[Kernel-packages] [Bug 2097824] Re: iBFT iSCSI out-of-bounds shift UBSAN warning

Fri, 28 Feb 2025 03:28:42 -0800 

** Changed in: linux (Ubuntu Noble)
       Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Oracular)
       Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Jammy)
       Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Focal)
       Status: In Progress => Won't Fix

** Changed in: linux (Ubuntu Jammy)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Noble)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Oracular)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2097824

Title:
  iBFT iSCSI out-of-bounds shift UBSAN warning

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Focal:
  Won't Fix
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Noble:
  Fix Committed
Status in linux source package in Oracular:
  Fix Committed
Status in linux source package in Plucky:
  In Progress

Bug description:
  [Impact]
  During an iSCSI boot in an IPv6 environment, `iscsistart` continues to access 
the `/sys/firmware/ibft/ethernetX/subnet-mask` entry, despite subnet masks 
being irrelevant for IPv6. Since the IPv6 prefix length is 64, this leads to a 
negative shift exponent, triggering a UBSAN warning.

  [Fix]
  A commit has been made to fix this issue.
  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07e0d99a2f701123ad3104c0f1a1e66bce74d6e5

  [Test Plan]
  1. Set up a machine with an iSCSI backend in an IPv6-only environment.
  2. Power on the machine and verify that the following error does not occur:
  [  105.283243] UBSAN: shift-out-of-bounds in 
/build/linux-oracle-cD7q0d/linux-oracle-6.8.0/drivers/firmware/iscsi_ibft.c:313:9
  [  105.432609] shift exponent -32 is negative
  [  105.498209] CPU: 106 PID: 2536 Comm: iscsistart Not tainted 
6.8.0-1008-oracle #8-Ubuntu
  [  105.610611] Hardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB 
Tray,2U,E4-2c, BIOS 78016100 04/11/2024
  [  105.749047] Call Trace:
  [  105.794939]  <TASK>
  [  105.832503]  dump_stack_lvl+0x76/0xa0
  [  105.876679]  dump_stack+0x10/0x20
  [  105.916742]  __ubsan_handle_shift_out_of_bounds+0x199/0x370
  [  105.983788]  ibft_attr_show_nic.cold+0x17/0x2c [iscsi_ibft]
  [  106.050817]  iscsi_boot_show_attribute+0x3f/0x70 [iscsi_boot_sysfs]
  [  106.126167]  sysfs_kf_seq_show+0xa7/0x120
  [  106.174475]  kernfs_seq_show+0x27/0x40
  [  106.219654]  seq_read_iter+0x132/0x4b0
  [  106.264824]  kernfs_fop_read_iter+0x34/0x40
  [  106.315190]  vfs_read+0x258/0x390
  [  106.355160]  ksys_read+0x73/0x100
  [  106.395116]  __x64_sys_read+0x19/0x30
  [  106.439234]  x64_sys_call+0x1ada/0x25c0
  [  106.485422]  do_syscall_64+0x7f/0x180
  [  106.529528]  ? srso_alias_return_thunk+0x5/0xfbef5
  [  106.587154]  ? syscall_exit_to_user_mode+0x89/0x260
  [  106.645810]  ? srso_alias_return_thunk+0x5/0xfbef5
  [  106.703424]  ? do_syscall_64+0x8c/0x180
  [  106.749594]  ? srso_alias_return_thunk+0x5/0xfbef5
  [  106.807197]  ? __do_sys_newfstatat+0x44/0x90
  [  106.858552]  ? srso_alias_return_thunk+0x5/0xfbef5
  [  106.916147]  ? syscall_exit_to_user_mode+0x89/0x260
  [  106.974771]  ? srso_alias_return_thunk+0x5/0xfbef5
  [  107.032350]  ? do_syscall_64+0x8c/0x180
  [  107.078488]  ? do_syscall_64+0x8c/0x180
  [  107.124620]  ? exc_page_fault+0x94/0x190
  [  107.171789]  entry_SYSCALL_64_after_hwframe+0x78/0x80
  [  107.232475] RIP: 0033:0x764465a69a61
  [  107.275484] Code: 00 48 8b 15 b9 73 0e 00 f7 d8 64 89 02 b8 ff ff ff ff eb 
bd e8 40 c4 01 00 f3 0f 1e fa 80 3d e5 f5 0e 00 00 74 13 31 c0 0f 05 <48> 3d 00 
f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec
  [  107.500766] RSP: 002b:00007ffc83fa6798 EFLAGS: 00000246 ORIG_RAX: 
0000000000000000
  [  107.591622] RAX: ffffffffffffffda RBX: 00007ffc83fa6840 RCX: 
0000764465a69a61
  [  107.677276] RDX: 0000000000000100 RSI: 00007ffc83fa6840 RDI: 
0000000000000003
  [  107.762929] RBP: 00007ffc83fa6f80 R08: 00005d0f5c8b7fb4 R09: 
0000000000000007
  [  107.848624] R10: 0000000000000000 R11: 0000000000000246 R12: 
00005d0f5c8b7fb4
  [  107.934283] R13: 00007ffc83fa6940 R14: 00005d0f5c8bf650 R15: 
0000000000000003
  [  108.019949]  </TASK>

  [Where problems could occur]
  The patch resolves the UBSAN warning that occurs when accessing the 
`/sys/firmware/ibft/ethernetX/subnet-mask` entry. However, if any regressions 
occur, the entry may display an incorrect value.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2097824/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to