linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds
@ 2021-05-08  6:36 Christophe Leroy
  2021-05-10 21:14 ` Segher Boessenkool
  2021-05-15 22:43 ` Michael Ellerman
  0 siblings, 2 replies; 5+ messages in thread
From: Christophe Leroy @ 2021-05-08  6:36 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman, pmenzel
  Cc: linux-kernel, linuxppc-dev

UBSAN complains when a pointer is calculated with invalid
'legacy_serial_console' index, allthough the index is verified
before dereferencing the pointer.

Fix it by checking 'legacy_serial_console' validity before
calculating pointers.

Fixes: 0bd3f9e953bd ("powerpc/legacy_serial: Use early_ioremap()")
Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
 arch/powerpc/kernel/legacy_serial.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/arch/powerpc/kernel/legacy_serial.c b/arch/powerpc/kernel/legacy_serial.c
index 8b2c1a8553a0..1c2e09e1d59b 100644
--- a/arch/powerpc/kernel/legacy_serial.c
+++ b/arch/powerpc/kernel/legacy_serial.c
@@ -354,15 +354,12 @@ static void __init setup_legacy_serial_console(int console)
 	udbg_uart_setup(info->speed, info->clock);
 }
 
-static int __init ioremap_legacy_serial_console(void)
+static int __init do_ioremap_legacy_serial_console(int console)
 {
-	struct legacy_serial_info *info = &legacy_serial_infos[legacy_serial_console];
-	struct plat_serial8250_port *port = &legacy_serial_ports[legacy_serial_console];
+	struct legacy_serial_info *info = &legacy_serial_infos[console];
+	struct plat_serial8250_port *port = &legacy_serial_ports[console];
 	void __iomem *vaddr;
 
-	if (legacy_serial_console < 0)
-		return 0;
-
 	if (!info->early_addr)
 		return 0;
 
@@ -376,6 +373,13 @@ static int __init ioremap_legacy_serial_console(void)
 
 	return 0;
 }
+
+static int __init ioremap_legacy_serial_console(void)
+{
+	if (legacy_serial_console < 0)
+		return 0;
+	return do_ioremap_legacy_serial_console(legacy_serial_console);
+}
 early_initcall(ioremap_legacy_serial_console);
 
 /*
-- 
2.25.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds
  2021-05-08  6:36 [PATCH] powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds Christophe Leroy
@ 2021-05-10 21:14 ` Segher Boessenkool
  2021-05-11  1:16   ` Michael Ellerman
  2021-05-15 22:43 ` Michael Ellerman
  1 sibling, 1 reply; 5+ messages in thread
From: Segher Boessenkool @ 2021-05-10 21:14 UTC (permalink / raw)
  To: Christophe Leroy
  Cc: Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman,
	pmenzel, linuxppc-dev, linux-kernel

On Sat, May 08, 2021 at 06:36:21AM +0000, Christophe Leroy wrote:
> UBSAN complains when a pointer is calculated with invalid
> 'legacy_serial_console' index, allthough the index is verified
> before dereferencing the pointer.

Addressing like this is UB already.

You could just move this:

> -	if (legacy_serial_console < 0)
> -		return 0;

to before

> -	struct legacy_serial_info *info = &legacy_serial_infos[legacy_serial_console];
> -	struct plat_serial8250_port *port = &legacy_serial_ports[legacy_serial_console];

and no other change is necessary.


Segher

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds
  2021-05-10 21:14 ` Segher Boessenkool
@ 2021-05-11  1:16   ` Michael Ellerman
  2021-05-11  4:54     ` Christophe Leroy
  0 siblings, 1 reply; 5+ messages in thread
From: Michael Ellerman @ 2021-05-11  1:16 UTC (permalink / raw)
  To: Segher Boessenkool, Christophe Leroy
  Cc: Benjamin Herrenschmidt, Paul Mackerras, pmenzel, linuxppc-dev,
	linux-kernel

Segher Boessenkool <segher@kernel.crashing.org> writes:

> On Sat, May 08, 2021 at 06:36:21AM +0000, Christophe Leroy wrote:
>> UBSAN complains when a pointer is calculated with invalid
>> 'legacy_serial_console' index, allthough the index is verified
>> before dereferencing the pointer.
>
> Addressing like this is UB already.
>
> You could just move this:
>
>> -	if (legacy_serial_console < 0)
>> -		return 0;
>
> to before
>
>> -	struct legacy_serial_info *info = &legacy_serial_infos[legacy_serial_console];
>> -	struct plat_serial8250_port *port = &legacy_serial_ports[legacy_serial_console];
>
> and no other change is necessary.

Yeah I sent a v2 doing that, thanks.

cheers

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds
  2021-05-11  1:16   ` Michael Ellerman
@ 2021-05-11  4:54     ` Christophe Leroy
  0 siblings, 0 replies; 5+ messages in thread
From: Christophe Leroy @ 2021-05-11  4:54 UTC (permalink / raw)
  To: Michael Ellerman, Segher Boessenkool
  Cc: Benjamin Herrenschmidt, Paul Mackerras, pmenzel, linuxppc-dev,
	linux-kernel



Le 11/05/2021 à 03:16, Michael Ellerman a écrit :
> Segher Boessenkool <segher@kernel.crashing.org> writes:
> 
>> On Sat, May 08, 2021 at 06:36:21AM +0000, Christophe Leroy wrote:
>>> UBSAN complains when a pointer is calculated with invalid
>>> 'legacy_serial_console' index, allthough the index is verified
>>> before dereferencing the pointer.
>>
>> Addressing like this is UB already.
>>
>> You could just move this:
>>
>>> -	if (legacy_serial_console < 0)
>>> -		return 0;
>>
>> to before
>>
>>> -	struct legacy_serial_info *info = &legacy_serial_infos[legacy_serial_console];
>>> -	struct plat_serial8250_port *port = &legacy_serial_ports[legacy_serial_console];
>>
>> and no other change is necessary.
> 
> Yeah I sent a v2 doing that, thanks.
> 

I wanted something looking similar to setup_legacy_serial_console(), but of course this also works.

Christophe

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds
  2021-05-08  6:36 [PATCH] powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds Christophe Leroy
  2021-05-10 21:14 ` Segher Boessenkool
@ 2021-05-15 22:43 ` Michael Ellerman
  1 sibling, 0 replies; 5+ messages in thread
From: Michael Ellerman @ 2021-05-15 22:43 UTC (permalink / raw)
  To: pmenzel, Benjamin Herrenschmidt, Christophe Leroy,
	Paul Mackerras, Michael Ellerman
  Cc: linux-kernel, linuxppc-dev

On Sat, 8 May 2021 06:36:21 +0000 (UTC), Christophe Leroy wrote:
> UBSAN complains when a pointer is calculated with invalid
> 'legacy_serial_console' index, allthough the index is verified
> before dereferencing the pointer.
> 
> Fix it by checking 'legacy_serial_console' validity before
> calculating pointers.

Applied to powerpc/fixes.

[1/1] powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds
      https://git.kernel.org/powerpc/c/63970f3c37e75997ed86dbdfdc83df35f2152bb1

cheers

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-05-15 22:46 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-08  6:36 [PATCH] powerpc/legacy_serial: Fix UBSAN: array-index-out-of-bounds Christophe Leroy
2021-05-10 21:14 ` Segher Boessenkool
2021-05-11  1:16   ` Michael Ellerman
2021-05-11  4:54     ` Christophe Leroy
2021-05-15 22:43 ` Michael Ellerman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).