lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 11 Jun 2018 11:28:10 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     Dan Carpenter <dan.carpenter@...cle.com>,
        linux-kernel@...r.kernel.org,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        Mark Rutland <mark.rutland@....com>
Subject: Re: Smatch check for Spectre stuff

On Fri, Jun 08, 2018 at 11:12:19AM -0500, Josh Poimboeuf wrote:
> 1) I've noticed a common pattern for many of the false positives.
>    Smatch doesn't seem to detect when the code masks off the array index
>    to ensure that it's safe.
> 
>    For example:
> 
>    > ./include/linux/mmzone.h:1161 __nr_to_section() warn: potential spectre issue 'mem_section[(nr / (((1) << 12) / 32))]'
> 
>    1153 static inline struct mem_section *__nr_to_section(unsigned long nr)
>    1154 {
>    1155 #ifdef CONFIG_SPARSEMEM_EXTREME
>    1156         if (!mem_section)
>    1157                 return NULL;
>    1158 #endif
>    1159         if (!mem_section[SECTION_NR_TO_ROOT(nr)])
>    1160                 return NULL;
>    1161         return &mem_section[SECTION_NR_TO_ROOT(nr)][nr & SECTION_ROOT_MASK];
>    1162 }
> 
>    In the 2-D array access, it seems to be complaining about the '[nr &
>    SECTION_ROOT_MASK]' reference.  But that appears to be safe because
>    all the unsafe bits are masked off.
>  
>    It would be great if Smatch could detect that situation if possible.

Also see:

  https://lkml.kernel.org/r/20180425131958.hhapvc3b2i3b4pgy@lakrids.cambridge.arm.com

That exact pattern isn't (immediately) applicable here, but it makes the
general pattern of masking very hard to do.

Powered by blists - more mailing lists