lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAKwvOd=9wtPP-vhLknpc7cjMrV=NZWQJFmqxOvGEyzRc2FrnCw@mail.gmail.com>
Date:   Mon, 25 Mar 2019 10:46:08 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        clang-built-linux@...glegroups.com,
        Nathan Chancellor <natechancellor@...il.com>,
        Zhao Qiang <qiang.zhao@....com>,
        Yalin Wang <yalin.wang@...ymobile.com>,
        "# 3.4.x" <stable@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] bitrev: fix constant bitrev

On Fri, Mar 22, 2019 at 7:05 AM Arnd Bergmann <arnd@...db.de> wrote:
>
> clang points out with hundreds of warnings that the bitrev macros
> have a problem with constant input:
>
> drivers/hwmon/sht15.c:187:11: error: variable '__x' is uninitialized when used within its own initialization
>       [-Werror,-Wuninitialized]
>         u8 crc = bitrev8(data->val_status & 0x0F);
>                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> include/linux/bitrev.h:102:21: note: expanded from macro 'bitrev8'
>         __constant_bitrev8(__x) :                       \
>         ~~~~~~~~~~~~~~~~~~~^~~~
> include/linux/bitrev.h:67:11: note: expanded from macro '__constant_bitrev8'
>         u8 __x = x;                     \
>            ~~~   ^
>
> Both the bitrev and the __constant_bitrev macros use an internal variable
> named __x, which goes horribly wrong when passing one to the other.

Oh man, so if you have a macro that expands another macro, you can run
into this issue.  To see how this expands:
https://godbolt.org/z/-khHN3

>
> The obvious fix is to rename one of the variables, so this adds an
> extra '_'.
>
> It seems we got away with this because
> - there are only a few drivers using bitrev macros
> - usually there are no constant arguments to those
> - when they are constant, they tend to be either 0 or (unsigned)-1
>   (drivers/isdn/i4l/isdnhdlc.o, drivers/iio/amplifiers/ad8366.c)
>   and give the correct result by pure chance.
>
> In fact, the only driver that I could find that gets different results
> with this is drivers/net/wan/slic_ds26522.c, which in turn is a driver
> for fairly rare hardware (adding the maintainer to Cc for testing).
>
> Cc: Zhao Qiang <qiang.zhao@....com>
> Cc: Yalin Wang <yalin.wang@...ymobile.com>
> Cc: stable@...r.kernel.org
> Fixes: 556d2f055bf6 ("ARM: 8187/1: add CONFIG_HAVE_ARCH_BITREVERSE to support rbit instruction")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>

I would have preferred to just name it `y` rather than keep tacking on
underscores, but it doesn't matter what color the bikeshed is.  Thanks
for the patch.
Reviewed-by: Nick Desaulniers <ndesaulniers@...gle.com>

> ---
>  include/linux/bitrev.h | 46 +++++++++++++++++++++---------------------
>  1 file changed, 23 insertions(+), 23 deletions(-)
>
> diff --git a/include/linux/bitrev.h b/include/linux/bitrev.h
> index 50fb0dee23e8..d35b8ec1c485 100644
> --- a/include/linux/bitrev.h
> +++ b/include/linux/bitrev.h
> @@ -34,41 +34,41 @@ static inline u32 __bitrev32(u32 x)
>
>  #define __constant_bitrev32(x) \
>  ({                                     \
> -       u32 __x = x;                    \
> -       __x = (__x >> 16) | (__x << 16);        \
> -       __x = ((__x & (u32)0xFF00FF00UL) >> 8) | ((__x & (u32)0x00FF00FFUL) << 8);      \
> -       __x = ((__x & (u32)0xF0F0F0F0UL) >> 4) | ((__x & (u32)0x0F0F0F0FUL) << 4);      \
> -       __x = ((__x & (u32)0xCCCCCCCCUL) >> 2) | ((__x & (u32)0x33333333UL) << 2);      \
> -       __x = ((__x & (u32)0xAAAAAAAAUL) >> 1) | ((__x & (u32)0x55555555UL) << 1);      \
> -       __x;                                                            \
> +       u32 ___x = x;                   \
> +       ___x = (___x >> 16) | (___x << 16);     \
> +       ___x = ((___x & (u32)0xFF00FF00UL) >> 8) | ((___x & (u32)0x00FF00FFUL) << 8);   \
> +       ___x = ((___x & (u32)0xF0F0F0F0UL) >> 4) | ((___x & (u32)0x0F0F0F0FUL) << 4);   \
> +       ___x = ((___x & (u32)0xCCCCCCCCUL) >> 2) | ((___x & (u32)0x33333333UL) << 2);   \
> +       ___x = ((___x & (u32)0xAAAAAAAAUL) >> 1) | ((___x & (u32)0x55555555UL) << 1);   \
> +       ___x;                                                           \
>  })
>
>  #define __constant_bitrev16(x) \
>  ({                                     \
> -       u16 __x = x;                    \
> -       __x = (__x >> 8) | (__x << 8);  \
> -       __x = ((__x & (u16)0xF0F0U) >> 4) | ((__x & (u16)0x0F0FU) << 4);        \
> -       __x = ((__x & (u16)0xCCCCU) >> 2) | ((__x & (u16)0x3333U) << 2);        \
> -       __x = ((__x & (u16)0xAAAAU) >> 1) | ((__x & (u16)0x5555U) << 1);        \
> -       __x;                                                            \
> +       u16 ___x = x;                   \
> +       ___x = (___x >> 8) | (___x << 8);       \
> +       ___x = ((___x & (u16)0xF0F0U) >> 4) | ((___x & (u16)0x0F0FU) << 4);     \
> +       ___x = ((___x & (u16)0xCCCCU) >> 2) | ((___x & (u16)0x3333U) << 2);     \
> +       ___x = ((___x & (u16)0xAAAAU) >> 1) | ((___x & (u16)0x5555U) << 1);     \
> +       ___x;                                                           \
>  })
>
>  #define __constant_bitrev8x4(x) \
>  ({                     \
> -       u32 __x = x;    \
> -       __x = ((__x & (u32)0xF0F0F0F0UL) >> 4) | ((__x & (u32)0x0F0F0F0FUL) << 4);      \
> -       __x = ((__x & (u32)0xCCCCCCCCUL) >> 2) | ((__x & (u32)0x33333333UL) << 2);      \
> -       __x = ((__x & (u32)0xAAAAAAAAUL) >> 1) | ((__x & (u32)0x55555555UL) << 1);      \
> -       __x;                                                            \
> +       u32 ___x = x;   \
> +       ___x = ((___x & (u32)0xF0F0F0F0UL) >> 4) | ((___x & (u32)0x0F0F0F0FUL) << 4);   \
> +       ___x = ((___x & (u32)0xCCCCCCCCUL) >> 2) | ((___x & (u32)0x33333333UL) << 2);   \
> +       ___x = ((___x & (u32)0xAAAAAAAAUL) >> 1) | ((___x & (u32)0x55555555UL) << 1);   \
> +       ___x;                                                           \
>  })
>
>  #define __constant_bitrev8(x)  \
>  ({                                     \
> -       u8 __x = x;                     \
> -       __x = (__x >> 4) | (__x << 4);  \
> -       __x = ((__x & (u8)0xCCU) >> 2) | ((__x & (u8)0x33U) << 2);      \
> -       __x = ((__x & (u8)0xAAU) >> 1) | ((__x & (u8)0x55U) << 1);      \
> -       __x;                                                            \
> +       u8 ___x = x;                    \
> +       ___x = (___x >> 4) | (___x << 4);       \
> +       ___x = ((___x & (u8)0xCCU) >> 2) | ((___x & (u8)0x33U) << 2);   \
> +       ___x = ((___x & (u8)0xAAU) >> 1) | ((___x & (u8)0x55U) << 1);   \
> +       ___x;                                                           \
>  })
>
>  #define bitrev32(x) \
> --
> 2.20.0
>


-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ