From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eugeniu Rosca Date: Mon, 27 Aug 2018 01:13:18 +0200 Subject: [U-Boot] [PATCH v2 00/13] Import Undefined Behavior Sanitizer Message-ID: <20180826231332.2491-1-erosca@de.adit-jv.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de While certain classes of bugs (e.g. locking related) are totally irrelevant for U-Boot, undefined behavior is something U-Boot may experience all over the place and this certainly can lead to hidden and difficult to debug issues. As of v4.18, Linux kernel contains roughly 119 UBSAN fixes [1], so it has been quite a productive and useful tool to play with during development. Thanks to UBSAN, this series fixes 11 (+1 in [2]) UB issues, revealed by simply cold-booting (sometimes by running an existing command on) sandbox, qemu-system-{arm,ppc,i386} and arm64 R-Car Gen3 targets. | Undefined Behavior class | Noticed | Fixed | Ref --|---------------------------------------|---------|-------|----- A | Signed shift overflow | 8 | 8 | B | Zero-sized array declaration | 2 | 2 | C | Read-past-end-of-array | 1 | 1 | D | Shift by negative value | 1 | 0 | [3] E | Load of address 'X' with insufficient | | | | space for an object of type 'Y' | ~20-30 | 0 | [4] A certain class of UBs (see E above) is reported regularly at runtime on all architectures and looks to be related to the implementation of U-Boot linker-generated arrays [4]. I believe some feedback from the authors/maintainers of those is required to assess if this is a UBSAN false positive or a real bug. The "signed shift overflow" (see A above) UB is very common in U-Boot. Grepping the code for '(1 << 31)' (which is a consistent source of this type of UB) gives 528 occurrences: $ git grep -E '1[ ]*<<[ ]*31' | wc -l 528 This series collects the low-hanging fruit, as well as leaves others to experiment with UBSAN themselves. Best regards, Eugeniu. [1] git log --oneline --no-merges --grep UBSAN v4.18 | wc -l 119 [2] https://patchwork.ozlabs.org/patch/957323/ [3] Example of "shift by negative value" UB ================================================================== UBSAN: Undefined behaviour in drivers/pci/fsl_pci_init.c:139:17 shift exponent -1 is negative ================================================================== [4] Either a false-positive or a bug in "include/linker_lists.h": ================================================================= UBSAN: Undefined behaviour in drivers/core/lists.c:28:26 load of address 000000000075f180 with insufficient space for an object of type 'char *' ================================================================= Eugeniu Rosca (13): UBSAN: run-time undefined behavior sanity checker mmc: Fix signed shift overflow armv8: mmu: Fix signed shift overflow pinctrl: renesas: Fix signed shift overflow net: phy: Fix signed shift overflow net: ravb: Fix signed shift overflow x86: Fix signed shift overflow in MSR_IA32_APICBASE_BASE disk: part_dos: Fix signed shift overflow common.h: Fix signed shift overflow in cpumask_next() mmc: Fix read-past-end-of-array hashtable: Fix zero-sized array input: Fix zero-sized array configs: sandbox*: Enable UBSAN Makefile | 3 +- arch/Kconfig | 4 + arch/arm/Kconfig | 1 + arch/arm/include/asm/armv8/mmu.h | 42 +-- arch/x86/include/asm/msr-index.h | 2 +- configs/sandbox64_defconfig | 1 + configs/sandbox_defconfig | 1 + configs/sandbox_flattree_defconfig | 1 + configs/sandbox_noblk_defconfig | 1 + configs/sandbox_spl_defconfig | 1 + disk/part_dos.c | 9 +- drivers/input/input.c | 4 +- drivers/mmc/mmc.c | 4 +- drivers/net/phy/phy.c | 4 +- drivers/net/ravb.c | 16 +- drivers/pinctrl/renesas/sh_pfc.h | 14 +- examples/standalone/Makefile | 2 + include/common.h | 2 +- include/linux/compat.h | 3 + include/search.h | 2 +- lib/Kconfig | 1 + lib/Kconfig.ubsan | 29 ++ lib/Makefile | 2 + lib/hashtable.c | 4 +- lib/linux_compat.c | 3 + lib/ubsan.c | 461 +++++++++++++++++++++++++++++ lib/ubsan.h | 94 ++++++ scripts/Makefile.lib | 6 + scripts/Makefile.ubsan | 20 ++ 29 files changed, 684 insertions(+), 53 deletions(-) create mode 100644 lib/Kconfig.ubsan create mode 100644 lib/ubsan.c create mode 100644 lib/ubsan.h create mode 100644 scripts/Makefile.ubsan -- 2.18.0