lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.0.98.0704202040150.16687@sigma.j-a-k-j.com>
Date:	Fri, 20 Apr 2007 20:55:49 -0400 (EDT)
From:	"John Anthony Kazos Jr." <jakj@...-k-j.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
cc:	James Bottomley <James.Bottomley@...elEye.com>,
	"Cameron, Steve" <Steve.Cameron@...com>,
	"Miller, Mike (OS Dev)" <Mike.Miller@...com>,
	Hisashi Hifumi <hifumi.hisashi@....ntt.co.jp>,
	jens.axboe@...cle.com, linux-kernel@...r.kernel.org,
	linux-scsi@...r.kernel.org, trivial@...nel.org
Subject: [PATCH] utilities: add helper functions for safe 64-bit integer
 operations as 32-bit halves

From: John Anthony Kazos Jr. <jakj@...-k-j.com>

Add helper functions "upper_32_bits" and "lower_32_bits" to 
<include/linux/kernel.h> to allow 64-bit integers to be separated into 
their 32-bit upper and lower halves without promoting integers, without 
stretching sign bits, and without generating compiler warnings when used 
with any integer not greater than 64 bits wide. High-order bits are 
assumed to be zero for integers with fewer than 64 of them.

Signed-off-by: John Anthony Kazos Jr. <jakj@...-k-j.com>

---

Using these functions with signed quantities is an error, especially if 
you read a 32-bit quantity from disk that happens to have the high bit set 
into an int on a 32-bit machine, then use it with a function taking a u64 
which screws your data. When switching to using these functions, it's a 
good opportunity to check for these signedness errors. (Haven't we learned 
anything over the past decades of computing about assuming that one little 
bit doesn't matter?)

Not sure exactly whom the maintainer is for this, so I added 
trivial@...nel.org. It's certainly not limited to one subsystem anymore, 
and converting the whole kernel to this could be a good step for 
readability and correctness across architectures of any word size.

--- linux-2.6.21-rc7-git4.orig/include/linux/kernel.h	2007-04-20 20:22:13.000000000 -0400
+++ linux-2.6.21-rc7-git4.mod/include/linux/kernel.h	2007-04-20 20:37:41.000000000 -0400
@@ -40,6 +40,23 @@ extern const char linux_proc_banner[];
 #define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d))
 #define roundup(x, y) ((((x) + ((y) - 1)) / (y)) * (y))
 
+/**
+ * lower_32_bits, upper_32_bits - separate the halves of a 64-bit integer
+ * @n: the integer to separate
+ *
+ * Separate a 64-bit integer into its upper and lower 32-bit halves.
+ * Designed to avoid integer promotions and compiler warnings when used
+ * with smaller integers, in which case the missing bits are assumed to
+ * be zero. Designed to treat integers as unsigned whether or not they
+ * really are. (If you are using these with signed integers, your code
+ * is almost certainly wrong. The cast is good for people too lazy to
+ * type "unsigned" in their code, since breaking things is bad.)
+ *
+ * These assume the integer used is NOT greater than 64 bits wide.
+ */
+#define upper_32_bits(n) (sizeof(n) == 8 ? (u64)(n) >> 32 : 0)
+#define lower_32_bits(n) (sizeof(n) == 8 ? (u32)(n) : (n))
+
 #define	KERN_EMERG	"<0>"	/* system is unusable			*/
 #define	KERN_ALERT	"<1>"	/* action must be taken immediately	*/
 #define	KERN_CRIT	"<2>"	/* critical conditions			*/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ