lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 24 Oct 2014 19:10:49 +0400
From:	Dmitry Vyukov <dvyukov@...gle.com>
To:	Sasha Levin <sasha.levin@...cle.com>
Cc:	Peter Zijlstra <peterz@...radead.org>,
	"Theodore Ts'o" <tytso@....edu>,
	Daniel Borkmann <dborkman@...hat.com>,
	Andrey Ryabinin <a.ryabinin@...sung.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, Michal Marek <mmarek@...e.cz>,
	"x86@...nel.org" <x86@...nel.org>, linux-kbuild@...r.kernel.org,
	LKML <linux-kernel@...r.kernel.org>,
	Andreas Dilger <adilger.kernel@...ger.ca>,
	Konstantin Khlebnikov <koct9i@...il.com>
Subject: Re: drivers: random: Shift out-of-bounds in _mix_pool_bytes

On Fri, Oct 24, 2014 at 7:04 PM, Sasha Levin <sasha.levin@...cle.com> wrote:
> On 10/24/2014 09:42 AM, Peter Zijlstra wrote:
>> On Fri, Oct 24, 2014 at 09:23:35AM -0400, Sasha Levin wrote:
>>>
>>> i >> 32 may happen to be "i", but is there anything that prevents the compiler
>>> from returning, let's say, 42?
>>
>> Not really, although gcc seems to opt for the 'sane' option and emit the
>> instruction and let the arch figure out how to deal with it. Hence the
>> 'fun' difference between x86 and ARM.
>
> It's interesting how many different views on undefined behaviour there are between
> kernel folks.
>
> Everything between Ted Ts'o saying that GCC can launch nethack on oversized shifts,
> to DaveM saying he will file a GCC bug if the behaviour isn't sane w.r.t to memcpy().

One of the benefits of fixing such issues (or not letting them into
code in the first place) is just saving numerous hours of top-notch
engineers spent on disputes like this.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ