lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <86802c440802070111o5a4bc700g75a0693f8307d766@mail.gmail.com>
Date:	Thu, 7 Feb 2008 01:11:19 -0800
From:	"Yinghai Lu" <yhlu.kernel@...il.com>
To:	"Ingo Molnar" <mingo@...e.hu>
Cc:	"Balaji Rao" <balajirrao@...il.com>, linux-kernel@...r.kernel.org,
	"Thomas Gleixner" <tglx@...utronix.de>, jesse.barnes@...el.com,
	ak@...e.de, "Harvey Harrison" <harvey.harrison@...il.com>
Subject: Re: [PATCH][Regression] x86, 32-bit: trim memory not covered by wb mtrrs - FIX

On Feb 7, 2008 1:04 AM, Ingo Molnar <mingo@...e.hu> wrote:
>
> * Yinghai Lu <yhlu.kernel@...il.com> wrote:
>
> > minor difference
> > +               trim_start = highest_pfn << PAGE_SHIFT;
> > +               trim_size = end_pfn << PAGE_SHIFT;
> >
> > could cause some problem with 32 bit kernel when mem > 4g. becase
> > highest_pfn and end_pfn is unsigned long aka 32 bit ...could overflow.
> >
> > so need to assign thtem to tr, 32-bitim_start/trim_end at first
> > or
> > +               trim_start = (u64)highest_pfn << PAGE_SHIFT;
> > +               trim_size = (u64)end_pfn << PAGE_SHIFT;
>
> indeed ...
>
> i think the 64-bit behavior of gcc is inherently dangerous, we had
> numerous subtle bugs in that area.
>
> i think perhaps Sparse should be extended to warn about this. I think
> any case where on _32-bit_ we have an 'unsigned long' that is shifted to
> the left by any significant amount is clearly in danger of overflowing.
> _Especially_ when the lvalue is 64-bit!
>
> or in other words, on any such construct:
>
>    64-bit lvalue = ... 32-bit value
>
> we should enforce _explicit_ (u64) conversions.

so you mean gcc will do some optimization to make

+               trim_start = highest_pfn;
+               trim_start <<= PAGE_SHIFT;

to be

+               trim_start = highest_pfn << PAGE_SHIFT;

looks scary...

then gcc need to be fixed.

YH
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ