lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 14 Nov 2014 15:07:15 +0100
From:	Maxime Coquelin <maxime.coquelin@...com>
To:	Andrew Morton <akpm@...ux-foundation.org>,
	Max Filippov <jcmvbkbc@...il.com>
Cc:	<linux@...musvillemoes.dk>, <gong.chen@...ux.intel.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Ingo Molnar <mingo@...nel.org>,
	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, <tytso@....edu>,
	<linux-kernel@...r.kernel.org>, <stable@...r.kernel.org>,
	<kernel@...inux.com>, <eric.paire@...com>
Subject: Re: [PATCH v4] bitops: Fix shift overflow in GENMASK macros


On 11/13/2014 11:09 PM, Andrew Morton wrote:
> On Thu,  6 Nov 2014 10:54:19 +0100 Maxime COQUELIN <maxime.coquelin@...com> wrote:
>
>> On some 32 bits architectures, including x86, GENMASK(31, 0) returns 0
>> instead of the expected ~0UL.
>>
>> This is the same on some 64 bits architectures with GENMASK_ULL(63, 0).
>>
>> This is due to an overflow in the shift operand, 1 << 32 for GENMASK,
>> 1 << 64 for GENMASK_ULL.
>>
>> Fixes: 10ef6b0dffe404bcc54e94cb2ca1a5b18445a66b
>> Cc: <stable@...r.kernel.org> #v3.13+
>> Reported-by: Eric Paire <eric.paire@...com>
>> Suggested-by: Rasmus Villemoes <linux@...musvillemoes.dk>
>> Signed-off-by: Maxime Coquelin <maxime.coquelin@...com>
> Why cc:stable?  Does this bug cause some observed kernel misbehaviour?
> If so, please fully describe that in the changelog.  This will help
> people to determine whether this patch might fix a bug they're
> observing, and will help them to decide whether they should backport
> this patch into their kernels.
We encountered some misbehavior on not upstreamed code.

Looking at all GENMASK and GENMASK_ULL occurences in v3.18-rc4,
I (only) found one possible candidate in drivers/spi/spi_xtensa-xtfpga.c:

static u32 xtfpga_spi_txrx_word(struct spi_device *spi, unsigned nsecs,
                 u32 v, u8 bits)
{
     struct xtfpga_spi *xspi = spi_master_get_devdata(spi->master);

     xspi->data = (xspi->data << bits) | (v & GENMASK(bits - 1, 0));
...
}

Max F., can xtfpga_spi_txrx_word() be called with "bits" = 32?
If yes, then GENMASK(bits - 1, 0) result would be unpredictable on some 
architectures.
I don't know if Xtensa architecture is impacted though.

But even if Xtensa SPI driver is not impacted,
maybe future fixes that will be integrated into stable releases will use 
GENMASK(),
and so could possibly be impacted by the bug.

Andrew, with this information, do you think we should take this patch in 
stable branches?

>
> I'm assuming that Peter will be merging this patch.

Yes, Peter already added this patch in his tree.
>
Kind regards,
Maxime
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ