Looking at the code this issue seems to be introduced by `UBUNTU: SAUCE:
modpost: support arbitrary symbol length in modversion` and the UBSAN
warning tells us that accessing vers->name[0] could be an out-of-bounds
access.
The struct modversion_info contains a flexibile array (name), that is
correctly defined as the last member of the struct, and its size is
allocated dynamically at runtime, so I would expect that vars->name[0]
is always allocated, unless vars is not initialized properly or there's
an empty name.
So, my guess is that UBSAN isn't really happy about the flexible array
and this is just a false positive.
However, to be 100% sure that we are not actually doing and out-of-bound
access and prevent the warning, we could apply something like the
following on top of our SAUCE patch:
diff --git a/arch/powerpc/kernel/module_64.c b/arch/powerpc/kernel/module_64.c
index 195714fc6e22..1f5960e25758 100644
--- a/arch/powerpc/kernel/module_64.c
+++ b/arch/powerpc/kernel/module_64.c
@@ -350,6 +350,8 @@ static void dedotify_versions(struct modversion_info *vers,
struct modversion_info *end = (void *)vers + size;
for (; vers < end && vers->next; vers = (void *)vers + vers->next) {
+ if (size <= offsetof(struct modversion_info, name))
+ continue;
if (vers->name[0] == '.') {
memmove(vers->name, vers->name+1, strlen(vers->name));
}
In this case even if (for any reason) vars->name[] is an empty string we can
prevent the out-of-bound access and make UBSAN happy.
Opinions?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2059237
Title:
[Ubuntu-24.04] "array-index-out-of-bounds" error is observed after
every reboot
Status in The Ubuntu-power-systems project:
Confirmed
Status in linux package in Ubuntu:
Confirmed
Bug description:
== Comment:- Kowshik Jois B S ==
---Problem Description---
Below trace messges are observed in dmesg after every reboot.
[ 0.474287] integrity: Unable to open file: /etc/keys/x509_evm.der (-2)
[ 0.475750] Freeing unused kernel image (initmem) memory: 8832K
[ 0.507388] Checked W+X mappings: passed, no W+X pages found
[ 0.507400] Run /init as init process
[ 0.507403] with arguments:
[ 0.507404] /init
[ 0.507405] with environment:
[ 0.507406] HOME=/
[ 0.507407] TERM=linux
[ 0.507408] BOOT_IMAGE=/vmlinux-6.8.0-11-generic
[ 0.511892] ------------[ cut here ]------------
[ 0.511904] UBSAN: array-index-out-of-bounds in
/build/linux-MzA0lF/linux-6.8.0/arch/powerpc/kernel/module_64.c:353:17
[ 0.511909] index 0 is out of range for type 'char [*]'
[ 0.511912] CPU: 13 PID: 1 Comm: systemd Not tainted 6.8.0-11-generic
#11-Ubuntu
[ 0.511917] Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006
of:IBM,FW1060.00 (NH1060_013) hv:phyp pSeries
[ 0.511921] Call Trace:
[ 0.511922] [c000000006683620] [c0000000016b2f28] dump_stack_lvl+0x70/0xb4
(unreliable)
[ 0.511931] [c000000006683650] [c000000000c7bc58]
__ubsan_handle_out_of_bounds+0xc4/0x12c
[ 0.511938] [c000000006683700] [c00000000005d2a8]
module_frob_arch_sections+0x4ec/0x8d0
[ 0.511943] [c0000000066837e0] [c0000000002b98cc]
layout_and_allocate.isra.0+0x38/0x2a8
[ 0.511948] [c000000006683850] [c0000000002b9dec] load_module+0x138/0xca0
[ 0.511953] [c000000006683990] [c0000000002baca8]
init_module_from_file+0xb4/0x14c
[ 0.511958] [c000000006683a70] [c0000000002baf70]
sys_finit_module+0x230/0x48c
[ 0.511963] [c000000006683b80] [c000000000033248]
system_call_exception+0xe8/0x240
[ 0.511967] [c000000006683e50] [c00000000000d15c]
system_call_vectored_common+0x15c/0x2ec
[ 0.511972] --- interrupt: 3000 at 0x7879b903b8a8
[ 0.511977] NIP: 00007879b903b8a8 LR: 0000000000000000 CTR:
0000000000000000
[ 0.511980] REGS: c000000006683e80 TRAP: 3000 Not tainted
(6.8.0-11-generic)
[ 0.511984] MSR: 800000000000f033 <SF,EE,PR,FP,ME,IR,DR,RI,LE> CR:
48222428 XER: 00000000
[ 0.511993] IRQMASK: 0
GPR00: 0000000000000161 00007fffd683b580 00007879b9166d00
0000000000000004
GPR04: 00007879b8e0c160 0000000000000004 0000000000000010
0000000000000004
GPR08: 0000000000000001 0000000000000000 0000000000000000
0000000000000000
GPR12: 0000000000000000 00007879b99d3a00 0000000020000000
0000000000020000
GPR16: 0000000000000000 0000000000000000 00001b5c7d7453e0
00007fffd683ba68
GPR20: 0000000000000000 0000000000000000 00001b5c82154ae0
00001b5c82142360
GPR24: 00007879b957f7b0 00001b5c82154ae0 0000000000000000
00001b5c82142160
GPR28: 00007879b8e0c160 0000000000020000 00001b5c82154ae0
00001b5c82142380
[ 0.512029] NIP [00007879b903b8a8] 0x7879b903b8a8
[ 0.512032] LR [0000000000000000] 0x0
[ 0.512034] --- interrupt: 3000
[ 0.512036] ---[ end trace ]---
[ 0.518326] systemd[1]: Inserted module 'autofs4'
[ 0.521570] systemd[1]: systemd 255.2-3ubuntu2 running in system mode
(+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL
+ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP
+LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD
-BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 0.521583] systemd[1]: Detected virtualization powervm.
[ 0.521589] systemd[1]: Detected architecture ppc64-le.
[ 0.521593] systemd[1]: Running in initrd.
[ 0.521743] systemd[1]: No hostname configured, using default hostname.
[ 0.521789] systemd[1]: Hostname set to <localhost>.
[ 0.521847] systemd[1]: Initializing machine ID from random generator.
[ 0.600736] systemd[1]: Queued start job for default target initrd.target.
Machine Type = P10 LPAR
Contact Information = Kowshik Jois B S [email protected]
---Steps to Reproduce---
1. reboot the system
2. Once the system is booted back, look at dmesg
---uname output---
Linux ubuntu2404 6.8.0-11-generic #11-Ubuntu SMP Wed Feb 14 00:33:03 UTC 2024
ppc64le ppc64le ppc64le GNU/Linux
Additional Information:
Same trace messages are seen on L2 guest as well.
== Comment: - Kowshik Jois B S ==
Hello Likhitha,
The ubuntu bug
https://bugs.launchpad.net/ubuntu/+source/virtinst/+bug/2055126 was
created for tracking a different issue which is resolved. I just
posted a question about this issue as well at the end. But its been 20
days and we haven't heard anything back on that. Also, the bug is
already closed. So I think it makes sense to initiate a new discussion
with ubuntu on this issue.
Earlier I had initiated a discussion through
https://bugs.launchpad.net/ubuntu/+bug/2052767 but no updates on that
one as well till now.
As you mentioned, compiled upstream kernel by disabling the UBSAN in the
config. As expected I am not seeing the issue is getting recreated anymore with
that.
But the ubuntu ISO will have this configs enabled by default and we
will still see this issue on ubuntu default kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/2059237/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
