From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 876F5C433B4 for ; Fri, 7 May 2021 21:02:24 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 712776140C for ; Fri, 7 May 2021 21:02:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 712776140C Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.crashing.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4FcNDs5XFVz2yy4 for ; Sat, 8 May 2021 07:02:21 +1000 (AEST) Authentication-Results: lists.ozlabs.org; spf=permerror (SPF Permanent Error: Unknown mechanism found: ip:192.40.192.88/32) smtp.mailfrom=kernel.crashing.org (client-ip=63.228.1.57; helo=gate.crashing.org; envelope-from=segher@kernel.crashing.org; receiver=) Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) by lists.ozlabs.org (Postfix) with ESMTP id 4FcNDQ3qjZz2yXp for ; Sat, 8 May 2021 07:01:57 +1000 (AEST) Received: from gate.crashing.org (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id 147KxVpM030459; Fri, 7 May 2021 15:59:31 -0500 Received: (from segher@localhost) by gate.crashing.org (8.14.1/8.14.1/Submit) id 147KxS5E030446; Fri, 7 May 2021 15:59:28 -0500 X-Authentication-Warning: gate.crashing.org: segher set sender to segher@kernel.crashing.org using -f Date: Fri, 7 May 2021 15:59:28 -0500 From: Segher Boessenkool To: Christophe Leroy Subject: Re: UBSAN: array-index-out-of-bounds in arch/powerpc/kernel/legacy_serial.c:359:56 Message-ID: <20210507205928.GR10366@gate.crashing.org> References: <9f1e8f9a-9ccd-fc96-04cc-30137dbe9011@molgen.mpg.de> <3b1febc1-3635-fb5f-1ff3-6f9f0c8feb12@csgroup.eu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3b1febc1-3635-fb5f-1ff3-6f9f0c8feb12@csgroup.eu> User-Agent: Mutt/1.4.2.3i X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paul Menzel , linuxppc-dev@lists.ozlabs.org, Paul Mackerras Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Fri, May 07, 2021 at 10:31:42AM +0200, Christophe Leroy wrote: > The function is as follows, so when legacy_serial_console == -1 as in your > situation, the pointers are just not used. And it is still undefined behaviour. C11 6.5.6/8 has If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined. (this is for adding an integer to a pointer). > When I look into the generated code (UBSAN not selected), we see the > verification and the bail-out is done prior to any calculation based on > legacy_serial_console. Yes, you got lucky. Generating the code you wanted is one of the things the compiler is allowed to do for UB. > So, is it normal that UBSAN reports an error here ? Yes. It detected undefined behaviour just fine, it did exactly its job :-) Segher