| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Dec 2019 10:35:01 +0000
From: Will Deacon <will@...nel.org>
To: Christian Borntraeger <borntraeger@...ibm.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Peter Zijlstra <peterz@...radead.org>,
Michael Ellerman <mpe@...erman.id.au>, dja@...ens.net,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
linuxppc-dev@...ts.ozlabs.org,
Christophe Leroy <christophe.leroy@....fr>,
linux-arch <linux-arch@...r.kernel.org>,
Mark Rutland <mark.rutland@....com>,
Segher Boessenkool <segher@...nel.crashing.org>,
Arnd Bergmann <arnd@...db.de>
Subject: Re: READ_ONCE() + STACKPROTECTOR_STRONG == :/ (was Re: [GIT PULL]
Please pull powerpc/linux.git powerpc-5.5-2 tag (topic/kasan-bitops))
On Wed, Dec 18, 2019 at 11:22:05AM +0100, Christian Borntraeger wrote:
> On 12.12.19 21:49, Linus Torvalds wrote:
> > On Thu, Dec 12, 2019 at 11:34 AM Will Deacon <will@...nel.org> wrote:
> >>
> >> The root of my concern in all of this, and what started me looking at it in
> >> the first place, is the interaction with 'typeof()'. Inheriting 'volatile'
> >> for a pointer means that local variables in macros declared using typeof()
> >> suddenly start generating *hideous* code, particularly when pointless stack
> >> spills get stackprotector all excited.
> >
> > Yeah, removing volatile can be a bit annoying.
> >
> > For the particular case of the bitops, though, it's not an issue.
> > Since you know the type there, you can just cast it.
> >
> > And if we had the rule that READ_ONCE() was an arithmetic type, you could do
> >
> > typeof(0+(*p)) __var;
> >
> > since you might as well get the integer promotion anyway (on the
> > non-volatile result).
> >
> > But that doesn't work with structures or unions, of course.
>
> We do have a READ_ONCE on the following union in s390 code.
>
> union ipte_control {
> unsigned long val;
> struct {
> unsigned long k : 1;
> unsigned long kh : 31;
> unsigned long kg : 32;
> };
> };
>
>
> In fact this one was the original failure case why we change ACCESS_ONCE.
>
> see arch/s390/kvm/gaccess.c
Thanks. I think we should be ok just using the 'val' field instead of the
whole union but, then again, when bitfields are involved who knows what the
compiler might do. I thought we usually shied away from using them to mirror
hardware structures like this?
Will
Powered by blists - more mailing lists