| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180906230858.psedqdai3dw2cvvl@ltop.local>
Date: Fri, 7 Sep 2018 01:08:59 +0200
From: Luc Van Oostenryck <luc.vanoostenryck@...il.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andrey Konovalov <andreyknvl@...gle.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Mark Rutland <mark.rutland@....com>,
Robin Murphy <robin.murphy@....com>,
Al Viro <viro@...iv.linux.org.uk>,
Kees Cook <keescook@...omium.org>,
Kate Stewart <kstewart@...uxfoundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Ingo Molnar <mingo@...nel.org>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Shuah Khan <shuah@...nel.org>,
linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
linux-mm <linux-mm@...ck.org>,
linux-arch <linux-arch@...r.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Kostya Serebryany <kcc@...gle.com>, eugenis@...gle.com,
Lee.Smith@....com,
Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>,
Jacob.Bramley@....com, Ruben.Ayrapetyan@....com,
cpandya@...eaurora.org
Subject: Re: [PATCH v6 11/11] arm64: annotate user pointers casts detected by
sparse
On Thu, Sep 06, 2018 at 02:16:19PM -0700, Linus Torvalds wrote:
> On Thu, Sep 6, 2018 at 2:13 PM Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
> >
> > So for example:
> >
> > > static inline compat_uptr_t ptr_to_compat(void __user *uptr)
> > > {
> > > - return (u32)(unsigned long)uptr;
> > > + return (u32)(__force unsigned long)uptr;
> > > }
> >
> > this actually looks correct.
>
> Side note: I do think that while the above is correct, the rest of the
> patch shows that we might be better off simply not havign the warning
> for address space changes at all for the "cast a pointer to an integer
> type" case.
>
> When you cast to a non-pointer type, the address space issue simply
> doesn't exist at all, so the warning makes less sense.
>
> It's really just he "pointer to one address space" being cast to
> "pointer to another address space" that should really warn, and that
> might need that "__force" thing.
>
> Hmm? So maybe a sparse change is better for most of that patch.
Unless I'm misunderstanding something, I don't think there is
anything to change for this specific point. Sparse don't warn
(by default) on "cast from pointer with address space to integer",
as it always been the case, I think. I think it's the good choice.
It's just that recently, I've added a new flag -Wcast-from-as [1],
defaulting to 'no', specifically to *detect* these cast because of
these tagged pointers.
Note: I tend to think more and more that __force is simply too
strong and weaker form, like __force_as and __force_bitwise
would be more appropriate.
-- Luc Van Oostenryck
[1] d96da358c ("stricter warning for explicit cast to ulong")
Powered by blists - more mailing lists