From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Sasha Levin <sashal@kernel.org>,
linux-audit@redhat.com, Gaosheng Cui <cuigaosheng1@huawei.com>,
eparis@redhat.com
Subject: [PATCH AUTOSEL 5.15 04/27] audit: fix undefined behavior in bit shift for AUDIT_BIT
Date: Fri, 18 Nov 2022 21:13:29 -0500 [thread overview]
Message-ID: <20221119021352.1774592-4-sashal@kernel.org> (raw)
In-Reply-To: <20221119021352.1774592-1-sashal@kernel.org>
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 986d93f55bdeab1cac858d1e47b41fac10b2d7f6 ]
Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in kernel/auditfilter.c:179:23
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
<TASK>
dump_stack_lvl+0x7d/0xa5
dump_stack+0x15/0x1b
ubsan_epilogue+0xe/0x4e
__ubsan_handle_shift_out_of_bounds+0x1e7/0x20c
audit_register_class+0x9d/0x137
audit_classes_init+0x4d/0xb8
do_one_initcall+0x76/0x430
kernel_init_freeable+0x3b3/0x422
kernel_init+0x24/0x1e0
ret_from_fork+0x1f/0x30
</TASK>
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
[PM: remove bad 'Fixes' tag as issue predates git, added in v2.6.6-rc1]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/audit.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index daa481729e9b..27799acd0e5e 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -182,7 +182,7 @@
#define AUDIT_MAX_KEY_LEN 256
#define AUDIT_BITMASK_SIZE 64
#define AUDIT_WORD(nr) ((__u32)((nr)/32))
-#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
+#define AUDIT_BIT(nr) (1U << ((nr) - AUDIT_WORD(nr)*32))
#define AUDIT_SYSCALL_CLASSES 16
#define AUDIT_CLASS_DIR_WRITE 0
--
2.35.1
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Gaosheng Cui <cuigaosheng1@huawei.com>,
Paul Moore <paul@paul-moore.com>, Sasha Levin <sashal@kernel.org>,
eparis@redhat.com, linux-audit@redhat.com
Subject: [PATCH AUTOSEL 5.15 04/27] audit: fix undefined behavior in bit shift for AUDIT_BIT
Date: Fri, 18 Nov 2022 21:13:29 -0500 [thread overview]
Message-ID: <20221119021352.1774592-4-sashal@kernel.org> (raw)
In-Reply-To: <20221119021352.1774592-1-sashal@kernel.org>
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 986d93f55bdeab1cac858d1e47b41fac10b2d7f6 ]
Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in kernel/auditfilter.c:179:23
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
<TASK>
dump_stack_lvl+0x7d/0xa5
dump_stack+0x15/0x1b
ubsan_epilogue+0xe/0x4e
__ubsan_handle_shift_out_of_bounds+0x1e7/0x20c
audit_register_class+0x9d/0x137
audit_classes_init+0x4d/0xb8
do_one_initcall+0x76/0x430
kernel_init_freeable+0x3b3/0x422
kernel_init+0x24/0x1e0
ret_from_fork+0x1f/0x30
</TASK>
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
[PM: remove bad 'Fixes' tag as issue predates git, added in v2.6.6-rc1]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/audit.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index daa481729e9b..27799acd0e5e 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -182,7 +182,7 @@
#define AUDIT_MAX_KEY_LEN 256
#define AUDIT_BITMASK_SIZE 64
#define AUDIT_WORD(nr) ((__u32)((nr)/32))
-#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
+#define AUDIT_BIT(nr) (1U << ((nr) - AUDIT_WORD(nr)*32))
#define AUDIT_SYSCALL_CLASSES 16
#define AUDIT_CLASS_DIR_WRITE 0
--
2.35.1
next prev parent reply other threads:[~2022-11-21 3:27 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-19 2:13 [PATCH AUTOSEL 5.15 01/27] wifi: mac80211: fix memory free error when registering wiphy fail Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 02/27] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 03/27] riscv: dts: sifive unleashed: Add PWM controlled LEDs Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2022-11-19 2:13 ` Sasha Levin [this message]
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 04/27] audit: fix undefined behavior in bit shift for AUDIT_BIT Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 05/27] wifi: airo: do not assign -1 to unsigned char Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 06/27] wifi: mac80211: Fix ack frame idr leak when mesh has no route Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 07/27] wifi: ath11k: Fix QCN9074 firmware boot on x86 Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 08/27] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 09/27] clocksource/drivers/hyperv: add data structure for reference TSC MSR Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 10/27] x86/hyperv: fix invalid writes to MSRs during root partition kexec Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 11/27] selftests/bpf: Add verifier test for release_reference() Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 12/27] Revert "net: macsec: report real_dev features when HW offloading is enabled" Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 13/27] ACPI: video: Add backlight=native DMI quirk for Dell G15 5515 Sasha Levin
2022-11-19 13:20 ` Daniel Dadap
2022-11-24 16:53 ` Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 14/27] platform/x86: ideapad-laptop: Disable touchpad_switch Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 15/27] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 16/27] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 17/27] platform/x86/intel/hid: Add some ACPI device IDs Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 18/27] scsi: ibmvfc: Avoid path failures during live migration Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 19/27] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 20/27] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 21/27] block, bfq: fix null pointer dereference in bfq_bio_bfqg() Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 22/27] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 23/27] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 24/27] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2023-01-03 12:38 ` Yury Zhuravlev
2023-01-03 12:38 ` Yury Zhuravlev
2023-01-08 3:56 ` Yury Zhuravlev
2023-01-08 3:56 ` Yury Zhuravlev
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 25/27] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 26/27] RISC-V: vdso: Do not add missing symbols to version section in linker script Sasha Levin
2022-11-19 2:13 ` Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 27/27] MIPS: pic32: treat port as signed integer Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221119021352.1774592-4-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=cuigaosheng1@huawei.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.