2018-11-04 13:52 ` Sasha Levin [this message]
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 21/45] powerpc/mm: Don't report hugepage tables as memory leaks when using kmemleak Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 22/45] watchdog: lantiq: update register names to better match spec Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 23/45] drm/omap: fix memory barrier bug in DMM driver Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 24/45] iio: adc: at91: fix wrong channel number in triggered buffer mode Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 25/45] iio: adc: at91: fix acking DRDY irq on simple conversions Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 26/45] drm/amd/display: fix gamma not being applied Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 27/45] drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer pointer Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 28/45] media: pci: cx23885: handle adding to list failure Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 29/45] media: coda: don't overwrite h.264 profile_idc on decoder instance Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 30/45] iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 31/45] MIPS: kexec: Mark CPU offline before disabling local IRQ Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 32/45] powerpc/boot: Ensure _zimage_start is a weak symbol Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 33/45] powerpc/memtrace: Remove memory in chunks Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 34/45] MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 35/45] sc16is7xx: Fix for multi-channel stall Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 36/45] media: tvp5150: fix width alignment during set_selection() Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 37/45] powerpc/selftests: Wait all threads to join Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 38/45] staging:iio:ad7606: fix voltage scales Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 39/45] drm: rcar-du: Update Gen3 output limitations Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 40/45] drm/amdgpu: Fix SDMA TO after GPU reset v3 Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 41/45] staging: most: video: fix registration of an empty comp core_component Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 42/45] 9p locks: fix glock.client_id leak in do_lock Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 43/45] udf: Prevent write-unsupported filesystem to be remounted read-write Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 44/45] ARM: dts: imx6ull: keep IMX6UL_ prefix for signals on both i.MX6UL and i.MX6ULL Sasha Levin
2018-11-04 13:52 ` [PATCH AUTOSEL 4.18 45/45] 9p: clear dangling pointers in p9stat_free Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:15fe5f0c866 dfblob:ae5d568e267 )
 OR (
bs:"[PATCH AUTOSEL 4.18 20/45] powerpc/nohash: fix undefined behaviour when testing page size support" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181104135240.88431-20-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=dja@axtens.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mpe@ellerman.id.au \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.