search

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
Other
82 stars 5 forks source link

UBSAN: signed-integer-overflow in ../kernel/time/ntp.c:461:16 #354

Closed JustinStitt closed 1 month ago

JustinStitt commented 4 months ago 
[  138.454979] ------------[ cut here ]------------
[  138.458089] UBSAN: signed-integer-overflow in ../kernel/time/ntp.c:461:16
[  138.462134] 9223372036854775807 + 500 cannot be represented in type 'long'
[  138.466234] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.8.0-rc2-00038-gc0a509640e93-dirty #10
[  138.471498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  138.477110] Call Trace:
[  138.478657]  <IRQ>
[  138.479964]  dump_stack_lvl+0x93/0xd0
[  138.482276]  handle_overflow+0x171/0x1b0
[  138.484699]  second_overflow+0x2d6/0x500
[  138.487133]  accumulate_nsecs_to_secs+0x60/0x160
[  138.489931]  timekeeping_advance+0x1fe/0x890
[  138.492535]  update_wall_time+0x10/0x30
[  138.494876]  tick_irq_enter+0xca/0x160
[  138.497163]  sysvec_apic_timer_interrupt+0x61/0x80
[  138.500119]  </IRQ>
[  138.501470]  <TASK>
[  138.502861]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  138.505948] RIP: 0010:default_idle+0x13/0x20
[  138.508541] Code: 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 3e 29 00 f3 0f 1e fa fb f4 <fa> c3 cc cc cc cc cc 66 0f 1f 44 00 0
[  138.519546] RSP: 0018:ffffffff9ee07e70 EFLAGS: 00000206
[  138.522689] RAX: ffff88806d234168 RBX: ffffffff9ee14e00 RCX: ffffffff9e18bbd1
[  138.526929] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 000000000003b5c4
[  138.531203] RBP: 0000000000000000 R08: ffff88806d23416b R09: 1ffff1100da4682d
[  138.535435] R10: dffffc0000000000 R11: ffffed100da4682e R12: 0000000000000000
[  138.539637] R13: 1ffffffff3dc29c0 R14: ffffffff9f5ee568 R15: dffffc0000000000
[  138.543858]  ? ct_kernel_exit+0xa1/0xe0
[  138.546205]  default_idle_call+0x37/0x60
[  138.548628]  do_idle+0x138/0x3b0
[  138.550671]  cpu_startup_entry+0x43/0x60
[  138.553047]  rest_init+0x110/0x130
[  138.555143]  ? __pfx_x86_late_time_init+0x10/0x10
[  138.558038]  arch_call_rest_init+0xe/0x10
[  138.560480]  start_kernel+0x3b6/0x410
[  138.562722]  x86_64_start_reservations+0x24/0x30
[  138.565525]  x86_64_start_kernel+0xb0/0xc0
[  138.568048]  secondary_startup_64_no_verify+0x16e/0x17b
[  138.571179]  </TASK>
[  138.572570] ---[ end trace ]---
JustinStitt commented 4 months ago

~patch: https://lore.kernel.org/r/20240507-b4-sio-ntp-usec-v1-1-15003fc9c2b4@google.com~ [PATCH v2] ntp: remove accidental integer wrap-around