| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Feb 2018 08:44:49 +0100
From: Mathieu Malaterre <malat@...ian.org>
To: Christophe LEROY <christophe.leroy@....fr>
Cc: Michael Ellerman <mpe@...erman.id.au>,
LKML <linux-kernel@...r.kernel.org>,
Paul Mackerras <paulus@...ba.org>,
Jiri Slaby <jslaby@...e.com>,
linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>
Subject: Re: [PATCH 06/21] powerpc: Avoid comparison of unsigned long >= 0 in __access_ok
On Mon, Feb 26, 2018 at 7:50 AM, Christophe LEROY
<christophe.leroy@....fr> wrote:
>
>
> Le 26/02/2018 à 07:34, Christophe LEROY a écrit :
>>
>>
>>
>> Le 25/02/2018 à 18:22, Mathieu Malaterre a écrit :
>>>
>>> Rewrite check size - 1 <= Y as size < Y since `size` is unsigned value.
>>> Fix warning (treated as error in W=1):
>>>
>>> CC arch/powerpc/kernel/signal_32.o
>>> In file included from ./include/linux/uaccess.h:14:0,
>>> from ./include/asm-generic/termios-base.h:8,
>>> from ./arch/powerpc/include/asm/termios.h:20,
>>> from ./include/uapi/linux/termios.h:6,
>>> from ./include/linux/tty.h:7,
>>> from arch/powerpc/kernel/signal_32.c:36:
>>> ./include/asm-generic/termios-base.h: In function
>>> ‘user_termio_to_kernel_termios’:
>>> ./arch/powerpc/include/asm/uaccess.h:52:35: error: comparison of unsigned
>>> expression >= 0 is always true [-Werror=type-limits]
>>> (((size) == 0) || (((size) - 1) <= ((segment).seg - (addr)))))
>>> ^
>>> ./arch/powerpc/include/asm/uaccess.h:58:3: note: in expansion of macro
>>> ‘__access_ok’
>>> __access_ok((__force unsigned long)(addr), (size), get_fs()))
>>> ^~~~~~~~~~~
>>> ./arch/powerpc/include/asm/uaccess.h:262:6: note: in expansion of macro
>>> ‘access_ok’
>>> if (access_ok(VERIFY_READ, __gu_addr, (size))) \
>>> ^~~~~~~~~
>>> ./arch/powerpc/include/asm/uaccess.h:80:2: note: in expansion of macro
>>> ‘__get_user_check’
>>> __get_user_check((x), (ptr), sizeof(*(ptr)))
>>> ^~~~~~~~~~~~~~~~
>>> ./include/asm-generic/termios-base.h:36:6: note: in expansion of macro
>>> ‘get_user’
>>> if (get_user(termios->c_line, &termio->c_line) < 0)
>>> ^~~~~~~~
>>> [...]
>>> cc1: all warnings being treated as errors
>>>
>>> Signed-off-by: Mathieu Malaterre <malat@...ian.org>
>>> ---
>>> arch/powerpc/include/asm/uaccess.h | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/arch/powerpc/include/asm/uaccess.h
>>> b/arch/powerpc/include/asm/uaccess.h
>>> index 51bfeb8777f0..fadc406bd39d 100644
>>> --- a/arch/powerpc/include/asm/uaccess.h
>>> +++ b/arch/powerpc/include/asm/uaccess.h
>>> @@ -49,7 +49,7 @@
>>> #define __access_ok(addr, size, segment) \
>>> (((addr) <= (segment).seg) && \
>>> - (((size) == 0) || (((size) - 1) <= ((segment).seg - (addr)))))
>>> + (((size) == 0) || ((size) < ((segment).seg - (addr)))))
>>
>>
>> IIUC, ((2 - 1) <= 1) is the same as (2 < 1) ?????
>
The whole series was pretty mediocre, but this one was actually pretty
destructive. Thanks for catching this.
>
> Note that I already try to submit a fix for this warning 3 years ago
> (https://patchwork.ozlabs.org/patch/418075/) and it was rejected with the
> following comment:
>
> Again, I don't think Linux enables this warning. What did you do to
> produce this? In any case, it's a bad warning that doesn't take macros
> into account, and the answer is not to make the code less clear by hiding
> the fact that zero is a special case.
Right. I'll try to see how to make W=1 run without error with an
alternate solution.
> Christophe
>
>
>>
>> Christophe
>>
>>> #endif
>>>
>
Powered by blists - more mailing lists