lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 14 Oct 2010 17:36:33 +0200
From:	Borislav Petkov <bp@...64.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Randy Dunlap <randy.dunlap@...cle.com>,
	lkml <linux-kernel@...r.kernel.org>,
	Doug Thompson <dougthompson@...ssion.com>,
	akpm <akpm@...ux-foundation.org>, linux-arch@...r.kernel.org
Subject: Re: [PATCH] bitops.h: Widen BIT macro to support 64-bit types

From: Linus Torvalds <torvalds@...ux-foundation.org>
Date: Thu, Oct 14, 2010 at 08:03:17AM -0700

> On Thu, Oct 14, 2010 at 3:58 AM, Borislav Petkov <bp@...64.org> wrote:
> >>
> >> Ok, so BIT() should be fixed to work with the largest type available,
> >> IMHO. Let me cook up something.
> >
> > Maybe something like the following. Build-tested with the crosstool
> > (http://www.kernel.org/pub/tools/crosstool) on the following arches:
> > alpha blackfin cris hppa64 ia64 mips64 sparc.
> >
> > Any objections?
> 
> Yeah. I object. I have no idea what this will change for everything
> else that expects bitops to work on unsigned long values.
> 
> I really think that the bug is not in the BIT() definition, but in the
> use. If somebody wants a non-unsigned-long bit field, they had better
> not use bitops.h.
> 
> And no, just changing the BIT() macro to return a 64-bit value is
> _not_ trivially safe. Due to C type rules, now all arithmetic using
> BIT() will suddenly be 64-bit, which is often *much* slower, and can
> introduce real bugs.
> 
> On many architectures, a 64-bit non-constant shift will even end up
> being a function call. And if the thing is used in a varargs function,
> the argument layout will be totally different. We've also had several
> issues with 64-bit types and switch() statements, for example. And a
> quick grep for '\<BIT(' shows that non-constant cases are not unheard
> of, and there's a lot of random use where it is not at all obvious
> that it's safe (because it's used for defining other defines).

Concerning safety, I actually had a version which did check the bit
number supplied as an arg for overflowing but this failed when using
BIT() in struct initializers:

	.struct_member = { BIT(bla) }

But thanks for the detailed explanation! This makes perfect sense; it
was too much wishful thinking on my part to assume that a ULL BIT()
would be fine after checking that all arches support the unsigned 64-bit
type.

I'm much better off with a local BIT_64() or similar, definition.

Thanks.

-- 
Regards/Gruss,
Boris.

Advanced Micro Devices GmbH
Einsteinring 24, 85609 Dornach
General Managers: Alberto Bozzo, Andrew Bowd
Registration: Dornach, Gemeinde Aschheim, Landkreis Muenchen
Registergericht Muenchen, HRB Nr. 43632
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ