lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 12 Jun 2011 22:52:17 -0400
From:	Andrew Lutomirski <luto@....edu>
To:	Rakib Mullick <rakib.mullick@...il.com>
Cc:	mingo@...e.hu, hpa@...or.com, tglx@...utronix.de, x86@...nel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86, vsyscall: Fix build warning in vsyscall_64.c

On Sun, Jun 12, 2011 at 1:12 AM, Rakib Mullick <rakib.mullick@...il.com> wrote:
> On Sat, Jun 11, 2011 at 5:01 PM, Andrew Lutomirski <luto@....edu> wrote:
>> On Sat, Jun 11, 2011 at 3:31 AM, Rakib Mullick <rakib.mullick@...il.com> wrote:
>>> Due to commit 5cec93c216db77 (x86-64: Emulate legacy vsyscalls), we get the following warning:
>>>
>>>   arch/x86/kernel/vsyscall_64.c: In function ‘do_emulate_vsyscall’:
>>>   arch/x86/kernel/vsyscall_64.c:111:7: warning: ‘ret’ may be used uninitialized in this function
>>
>> What's the code path that uses ret without initializing it?
>>
> In case of, vsyscall_nr is default it might gets uninitialized. And
> current code already treats it as a bug.
>
>>> -       if (ret == -EFAULT) {
>>> +       if (ret == -EFAULT || ret == -EINVAL) {
>>>                /*
>>>                 * Bad news -- userspace fed a bad pointer to a vsyscall.
>>>                 *
>>
>> EINVAL doesn't seem like grounds to fault.  (I'm not sure how to get
>> EINVAL from time, gettimeofday, or getcpu, but in case there is, we
>> should return it back to userspace.)
>>
> If ret = EINVAL, then it means vsyscall_nr doesn't any of
> gettimeofday, time or getcpu. So, I grounds it into fault. In case of
> gettimeofday, EINVAL may gets return. But, maybe not in case of time
> or getcpu. So, maybe we need to check EINVAL in case of gettimeofday
> and maybe should separate EINVAL and EFAULT.

I think there are three separate issues here:

1. Can ret be used uninitialized?  I say no, even as seen by the
compiler.  If vsyscall_nr is 0, 1, or 2, then ret is initialized.  If
vsyscall_nr is 3, then the BUG gets hit.  BUG is defined as some
assembly magic followed by unreachable(), and the compiler is supposed
to know that code after unreachable() is qunreachable.  So how can ret
be used uninitialized?

What version of gcc do you have?  gcc (GCC) 4.6.0 20110530 (Red Hat
4.6.0-9) does not produce this warning.

2. Is the BUG correct?  I say yes.  vsyscall_nr can only be 0, 1, 2,
or 3 (see the function that generates it), and the only way that 3
could happen is if regs->ip == 0xffffffffff600c02.  That can't happen
because the instruction at ...601 is int3.

3. Should the test for EFAULT be changed to EINVAL?  I can't see why.
We need to preserve userspace ABI, and userspace expects vsyscalls
that fail for reasons other than a fault to return an error, not
segfault the caller.

Note that regs->as *is* the return value, so we're not ignoring errors.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ