From: bugzilla-daemon@kernel.org
To: linux-scsi@vger.kernel.org
Subject: [Bug 215943] UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
Date: Fri, 27 May 2022 01:04:14 +0000 [thread overview]
Message-ID: <bug-215943-11613-VOk2tc2ndQ@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-215943-11613@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=215943
charlotte@extrahop.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |charlotte@extrahop.com
--- Comment #2 from charlotte@extrahop.com ---
Created attachment 301055
--> https://bugzilla.kernel.org/attachment.cgi?id=301055&action=edit
dmesg with UBSAN traces
we're seeing a similar thing on ubuntu 22.04's 5.15-based kernel (attached
kernel log).
MR_DRV_RAID_MAP ends with a single "struct MR_LD_SPAN_MAP ldSpanMap[1]", but in
MR_DRV_RAID_MAP_ALL, it is always followed by the field "struct MR_LD_SPAN_MAP
ldSpanMap[MAX_LOGICAL_DRIVES_DYN - 1]". Even though the access looks like it's
going off the end, the attached backtraces are accessing MR_DRV_RAID_MAP_ALL's
ldSpanMap.
So the attached traces are arguably false positives, but drivers/scsi/megaraid
is using an unusual idiom.
i assume if it did "struct MR_LD_SPAN_MAP ldSpanMap[0]", it would not trigger
the warning? but also it seems like in most (all?) of these cases it has access
to the MR_DRV_RAID_MAP_ALL anyways. (MR_FW_RAID_MAP and MR_FW_RAID_MAP_ALL seem
to be in a similar situation, but I didn't look at it as closely).
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
next prev parent reply other threads:[~2022-05-27 1:04 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-05 13:03 [Bug 215943] New: UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:103:32 bugzilla-daemon
2022-05-18 1:10 ` [Bug 215943] " bugzilla-daemon
2022-05-27 1:04 ` bugzilla-daemon [this message]
2022-05-27 20:41 ` bugzilla-daemon
2022-06-08 5:36 ` bugzilla-daemon
2022-06-08 6:39 ` bugzilla-daemon
2022-06-22 22:27 ` bugzilla-daemon
2022-08-16 21:47 ` bugzilla-daemon
2022-08-24 20:26 ` bugzilla-daemon
2022-11-10 22:22 ` bugzilla-daemon
2022-11-12 2:20 ` bugzilla-daemon
2023-09-11 7:47 ` bugzilla-daemon
2023-09-11 8:19 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-215943-11613-VOk2tc2ndQ@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.