lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20121120004834.GE5060@sgi.com>
Date:	Mon, 19 Nov 2012 18:48:34 -0600
From:	Russ Anderson <rja@....com>
To:	Dan Carpenter <dan.carpenter@...cle.com>
Cc:	Thomas Gleixner <tglx@...utronix.de>,
	Jack Steiner <steiner@....com>,
	Dimitri Sivanich <sivanich@....com>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
	linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
	rja@...ricas.sgi.com
Subject: Re: [patch] x86, UV: integer wrap bug in uv_hub_ipi_value()

On Sat, Nov 17, 2012 at 06:16:11PM +0300, Dan Carpenter wrote:
> This is a static checker fix.  The problem is that we store the bits
> from "uv_apicid_hibits" into "apicid" (the high 16 bits) but then we
> shift it 16 bit to the left.  "apicid" is an int so it wraps and we lose
> them.

Is this the complete patch?  phys_apicid is an int, but gets
cast as unsigned long.  Doesn't phys_apicid also have to be
changed to unsigned long?  And why ulong instead of uint (on x86_64)?

I agree with changing signed to unsigned where appropriate, but
this looks like a partial fix.  Am I missing something?

Thanks.

> Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
> ---
> This is for an SGI product, and I can't test it.
> 
> diff --git a/arch/x86/include/asm/uv/uv_hub.h b/arch/x86/include/asm/uv/uv_hub.h
> index 21f7385..f3a0f91 100644
> --- a/arch/x86/include/asm/uv/uv_hub.h
> +++ b/arch/x86/include/asm/uv/uv_hub.h
> @@ -573,7 +573,7 @@ static inline void uv_set_cpu_scir_bits(int cpu, unsigned char value)
>  }
>  
>  extern unsigned int uv_apicid_hibits;
> -static unsigned long uv_hub_ipi_value(int apicid, int vector, int mode)
> +static unsigned long uv_hub_ipi_value(ulong apicid, ulong vector, ulong mode)
>  {
>  	apicid |= uv_apicid_hibits;
>  	return (1UL << UVH_IPI_INT_SEND_SHFT) |
> diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
> index 8cfade9..6d93b2f 100644
> --- a/arch/x86/kernel/apic/x2apic_uv_x.c
> +++ b/arch/x86/kernel/apic/x2apic_uv_x.c
> @@ -194,13 +194,13 @@ static int __cpuinit uv_wakeup_secondary(int phys_apicid, unsigned long start_ri
>  	pnode = uv_apicid_to_pnode(phys_apicid);
>  	phys_apicid |= uv_apicid_hibits;
>  	val = (1UL << UVH_IPI_INT_SEND_SHFT) |
> -	    (phys_apicid << UVH_IPI_INT_APIC_ID_SHFT) |
> +	    ((unsigned long)phys_apicid << UVH_IPI_INT_APIC_ID_SHFT) |
>  	    ((start_rip << UVH_IPI_INT_VECTOR_SHFT) >> 12) |
>  	    APIC_DM_INIT;
>  	uv_write_global_mmr64(pnode, UVH_IPI_INT, val);
>  
>  	val = (1UL << UVH_IPI_INT_SEND_SHFT) |
> -	    (phys_apicid << UVH_IPI_INT_APIC_ID_SHFT) |
> +	    ((unsigned long)phys_apicid << UVH_IPI_INT_APIC_ID_SHFT) |
>  	    ((start_rip << UVH_IPI_INT_VECTOR_SHFT) >> 12) |
>  	    APIC_DM_STARTUP;
>  	uv_write_global_mmr64(pnode, UVH_IPI_INT, val);

-- 
Russ Anderson, OS RAS/Partitioning Project Lead  
SGI - Silicon Graphics Inc          rja@....com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ