lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.2.21.1907292302451.16059@eddie.linux-mips.org>
Date:   Mon, 29 Jul 2019 23:16:45 +0100 (BST)
From:   "Maciej W. Rozycki" <macro@...ux-mips.org>
To:     Nick Desaulniers <ndesaulniers@...gle.com>
cc:     Ralf Baechle <ralf@...ux-mips.org>,
        Paul Burton <paul.burton@...s.com>,
        James Hogan <jhogan@...nel.org>,
        Nathan Chancellor <natechancellor@...il.com>,
        Eli Friedman <efriedma@...cinc.com>,
        Hassan Naveed <hnaveed@...ecomp.com>,
        Stephen Kitt <steve@....org>,
        Serge Semin <fancer.lancer@...il.com>,
        Mike Rapoport <rppt@...ux.ibm.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Michal Hocko <mhocko@...e.com>, linux-mips@...r.kernel.org,
        linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com
Subject: Re: [PATCH] mips: avoid explicit UB in assignment of
 mips_io_port_base

On Mon, 29 Jul 2019, Nick Desaulniers wrote:

> The code in question is modifying a variable declared const through
> pointer manipulation.  Such code is explicitly undefined behavior, and
> is the lone issue preventing malta_defconfig from booting when built
> with Clang:
> 
> If an attempt is made to modify an object defined with a const-qualified
> type through use of an lvalue with non-const-qualified type, the
> behavior is undefined.
> 
> LLVM is removing such assignments. A simple fix is to not declare
> variables const that you plan on modifying.  Limiting the scope would be
> a better method of preventing unwanted writes to such a variable.
> 
> Further, the code in question mentions "compiler bugs" without any links
> to bug reports, so it is difficult to know if the issue is resolved in
> GCC. The patch was authored in 2006, which would have been GCC 4.0.3 or
> 4.1.1. The minimal supported version of GCC in the Linux kernel is
> currently 4.6.

 It's somewhat older than that.  My investigation points to:

commit c94e57dcd61d661749d53ee876ab265883b0a103
Author: Ralf Baechle <ralf@...ux-mips.org>
Date:   Sun Nov 25 09:25:53 2001 +0000

    Cleanup of include/asm-mips/io.h.  Now looks neat and harmless.

However the purpose of the arrangement does not appear to me to be 
particularly specific to a compiler version.

> For what its worth, there was UB before the commit in question, it just
> added a barrier and got lucky IRT codegen. I don't think there's any
> actual compiler bugs related, just runtime bugs due to UB.

 Does your solution preserves the original purpose of the hack though as 
documented in the comment you propose to be removed?

 Clearly it was defined enough to work for almost 18 years, so it would be 
good to keep the optimisation functionally by using different means that 
do not rely on UB.  This variable is assigned at most once throughout the 
life of the kernel and then early on, so considering it r/w with all the 
consequences for all accesses does not appear to me to be a good use of 
it.

 Maybe a piece of inline asm to hide the initialisation or suchlike then?

  Maciej

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ