lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 14 May 2018 13:32:30 +0200
From:   Geert Uytterhoeven <geert@...ux-m68k.org>
To:     Boris Brezillon <boris.brezillon@...tlin.com>
Cc:     Richard Weinberger <richard@....at>,
        David Woodhouse <dwmw2@...radead.org>,
        Brian Norris <computersforpeace@...il.com>,
        Marek Vasut <marek.vasut@...il.com>,
        Miquel Raynal <miquel.raynal@...tlin.com>,
        MTD Maling List <linux-mtd@...ts.infradead.org>,
        "Linux/m68k" <linux-m68k@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] mtd: nand: Fix return type of __DIVIDE() when called with 32-bit

Hi Boris,

On Mon, May 14, 2018 at 1:23 PM, Boris Brezillon
<boris.brezillon@...tlin.com> wrote:
> On Mon, 14 May 2018 12:49:37 +0200
> Geert Uytterhoeven <geert@...ux-m68k.org> wrote:
>> The __DIVIDE() macro checks whether it is called with a 32-bit or 64-bit
>> dividend, to select the appropriate divide-and-round-up routine.
>> As the check uses the ternary operator, the result will always be
>> promoted to a type that can hold both results, i.e. unsigned long long.
>>
>> When using this result in a division on a 32-bit system, this may lead
>> to link errors like:
>>
>>     ERROR: "__udivdi3" [drivers/mtd/nand/raw/nand.ko] undefined!
>>
>> Fix this by casting the result of the 64-bit division to the type of the
>> dividend.
>>
>> Fixes: 8878b126df769831 ("mtd: nand: add ->exec_op() implementation")
>> Signed-off-by: Geert Uytterhoeven <geert@...ux-m68k.org>
>> ---
>> This fixes the root cause of the link failure seen with
>> m68k/allmodconfig since commit 3057fcef385348fe ("mtd: rawnand: Make
>> sure we wait tWB before polling the STATUS reg").
>>
>> An alternative mitigation was posted as "[PATCH] m68k: Implement
>> ndelay() as an inline function to force type checking/casting"
>> (https://lkml.org/lkml/2018/5/13/102).
>> ---
>>  include/linux/mtd/rawnand.h | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/include/linux/mtd/rawnand.h b/include/linux/mtd/rawnand.h
>> index 5dad59b312440a9c..d06dc428ea0102ae 100644
>> --- a/include/linux/mtd/rawnand.h
>> +++ b/include/linux/mtd/rawnand.h
>> @@ -871,7 +871,7 @@ struct nand_op_instr {
>>  #define __DIVIDE(dividend, divisor) ({                                       \
>>       sizeof(dividend) == sizeof(u32) ?                               \
>>               DIV_ROUND_UP(dividend, divisor) :                       \
>> -             DIV_ROUND_UP_ULL(dividend, divisor);                    \
>> +             (__typeof__(dividend))DIV_ROUND_UP_ULL(dividend, divisor); \
>
> Hm, it's a bit hard to follow when you place the cast here. One could
> wonder why a cast to (__typeof__(dividend)) is needed since
> DIV_ROUND_UP_ULL() already returns a (__typeof__(dividend)) type.

DIV_ROUND_UP_ULL() does not return __typeof__(dividend), but
unsigned long long.

> How about:
>
>         /*
>          * Cast to type of dividend is needed here to guarantee that the
>          * result won't be an unsigned long long when the dividend is an
>          * unsigned long, which is what the compiler does when it sees a

s/an unsigned long/32-bit/

>          * ternary operator with 2 different return types.
>          */
>         (__typeof__(dividend))(sizeof(dividend) == sizeof(u32) ?        \
>                                DIV_ROUND_UP(dividend, divisor) :        \
>                                DIV_ROUND_UP_ULL(dividend, divisor));

Looks fine to me, too.

> Actually, I'm not even sure we care about the truncation that could
> happen on an unsigned long long -> unsigned long cast because the
> delays we express here will anyway be hundreds of nanosecs/millisecs,
> so nothing close to the billions of nanosecs/millisecs you can express
> with an unsigned long.
>
> So, maybe we should just do:
>
>         (unsigned long)(sizeof(dividend) == sizeof(u32) ?               \
>                         DIV_ROUND_UP(dividend, divisor) :               \
>                         DIV_ROUND_UP_ULL(dividend, divisor));
>
> to make things more readable.

That would break callers who pass a 64-bit dividend, and expect to receive
a 64-bit quotient back (on 32-bit systems).
Calling e.g. PSEC_TO_NSEC(1000000000000ULL) is valid, passing the
result to ndelay() isn't ;-)

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ