Re: [syzbot] UBSAN: shift-out-of-bounds in profile_init

From: Tetsuo Handa
Date: Fri Jul 16 2021 - 10:11:50 EST


On 2021/07/16 21:24, Pavel Skripkin wrote:
> But this function can be called not only from sysfs and I can't
> understand will my patch break something or not. And, I think, error
> message is needed somewhere here to inform callers about wrong shift
> value.
>
>
> Thoughts?

Subsequent profiling_store() attempts will return -EEXIST if
profile_setup() once set prof_on to non-zero value. Therefore,
if you try to return -EINVAL when profile_setup() returns 0,
you need to make sure that prof_on is set to non-zero value
only if prof_shift is valid.

But, the userspace might not be aware of the value of MAX_PROF_SHIFT
because it is an architecture dependent value, and par might become negative
value because get_option() accepts negative value. Therefore, it might be
better to

+ par = clamp(par, 0, MAX_PROF_SHIFT - 1);

than

+ if (par < 0 || par >= MAX_PROF_SHIFT)
+ return 0;

.