lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 19 Nov 2015 15:08:32 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Michael Büsch <m@...s.ch>
Cc:	linux-sh@...r.kernel.org, linux-kernel@...r.kernel.org,
	Ilia Mirkin <imirkin@...m.mit.edu>
Subject: Re: [PATCH] m32r: Fix clearing of thread info fault code

On Thu, 19 Nov 2015 21:13:19 +0100 Michael B__sch <m@...s.ch> wrote:

> The expression (~0 >> x) will always yield all-ones, because the right
> shift is an arithmetic right shift that will always shift ones in.
> Hence the old fault code bits will not be cleared before being ORed
> with the new fault code.
> 
> Fix this by forcing a logical right shift instead of an arithmetic
> right shift by using an unsigned long constant.
> 
> Reported-by: Ilia Mirkin <imirkin@...m.mit.edu>
> Signed-off-by: Michael Buesch <m@...s.ch>
> 
> ---
> 
> The code also assumes sizeof(ti->flags) == 4. But that probably is ok
> for this arch.
> 
> This patch is untested, because I do not have the hardware.
> 
> Resend: Patch was originally sent on Wed, 18 Jun 2015.
> 
> (Sorry, hit the send button early, so here goes the actual patch.)
>
> ...
>
> --- linux.orig/arch/m32r/include/asm/thread_info.h
> +++ linux/arch/m32r/include/asm/thread_info.h
> @@ -77,7 +77,7 @@ static inline struct thread_info *curren
>  static inline void set_thread_fault_code(unsigned int val)
>  {
>  	struct thread_info *ti = current_thread_info();
> -	ti->flags = (ti->flags & (~0 >> (32 - TI_FLAG_FAULT_CODE_SHIFT)))
> +	ti->flags = (ti->flags & (~0UL >> (32 - TI_FLAG_FAULT_CODE_SHIFT)))
>  		| (val << TI_FLAG_FAULT_CODE_SHIFT);
>  }

I don't think we should apply this unless someone can runtime test it. 
Presumably the current code works OK, but we just don't know what
nasties the fixed version might expose.

The best I can think of is to put a big FIXME comment in there, so
perhaps one day if someone is working on m32r stuff, they may try
fixing it.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ