commit 34fa7929255679496607598abcb58adcd99f2c88 Author: maxv Date: Fri Aug 31 15:15:23 2018 +0000 Fix buffer overflow, detected by kASan. ifconfig gif0 create ifconfig gif0 up [ 50.682919] kASan: Unauthorized Access In 0xffffffff80f22655: Addr 0xffffffff81b997a0 [8 bytes, read] [ 50.682919] #0 0xffffffff8021ce6a in kasan_memcpy [ 50.692999] #1 0xffffffff80f22655 in m_copyback_internal [ 50.692999] #2 0xffffffff80f22e81 in m_copyback [ 50.692999] #3 0xffffffff8103109a in rt_msg1 [ 50.692999] #4 0xffffffff8159109a in compat_70_rt_newaddrmsg1 [ 50.692999] #5 0xffffffff81031b0f in rt_newaddrmsg [ 50.692999] #6 0xffffffff8102c35e in rt_ifa_addlocal [ 50.692999] #7 0xffffffff80a5287c in in6_update_ifa1 [ 50.692999] #8 0xffffffff80a54149 in in6_update_ifa [ 50.692999] #9 0xffffffff80a59176 in in6_ifattach [ 50.692999] #10 0xffffffff80a56dd4 in in6_if_up [ 50.692999] #11 0xffffffff80fc5cb8 in if_up_locked [ 50.703622] #12 0xffffffff80fcc4c1 in ifioctl_common [ 50.703622] #13 0xffffffff80fde694 in gif_ioctl [ 50.703622] #14 0xffffffff80fcdb1f in doifioctl commit 3468105e07d0e50acc6edb217064a67c0353198c Author: maxv Date: Thu Aug 23 11:53:15 2018 +0000 Fix buffer overflow, detected by kASan. [ 1.044878] kASan: Unauthorized Access In 0xffffffff804ec7e2: Addr 0xffffffff818a51e4 [2 bytes, read] [ 1.044878] #0 0xffffffff804ec7e2 in mskc_probe [ 1.044878] #1 0xffffffff80e92a77 in mapply [ 1.044878] #2 0xffffffff80e92e5f in config_search_loc [ 1.044878] #3 0xffffffff80e93fb5 in config_found_sm_loc [ 1.044878] #4 0xffffffff802ca9ea in pci_probe_device [ 1.044878] #5 0xffffffff802cad97 in pci_enumerate_bus [ 1.044878] #6 0xffffffff802caf00 in pcirescan [ 1.044878] #7 0xffffffff802cb1ee in pciattach [ 1.044878] #8 0xffffffff80e93e5b in config_attach_loc [ 1.044878] #9 0xffffffff80e93fce in config_found_sm_loc [ 1.044878] #10 0xffffffff80271212 in mp_pci_scan [ 1.044878] #11 0xffffffff8022d9ee in mainbus_attach [ 1.044878] #12 0xffffffff80e93e5b in config_attach_loc [ 1.044878] #13 0xffffffff8021e38b in cpu_configure [ 1.044878] #14 0xffffffff814a7068 in main commit 05ca727d38b1d51819ce3c5fc6ab53ee17226a6f Author: kamil Date: Thu Jul 26 00:33:26 2018 +0000 Avoid undefined behavior in snprintb.c Do not change the signedness bit with a left shift operation. Switch to unsigned integer to prevent this. snprintb.c:178:17, left shift of 1 by 31 places cannot be represented in type 'int' Detected with micro-UBSan in the user mode. commit 2c45c7704776e8b59fad43274a19467106b127eb Author: kamil Date: Thu Jul 26 00:20:41 2018 +0000 Avoid undefined behavior in an inet_addr.c Do not change the signedness bit with a left shift operation. Cast to unsigned integer to prevent this. inet_addr.c:218:20, left shift of 131 by 24 places cannot be represented in type 'int' Detected with micro-UBSan in the user mode. commit 30542793e754a49ecb57550d37f84cca2e21c997 Author: kamil Date: Thu Jul 26 00:13:19 2018 +0000 Avoid undefined behavior in an cpuset.c Do not change the signedness bit with a left shift operation. Switch to unsigned integer to prevent this. cpuset.c:112:18, left shift of 1 by 31 places cannot be represented in type 'int' Detected with micro-UBSan in the user mode. commit 3b50f1e15f39fc8b33217ee2f38072465e89f84d Author: kamil Date: Wed Jul 25 22:07:59 2018 +0000 Avoid undefined behavior semantics in msdosfs_fat.c Do not change signedness bit with left shift. While there avoid signed integer overflow. Address both issues with using unsigned type. msdosfs_fat.c:512:42, left shift of 1 by 31 places cannot be represented in type 'int' msdosfs_fat.c:521:44, left shift of 1 by 31 places cannot be represented in type 'int' msdosfs_fat.c:744:14, left shift of 1 by 31 places cannot be represented in type 'int' msdosfs_fat.c:744:24, signed integer overflow: -2147483648 - 1 cannot be represented in type 'int [20]' msdosfs_fat.c:840:13, left shift of 1 by 31 places cannot be represented in type 'int' msdosfs_fat.c:840:36, signed integer overflow: -2147483648 - 1 cannot be represented in type 'int [20]' Detected with micro-UBSan in the user mode. commit 6f0a110f7ca1df9fa53ee900ce248ea89c0a9e86 Author: kamil Date: Mon Jul 9 10:44:44 2018 +0000 Avoid undefined behavior of signedness bit shift in ahcisata_core.c sys/dev/ic/ahcisata_core.c:365:31, left shift of 1 by 31 places cannot be represented in type 'int' sys/dev/ic/ahcisata_core.c:558:16, left shift of 1 by 31 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. This code could be refactored in future and switched to ISSET(9) API, instead of reinventing the common functionality. commit 8592cb1e82b95059e549f0fa3630689512b4983f Author: kamil Date: Sun Jul 8 14:42:52 2018 +0000 Try to avoid signed integer overflow in callout_softclock() The delta operation (c->c_time - ticks) is documented as safe, however it still can cause overflow in narrow case scenarios. Try to avoid overflow/underflow or at least make it less frequent with a direct comparison of c->c_time and tics. Perform the operation of subtraction only when c->c_time > ticks. sys/kern/kern_timeout.c:720:9, signed integer overflow: -2147410738 - 72912 cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Patch suggested by commit 052a27b42e7b1493e6718fec8e60ff55bd608420 Author: kamil Date: Sat Jul 7 21:35:16 2018 +0000 Correct unportable signed integer left shift in i386/amd64 tss code Change the type of IOMAP_INVALOFF to unsigned int. sys/arch/amd64/amd64/machdep.c:518:42, left shift of 65535 by 16 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. commit 63afb008c426c61e29b5e02aa9ba54c8c9120b57 Author: kamil Date: Fri Jul 6 12:19:56 2018 +0000 Remove UB from definition of symbols in i915_reg.h Kernel Undefined Behavior Sanitizer enforces more warnings in build time. This makes the build fatal in the drm/i915 code in: - intel_ddi_put_crtc_pll(), - intel_ddi_clock_get(), - intel_ddi_pll_enable(), - intel_ddi_setup_hw_pll_state(). The error message in all the cases says: error: case label does not reduce to an integer constant Set the type of the value left shifted to unsigned. This change is required to build NetBSD/amd64 with KUBSan. commit 3638b861b4151751cc28a3d2f02b9bed1d56196d Author: kamil Date: Wed Jul 4 18:15:27 2018 +0000 Avoid undefined behavior in lwp_ctl_free() Do not left shift signed integer in a way that the signedness bit is changed. sys/kern/kern_lwp.c:1892:29, left shift of 1 by 31 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Reported by commit bd70fe892e77b9ca69c15516e565ddee38590e18 Author: kamil Date: Wed Jul 4 18:13:01 2018 +0000 Avoid undefined behavior in lwp_ctl_alloc() Do not left shift signed integer in a way that the signedness bit is changed. sys/kern/kern_lwp.c:1849:27, left shift of 1 by 31 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Reported by commit 8a79524a7b25151b47a5abea131908defcca743b Author: kamil Date: Wed Jul 4 17:50:18 2018 +0000 Avoid undefined behavior in mq_send1() Do not shift a signed integer causing change of the signed bit. sys/kern/sys_mqueue.c:881:23, left shift of 1 by 31 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Reported by commit 0a8b6bc81071848eec4ab48019600ea1edb57ff5 Author: kamil Date: Wed Jul 4 17:39:12 2018 +0000 Avoid undefined behavior in mq_recv1() Do not shift a signed integer causing change of the signed bit. sys/kern/sys_mqueue.c:712:24, left shift of 1 by 31 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Reported by commit e7dcef908f90d41afbadfcdf934b7ebff7a7c531 Author: kamil Date: Wed Jul 4 03:17:01 2018 +0000 Avoid undefined behavior in scsipiconf.h in _4ltol() and _4btol() Do not shift (through integer promotion) a signed value in an operation than can change the bit of signedness. sys/dev/scsipi/scsipiconf.h:808:17, left shift of 255 by 24 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Reported by commit 0884db9a37badcb2e3a5cce233033a71694ec195 Author: kamil Date: Wed Jul 4 03:00:46 2018 +0000 Avoid undefined behavior in pciiide macros Cast the 'bytes' argument in PIIX_IDETIM_SET() and PIIX_IDETIM_CLEAR() to unsigned int. This prevents UB because of shifting the bits and changing the bit of signedness. sys/dev/pci/piixide.c:714:11, left shift of 65535 by 16 places cannot be represented in type 'int' sys/dev/pci/piixide.c:720:11, left shift of 32768 by 16 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Reported by commit 2a8c34767d5f6aa182929a25e0f5fb29a894e969 Author: kamil Date: Wed Jul 4 02:19:02 2018 +0000 Avoid undefined behavior in pr_item_notouch_put() Do not left shift a signed integer changing its signedness bit. sys/kern/subr_pool.c:251:30, left shift of 1 by 31 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Reported by commit e446eedf004db41897ddf9e1577586f0276c7dfc Author: kamil Date: Wed Jul 4 02:02:15 2018 +0000 Avoid Undefined Behavior in ffs_clusteracct() Change the type of 'bit' variable from int to unsigned int and use unsigned values consistently. sys/ufs/ffs/ffs_subr.c:336:10, shift exponent -1 is negative Detected with Kernel Undefined Behavior Sanitizer. Reported by commit da5f996a2ae705ca5c24d06fa06ffe54cbb48db1 Author: kamil Date: Wed Jul 4 01:42:37 2018 +0000 Avoid Undefined Behavior in pr_item_notouch_get() Change the type of left shifted integer from signed to unsigned. sys/kern/subr_pool.c:274:13, left shift of 1 by 31 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Reported by commit 6846327c5907a77a85d68dc85cd50d4833bc22f7 Author: kamil Date: Wed Jul 4 01:17:32 2018 +0000 Avoid undefined operation in signed integer shift in MAP_ALIGNED() Cast the shifted byte to unsigned int. sys/uvm/uvm_mmap.c:914:19, left shift of 255 by 24 places cannot be represented in type 'int' Detected with Kernel Undefined Behavior Sanitizer. Reported by commit 2abb674a74545c086ab10c6773aefa3815fc0245 Author: kamil Date: Wed Jul 4 00:35:33 2018 +0000 Paper over Undefined Behavior in in6_control1() Replace calculation of maxexpire (TIME_MAX) with a construct that triggers UB with a one that uses implementation defined semantics. No functional change intended. An attempt to appease KUBSAn. Detected with Kernel Undefined Behavior Sanitizer. Reported by commit 9123efa1ed98112eb5b433e539b437c51b9e846b Author: kamil Date: Tue Jul 3 23:14:57 2018 +0000 Avoid unportable signed integer left shift in fd_unused() Detected with Kernel Undefined Behavior Sanitizer. There were at least a single place reported, for consistency fix all the left bit shift operations. sys/kern/kern_descrip.c:345:2, left shift of 1 by 31 places cannot be represented in type 'int' sys/kern/kern_descrip.c:346:28, left shift of 1 by 31 places cannot be represented in type 'int' Reported by commit ee6dc1a04552b588b5d4a0aeb131f77bb5f7f90f Author: kamil Date: Tue Jul 3 23:11:06 2018 +0000 Avoid unportable signed integer left shift in fd_copy() Detected with Kernel Undefined Behavior Sanitizer. There were at least a single place reported, for consistency fix all the left bit shift operations. sys/kern/kern_descrip.c:1492:3, left shift of 1 by 31 places cannot be represented in type 'int' sys/kern/kern_descrip.c:1493:28, left shift of 1 by 31 places cannot be represented in type 'int' Reported by commit f663a8be71cc4dfb7095f70b8de8a6bf7b280990 Author: kamil Date: Tue Jul 3 22:49:51 2018 +0000 Avoid unportable signed integer left shift in fd_isused() Detected with Kernel Undefined Behavior Sanitizer. sys/kern/kern_descrip.c:188:34, left shift of 1 by 31 places cannot be represented in type 'int' Reported by commit 47f8ad01f81886982b0ba88a3eceed34536ffc0c Author: kamil Date: Tue Jul 3 22:38:33 2018 +0000 Try to appease KUBSan in sys/sys/wait.h in W_EXITCODE() Cast return value that is stored as int to unsigned int in order to appease the << 8 operation. In case of a ret=-1, this cast is papering things over or replacing UB with an implementation specific behavior. There is a reverse operation with the same papering things over: WEXITSTATUS(x) ((int)(((unsigned int)_W_INT(x)) >> 8) & 0xff) No functional change intended. Detected with Kernel Undefined Behavior Sanitizer. Reported by commit f634156b0e6188d101738e23c7ab16390d1ba6f7 Author: kamil Date: Tue Jul 3 12:17:54 2018 +0000 Avoid unportable signed integer left shift in fd_used() Detected with Kernel Undefined Behavior Sanitizer. There were at least a single place reported, for consistency fix all the left bit shift operations. sys/kern/kern_descrip.c:302:26, left shift of 1 by 31 places cannot be represented in type 'int' Reported by commit e7fe41ca9d13d2e96547b9aa4631645cb53bcbe8 Author: kamil Date: Tue Jul 3 11:45:54 2018 +0000 Avoid unportable signed integer left shift in intr_calculatemasks() Detected with Kernel Undefined Behavior Sanitizer. There were at least two places reported, for consistency fix all the left shift bit shift. src/sys/arch/x86/x86/intr.c:339:22, left shift of 1 by 31 places cannot be represented in type 'int' src/sys/arch/x86/x86/intr.c:347:15, left shift of 1 by 31 places cannot be represented in type 'int' Reported by