[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54660C93.6050801@st.com>
Date: Fri, 14 Nov 2014 15:07:15 +0100
From: Maxime Coquelin <maxime.coquelin@...com>
To: Andrew Morton <akpm@...ux-foundation.org>,
Max Filippov <jcmvbkbc@...il.com>
Cc: <linux@...musvillemoes.dk>, <gong.chen@...ux.intel.com>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...nel.org>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, <tytso@....edu>,
<linux-kernel@...r.kernel.org>, <stable@...r.kernel.org>,
<kernel@...inux.com>, <eric.paire@...com>
Subject: Re: [PATCH v4] bitops: Fix shift overflow in GENMASK macros
On 11/13/2014 11:09 PM, Andrew Morton wrote:
> On Thu, 6 Nov 2014 10:54:19 +0100 Maxime COQUELIN <maxime.coquelin@...com> wrote:
>
>> On some 32 bits architectures, including x86, GENMASK(31, 0) returns 0
>> instead of the expected ~0UL.
>>
>> This is the same on some 64 bits architectures with GENMASK_ULL(63, 0).
>>
>> This is due to an overflow in the shift operand, 1 << 32 for GENMASK,
>> 1 << 64 for GENMASK_ULL.
>>
>> Fixes: 10ef6b0dffe404bcc54e94cb2ca1a5b18445a66b
>> Cc: <stable@...r.kernel.org> #v3.13+
>> Reported-by: Eric Paire <eric.paire@...com>
>> Suggested-by: Rasmus Villemoes <linux@...musvillemoes.dk>
>> Signed-off-by: Maxime Coquelin <maxime.coquelin@...com>
> Why cc:stable? Does this bug cause some observed kernel misbehaviour?
> If so, please fully describe that in the changelog. This will help
> people to determine whether this patch might fix a bug they're
> observing, and will help them to decide whether they should backport
> this patch into their kernels.
We encountered some misbehavior on not upstreamed code.
Looking at all GENMASK and GENMASK_ULL occurences in v3.18-rc4,
I (only) found one possible candidate in drivers/spi/spi_xtensa-xtfpga.c:
static u32 xtfpga_spi_txrx_word(struct spi_device *spi, unsigned nsecs,
u32 v, u8 bits)
{
struct xtfpga_spi *xspi = spi_master_get_devdata(spi->master);
xspi->data = (xspi->data << bits) | (v & GENMASK(bits - 1, 0));
...
}
Max F., can xtfpga_spi_txrx_word() be called with "bits" = 32?
If yes, then GENMASK(bits - 1, 0) result would be unpredictable on some
architectures.
I don't know if Xtensa architecture is impacted though.
But even if Xtensa SPI driver is not impacted,
maybe future fixes that will be integrated into stable releases will use
GENMASK(),
and so could possibly be impacted by the bug.
Andrew, with this information, do you think we should take this patch in
stable branches?
>
> I'm assuming that Peter will be merging this patch.
Yes, Peter already added this patch in his tree.
>
Kind regards,
Maxime
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists