lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Feb 2019 23:01:14 +1100 From: Balbir Singh <bsingharora@...il.com> To: Michael Ellerman <mpe@...erman.id.au> Cc: Segher Boessenkool <segher@...nel.crashing.org>, erhard_f@...lbox.org, jack@...e.cz, linuxppc-dev@...abs.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, aneesh.kumar@...ux.vnet.ibm.com Subject: Re: [PATCH] powerpc/64s: Fix possible corruption on big endian due to pgd/pud_present() On Mon, Feb 18, 2019 at 11:49:18AM +1100, Michael Ellerman wrote: > Balbir Singh <bsingharora@...il.com> writes: > > On Sun, Feb 17, 2019 at 07:34:20PM +1100, Michael Ellerman wrote: > >> Balbir Singh <bsingharora@...il.com> writes: > >> > On Sat, Feb 16, 2019 at 08:22:12AM -0600, Segher Boessenkool wrote: > >> >> On Sat, Feb 16, 2019 at 09:55:11PM +1100, Balbir Singh wrote: > >> >> > On Thu, Feb 14, 2019 at 05:23:39PM +1100, Michael Ellerman wrote: > >> >> > > In v4.20 we changed our pgd/pud_present() to check for _PAGE_PRESENT > >> >> > > rather than just checking that the value is non-zero, e.g.: > >> >> > > > >> >> > > static inline int pgd_present(pgd_t pgd) > >> >> > > { > >> >> > > - return !pgd_none(pgd); > >> >> > > + return (pgd_raw(pgd) & cpu_to_be64(_PAGE_PRESENT)); > >> >> > > } > >> >> > > > >> >> > > Unfortunately this is broken on big endian, as the result of the > >> >> > > bitwise && is truncated to int, which is always zero because > >> >> > >> >> (Bitwise "&" of course). > >> >> > >> >> > Not sure why that should happen, why is the result an int? What > >> >> > causes the casting of pgd_t & be64 to be truncated to an int. > >> >> > >> >> Yes, it's not obvious as written... It's simply that the return type of > >> >> pgd_present is int. So it is truncated _after_ the bitwise and. > >> >> > >> > > >> > Thanks, I am surprised the compiler does not complain about the truncation > >> > of bits. I wonder if we are missing -Wconversion > >> > >> Good luck with that :) > >> > >> What I should start doing is building with it enabled and then comparing > >> the output before and after commits to make sure we're not introducing > >> new cases. > > > > Fair enough, my point was that the compiler can help out. I'll see what > > -Wconversion finds on my local build :) > > I get about 43MB of warnings here :) > I got about 181M with a failed build :(, but the warnings pointed to some cases that can be a good project for cleanup For example 1. static inline long regs_return_value(struct pt_regs *regs) { if (is_syscall_success(regs)) return regs->gpr[3]; else return -regs->gpr[3]; } In the case of is_syscall_success() returning false, we should ensure that regs->gpr[3] is negative and capped within a certain limit, but it might be an expensive check 2. static inline void mark_hpte_slot_valid(unsigned char *hpte_slot_array, unsigned int index, unsigned int hidx) { hpte_slot_array[index] = (hidx << 1) | 0x1; } hidx is 3 bits, but the argument is unsigned int. The caller probably does a hidx & 0x7, but it's not clear from the code 3. hash__pmd_bad (pmd_bad) and hash__pud_bad (pud_bad) have issues similar to what was found, but since the the page table indices are below 32, the macros are safe :) And a few more, but I am not sure why I spent time looking at possible issues, may be I am being stupid or overly pessimistic :) Balbir
Powered by blists - more mailing lists