lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190730172141.addbdma5dnihdwoc@pburton-laptop>
Date:   Tue, 30 Jul 2019 17:21:43 +0000
From:   Paul Burton <paul.burton@...s.com>
To:     "Maciej W. Rozycki" <macro@...ux-mips.org>
CC:     Nick Desaulniers <ndesaulniers@...gle.com>,
        Ralf Baechle <ralf@...ux-mips.org>,
        James Hogan <jhogan@...nel.org>,
        Nathan Chancellor <natechancellor@...il.com>,
        Eli Friedman <efriedma@...cinc.com>,
        Hassan Naveed <hnaveed@...ecomp.com>,
        Stephen Kitt <steve@....org>,
        Serge Semin <fancer.lancer@...il.com>,
        Mike Rapoport <rppt@...ux.ibm.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Michal Hocko <mhocko@...e.com>,
        "linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "clang-built-linux@...glegroups.com" 
        <clang-built-linux@...glegroups.com>
Subject: Re: [PATCH] mips: avoid explicit UB in assignment of
 mips_io_port_base

Hello,

On Mon, Jul 29, 2019 at 11:16:45PM +0100, Maciej W. Rozycki wrote:
> On Mon, 29 Jul 2019, Nick Desaulniers wrote:
> > The code in question is modifying a variable declared const through
> > pointer manipulation.  Such code is explicitly undefined behavior, and
> > is the lone issue preventing malta_defconfig from booting when built
> > with Clang:
> > 
> > If an attempt is made to modify an object defined with a const-qualified
> > type through use of an lvalue with non-const-qualified type, the
> > behavior is undefined.
> > 
> > LLVM is removing such assignments. A simple fix is to not declare
> > variables const that you plan on modifying.  Limiting the scope would be
> > a better method of preventing unwanted writes to such a variable.
> > 
> > Further, the code in question mentions "compiler bugs" without any links
> > to bug reports, so it is difficult to know if the issue is resolved in
> > GCC. The patch was authored in 2006, which would have been GCC 4.0.3 or
> > 4.1.1. The minimal supported version of GCC in the Linux kernel is
> > currently 4.6.
> 
>  It's somewhat older than that.  My investigation points to:
> 
> commit c94e57dcd61d661749d53ee876ab265883b0a103
> Author: Ralf Baechle <ralf@...ux-mips.org>
> Date:   Sun Nov 25 09:25:53 2001 +0000
> 
>     Cleanup of include/asm-mips/io.h.  Now looks neat and harmless.
> 
> However the purpose of the arrangement does not appear to me to be 
> particularly specific to a compiler version.

Agreed - I don't think the code here talks about compiler bugs at all,
it talks about emitting extra unnecessary loads & says there's a codegen
"issue" which I interpret in this context to simply mean that the
generated code is suboptimal.

See also this previous patch which aimed to remove the const too, though
for other reasons; namely LTO:

https://lore.kernel.org/linux-mips/20180616154745.28230-1-hauke@hauke-m.de/T/#u

As I measured there this does indeed have an impact on code size, though
it's not infeasibly large or anything.

> > For what its worth, there was UB before the commit in question, it just
> > added a barrier and got lucky IRT codegen. I don't think there's any
> > actual compiler bugs related, just runtime bugs due to UB.
> 
>  Does your solution preserves the original purpose of the hack though as 
> documented in the comment you propose to be removed?
> 
>  Clearly it was defined enough to work for almost 18 years, so it would be 
> good to keep the optimisation functionally by using different means that 
> do not rely on UB.  This variable is assigned at most once throughout the 
> life of the kernel and then early on, so considering it r/w with all the 
> consequences for all accesses does not appear to me to be a good use of 
> it.
> 
>  Maybe a piece of inline asm to hide the initialisation or suchlike then?

That could work as a replacement hack. As I mentioned in the thread
linked above a less hacky, though more extensive & invasive change might
be to move our I/O area to a fixmap which ought to produce even better
code since the addresses would become compile-time constant. I'd settle
for either approach for now though.

Thanks,
    Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ