Commit 9a50dcaf authored by Peter Zijlstra's avatar Peter Zijlstra Committed by Ingo Molnar
Browse files

ubsan, x86: Annotate and allow __ubsan_handle_shift_out_of_bounds() in uaccess regions 



The new check_zeroed_user() function uses variable shifts inside of a
user_access_begin()/user_access_end() section and that results in GCC
emitting __ubsan_handle_shift_out_of_bounds() calls, even though
through value range analysis it would be able to see that the UB in
question is impossible.

Annotate and whitelist this UBSAN function; continued use of
user_access_begin()/user_access_end() will undoubtedly result in
further uses of function.

Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
Tested-by: default avatarRandy Dunlap <rdunlap@infradead.org>
Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: default avatarRandy Dunlap <rdunlap@infradead.org>
Acked-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: cyphar@cyphar.com
Cc: keescook@chromium.org
Cc: linux@rasmusvillemoes.dk
Fixes: f5a1a536 ("lib: introduce copy_struct_from_user() helper")
Link: https://lkml.kernel.org/r/20191021131149.GA19358@hirez.programming.kicks-ass.net


Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
parent 0f42c1ad

lib/ubsan.c

+4 −1
Original line number Diff line number Diff line
@@ -374,9 +374,10 @@ void __ubsan_handle_shift_out_of_bounds(struct shift_out_of_bounds_data *data, 
	struct type_descriptor *lhs_type = data->lhs_type;

	char rhs_str[VALUE_LENGTH];

	char lhs_str[VALUE_LENGTH];

	unsigned long ua_flags = user_access_save();



	if (suppress_report(&data->location))

		return;

		goto out;



	ubsan_prologue(&data->location, &flags);
@@ -402,6 +403,8 @@ void __ubsan_handle_shift_out_of_bounds(struct shift_out_of_bounds_data *data, 
			lhs_type->type_name);



	ubsan_epilogue(&flags);

out:

	user_access_restore(ua_flags);

}

EXPORT_SYMBOL(__ubsan_handle_shift_out_of_bounds);

tools/objtool/check.c

+1 −0
Original line number Diff line number Diff line
@@ -481,6 +481,7 @@ static const char *uaccess_safe_builtin[] = { 
	"ubsan_type_mismatch_common",

	"__ubsan_handle_type_mismatch",

	"__ubsan_handle_type_mismatch_v1",

	"__ubsan_handle_shift_out_of_bounds",

	/* misc */

	"csum_partial_copy_generic",

	"__memcpy_mcsafe",

CRA Git | Maintained and supported by SUSTech CRA and CCSE