| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Mar 2019 10:46:08 -0700
From: Nick Desaulniers <ndesaulniers@...gle.com>
To: Arnd Bergmann <arnd@...db.de>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
clang-built-linux@...glegroups.com,
Nathan Chancellor <natechancellor@...il.com>,
Zhao Qiang <qiang.zhao@....com>,
Yalin Wang <yalin.wang@...ymobile.com>,
"# 3.4.x" <stable@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] bitrev: fix constant bitrev
On Fri, Mar 22, 2019 at 7:05 AM Arnd Bergmann <arnd@...db.de> wrote:
>
> clang points out with hundreds of warnings that the bitrev macros
> have a problem with constant input:
>
> drivers/hwmon/sht15.c:187:11: error: variable '__x' is uninitialized when used within its own initialization
> [-Werror,-Wuninitialized]
> u8 crc = bitrev8(data->val_status & 0x0F);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> include/linux/bitrev.h:102:21: note: expanded from macro 'bitrev8'
> __constant_bitrev8(__x) : \
> ~~~~~~~~~~~~~~~~~~~^~~~
> include/linux/bitrev.h:67:11: note: expanded from macro '__constant_bitrev8'
> u8 __x = x; \
> ~~~ ^
>
> Both the bitrev and the __constant_bitrev macros use an internal variable
> named __x, which goes horribly wrong when passing one to the other.
Oh man, so if you have a macro that expands another macro, you can run
into this issue. To see how this expands:
https://godbolt.org/z/-khHN3
>
> The obvious fix is to rename one of the variables, so this adds an
> extra '_'.
>
> It seems we got away with this because
> - there are only a few drivers using bitrev macros
> - usually there are no constant arguments to those
> - when they are constant, they tend to be either 0 or (unsigned)-1
> (drivers/isdn/i4l/isdnhdlc.o, drivers/iio/amplifiers/ad8366.c)
> and give the correct result by pure chance.
>
> In fact, the only driver that I could find that gets different results
> with this is drivers/net/wan/slic_ds26522.c, which in turn is a driver
> for fairly rare hardware (adding the maintainer to Cc for testing).
>
> Cc: Zhao Qiang <qiang.zhao@....com>
> Cc: Yalin Wang <yalin.wang@...ymobile.com>
> Cc: stable@...r.kernel.org
> Fixes: 556d2f055bf6 ("ARM: 8187/1: add CONFIG_HAVE_ARCH_BITREVERSE to support rbit instruction")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
I would have preferred to just name it `y` rather than keep tacking on
underscores, but it doesn't matter what color the bikeshed is. Thanks
for the patch.
Reviewed-by: Nick Desaulniers <ndesaulniers@...gle.com>
> ---
> include/linux/bitrev.h | 46 +++++++++++++++++++++---------------------
> 1 file changed, 23 insertions(+), 23 deletions(-)
>
> diff --git a/include/linux/bitrev.h b/include/linux/bitrev.h
> index 50fb0dee23e8..d35b8ec1c485 100644
> --- a/include/linux/bitrev.h
> +++ b/include/linux/bitrev.h
> @@ -34,41 +34,41 @@ static inline u32 __bitrev32(u32 x)
>
> #define __constant_bitrev32(x) \
> ({ \
> - u32 __x = x; \
> - __x = (__x >> 16) | (__x << 16); \
> - __x = ((__x & (u32)0xFF00FF00UL) >> 8) | ((__x & (u32)0x00FF00FFUL) << 8); \
> - __x = ((__x & (u32)0xF0F0F0F0UL) >> 4) | ((__x & (u32)0x0F0F0F0FUL) << 4); \
> - __x = ((__x & (u32)0xCCCCCCCCUL) >> 2) | ((__x & (u32)0x33333333UL) << 2); \
> - __x = ((__x & (u32)0xAAAAAAAAUL) >> 1) | ((__x & (u32)0x55555555UL) << 1); \
> - __x; \
> + u32 ___x = x; \
> + ___x = (___x >> 16) | (___x << 16); \
> + ___x = ((___x & (u32)0xFF00FF00UL) >> 8) | ((___x & (u32)0x00FF00FFUL) << 8); \
> + ___x = ((___x & (u32)0xF0F0F0F0UL) >> 4) | ((___x & (u32)0x0F0F0F0FUL) << 4); \
> + ___x = ((___x & (u32)0xCCCCCCCCUL) >> 2) | ((___x & (u32)0x33333333UL) << 2); \
> + ___x = ((___x & (u32)0xAAAAAAAAUL) >> 1) | ((___x & (u32)0x55555555UL) << 1); \
> + ___x; \
> })
>
> #define __constant_bitrev16(x) \
> ({ \
> - u16 __x = x; \
> - __x = (__x >> 8) | (__x << 8); \
> - __x = ((__x & (u16)0xF0F0U) >> 4) | ((__x & (u16)0x0F0FU) << 4); \
> - __x = ((__x & (u16)0xCCCCU) >> 2) | ((__x & (u16)0x3333U) << 2); \
> - __x = ((__x & (u16)0xAAAAU) >> 1) | ((__x & (u16)0x5555U) << 1); \
> - __x; \
> + u16 ___x = x; \
> + ___x = (___x >> 8) | (___x << 8); \
> + ___x = ((___x & (u16)0xF0F0U) >> 4) | ((___x & (u16)0x0F0FU) << 4); \
> + ___x = ((___x & (u16)0xCCCCU) >> 2) | ((___x & (u16)0x3333U) << 2); \
> + ___x = ((___x & (u16)0xAAAAU) >> 1) | ((___x & (u16)0x5555U) << 1); \
> + ___x; \
> })
>
> #define __constant_bitrev8x4(x) \
> ({ \
> - u32 __x = x; \
> - __x = ((__x & (u32)0xF0F0F0F0UL) >> 4) | ((__x & (u32)0x0F0F0F0FUL) << 4); \
> - __x = ((__x & (u32)0xCCCCCCCCUL) >> 2) | ((__x & (u32)0x33333333UL) << 2); \
> - __x = ((__x & (u32)0xAAAAAAAAUL) >> 1) | ((__x & (u32)0x55555555UL) << 1); \
> - __x; \
> + u32 ___x = x; \
> + ___x = ((___x & (u32)0xF0F0F0F0UL) >> 4) | ((___x & (u32)0x0F0F0F0FUL) << 4); \
> + ___x = ((___x & (u32)0xCCCCCCCCUL) >> 2) | ((___x & (u32)0x33333333UL) << 2); \
> + ___x = ((___x & (u32)0xAAAAAAAAUL) >> 1) | ((___x & (u32)0x55555555UL) << 1); \
> + ___x; \
> })
>
> #define __constant_bitrev8(x) \
> ({ \
> - u8 __x = x; \
> - __x = (__x >> 4) | (__x << 4); \
> - __x = ((__x & (u8)0xCCU) >> 2) | ((__x & (u8)0x33U) << 2); \
> - __x = ((__x & (u8)0xAAU) >> 1) | ((__x & (u8)0x55U) << 1); \
> - __x; \
> + u8 ___x = x; \
> + ___x = (___x >> 4) | (___x << 4); \
> + ___x = ((___x & (u8)0xCCU) >> 2) | ((___x & (u8)0x33U) << 2); \
> + ___x = ((___x & (u8)0xAAU) >> 1) | ((___x & (u8)0x55U) << 1); \
> + ___x; \
> })
>
> #define bitrev32(x) \
> --
> 2.20.0
>
--
Thanks,
~Nick Desaulniers
Powered by blists - more mailing lists