drivers: random: Shift out-of-bounds in _mix_pool_bytes

From: Andrey Ryabinin
Date: Mon Oct 20 2014 - 07:03:44 EST


Hi, Theodore.

I've got this while booting kernel with ubsan:

[ 0.000000] ================================================================================
[ 0.000000] UBSan: Undefined behaviour in ../include/linux/bitops.h:107:33
[ 0.000000] shift exponent 32 is to large for 32-bit type 'unsigned int'
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 3.18.0-rc1+ #64
[ 0.000000] 0000000000000020 0000000000000000 0000000000000000 ffffffff83003c68
[ 0.000000] ffffffff82add58a 000000000000009f 0000000000000020 ffffffff83003c78
[ 0.000000] ffffffff819a4519 ffffffff83003d28 ffffffff819a4a05 ffffffff82df889d
[ 0.000000] Call Trace:
[ 0.000000] dump_stack (/home/andrew/linux/ubsan_x86//lib/dump_stackc:52)
[ 0.000000] ubsan_epilogue (/home/andrew/linux/ubsan_x86//lib/ubsanc:159)
[ 0.000000] __ubsan_handle_shift_out_of_bounds (/home/andrew/linux/ubsan_x86//lib/ubsanc:458)
[ 0.000000] ? dmi_string_nosave (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:51)
[ 0.000000] ? dmi_string (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:72)
[ 0.000000] ? dmi_save_ident (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:159)
[ 0.000000] _mix_pool_bytes (/home/andrew/linux/ubsan_x86//include/linux/bitopsh:107 /home/andrew/linux/ubsan_x86//drivers/char/randomc:509)
[ 0.000000] ? dmi_decode (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:376)
[ 0.000000] ? dmi_walk_early (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:127)
[ 0.000000] add_device_randomness (/home/andrew/linux/ubsan_x86//drivers/char/randomc:747)
[ 0.000000] ? dmi_save_one_device (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:375)
[ 0.000000] ? dmi_save_one_device (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:375)
[ 0.000000] dmi_walk_early (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:127)
[ 0.000000] dmi_present (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:497)
[ 0.000000] dmi_scan_machine (/home/andrew/linux/ubsan_x86//drivers/firmware/dmi_scanc:555)
[ 0.000000] setup_arch (/home/andrew/linux/ubsan_x86//arch/x86/kernel/setupc:1022)
[ 0.000000] ? printk (/home/andrew/linux/ubsan_x86//kernel/printk/printkc:1849)
[ 0.000000] ? early_idt_handlers (/home/andrew/linux/ubsan_x86//arch/x86/kernel/head_64S:344)
[ 0.000000] start_kernel (/home/andrew/linux/ubsan_x86//include/linux/bitmaph:162 /home/andrew/linux/ubsan_x86//include/linux/cpumaskh:333
/home/andrew/linux/ubsan_x86//include/linux/mm_typesh:464 /home/andrew/linux/ubsan_x86//init/mainc:532)
[ 0.000000] ? early_idt_handlers (/home/andrew/linux/ubsan_x86//arch/x86/kernel/head_64S:344)
[ 0.000000] x86_64_start_reservations (/home/andrew/linux/ubsan_x86//arch/x86/kernel/head64c:194)
[ 0.000000] x86_64_start_kernel (/home/andrew/linux/ubsan_x86//arch/x86/kernel/head64c:183)
[ 0.000000] ================================================================================
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/