Looking at the code this issue seems to be introduced by `UBUNTU: SAUCE:
modpost: support arbitrary symbol length in modversion` and the UBSAN
warning tells us that accessing vers->name[0] could be an out-of-bounds
access.
The struct modversion_info contains a flexibile array (name), that is
correctly defined as the last member of the struct, and its size is
allocated dynamically at runtime, so I would expect that vars->name[0]
is always allocated, unless vars is not initialized properly or there's
an empty name.
So, my guess is that UBSAN isn't really happy about the flexible array
and this is just a false positive.
However, to be 100% sure that we are not actually doing and out-of-bound
access and prevent the warning, we could apply something like the
following on top of our SAUCE patch:
diff --git a/arch/powerpc/kernel/module_64.c b/arch/powerpc/kernel/module_64.c
index 195714fc6e22..1f5960e25758 100644
--- a/arch/powerpc/kernel/module_64.c
+++ b/arch/powerpc/kernel/module_64.c
@@ -350,6 +350,8 @@ static void dedotify_versions(struct modversion_info *vers,
struct modversion_info *end = (void *)vers + size;
for (; vers < end && vers->next; vers = (void *)vers + vers->next) {
+ if (size <= offsetof(struct modversion_info, name))
+ continue;
if (vers->name[0] == '.') {
memmove(vers->name, vers->name+1, strlen(vers->name));
}
In this case even if (for any reason) vars->name[] is an empty string we can
prevent the out-of-bound access and make UBSAN happy.
Opinions?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059237
Title:
[Ubuntu-24.04] "array-index-out-of-bounds" error is observed after
every reboot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/2059237/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
