lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKwvOdnaRG=7mib9vtWX4wkjQXHeUiioonTaZLStMVXfOOSUfw@mail.gmail.com>
Date:   Mon, 16 Mar 2020 14:41:23 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Michel Dänzer <michel@...nzer.net>,
        Chris Wilson <chris@...is-wilson.co.uk>,
        Nathan Chancellor <natechancellor@...il.com>,
        Jani Nikula <jani.nikula@...ux.intel.com>
Cc:     Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
        Rodrigo Vivi <rodrigo.vivi@...el.com>,
        intel-gfx@...ts.freedesktop.org,
        LKML <linux-kernel@...r.kernel.org>,
        dri-devel <dri-devel@...ts.freedesktop.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>
Subject: Re: [PATCH] drm/i915: Cast remain to unsigned long in eb_relocate_vma

On Fri, Feb 14, 2020 at 7:36 AM Michel Dänzer <michel@...nzer.net> wrote:
>
> On 2020-02-14 12:49 p.m., Jani Nikula wrote:
> > On Fri, 14 Feb 2020, Chris Wilson <chris@...is-wilson.co.uk> wrote:
> >> Quoting Jani Nikula (2020-02-14 06:36:15)
> >>> On Thu, 13 Feb 2020, Nathan Chancellor <natechancellor@...il.com> wrote:
> >>>> A recent commit in clang added -Wtautological-compare to -Wall, which is
> >>>> enabled for i915 after -Wtautological-compare is disabled for the rest
> >>>> of the kernel so we see the following warning on x86_64:
> >>>>
> >>>>  ../drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c:1433:22: warning:
> >>>>  result of comparison of constant 576460752303423487 with expression of
> >>>>  type 'unsigned int' is always false
> >>>>  [-Wtautological-constant-out-of-range-compare]
> >>>>          if (unlikely(remain > N_RELOC(ULONG_MAX)))
> >>>>             ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
> >>>>  ../include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
> >>>>  # define unlikely(x)    __builtin_expect(!!(x), 0)
> >>>>                                             ^
> >>>>  1 warning generated.
> >>>>
> >>>> It is not wrong in the case where ULONG_MAX > UINT_MAX but it does not
> >>>> account for the case where this file is built for 32-bit x86, where
> >>>> ULONG_MAX == UINT_MAX and this check is still relevant.
> >>>>
> >>>> Cast remain to unsigned long, which keeps the generated code the same
> >>>> (verified with clang-11 on x86_64 and GCC 9.2.0 on x86 and x86_64) and
> >>>> the warning is silenced so we can catch more potential issues in the
> >>>> future.
> >>>>
> >>>> Link: https://github.com/ClangBuiltLinux/linux/issues/778
> >>>> Suggested-by: Michel Dänzer <michel@...nzer.net>
> >>>> Signed-off-by: Nathan Chancellor <natechancellor@...il.com>
> >>>
> >>> Works for me as a workaround,
> >>
> >> But the whole point was that the compiler could see that it was
> >> impossible and not emit the code. Doesn't this break that?
> >
> > It seems that goal and the warning are fundamentally incompatible.
>
> Not really:
>
>     if (sizeof(remain) >= sizeof(unsigned long) &&
>         unlikely(remain > N_RELOC(ULONG_MAX)))
>              return -EINVAL;
>
> In contrast to the cast, this doesn't generate any machine code on 64-bit:
>
> https://godbolt.org/z/GmUE4S
>
> but still generates the same code on 32-bit:
>
> https://godbolt.org/z/hAoz8L

Exactly.

This check is only a tautology when `sizeof(long) == sizeof(int)` (ie.
ILP32 platforms, like 32b x86), notice how BOTH GCC AND Clang generate
exactly the same code: https://godbolt.org/z/6ShrDM

Both compilers eliminate the check when `-m32` is not set, and
generate the exact same check otherwise.  How about:
```
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
index d3f4f28e9468..25b9d3f3ad57 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
@@ -1415,8 +1415,10 @@ static int eb_relocate_vma(struct
i915_execbuffer *eb, struct eb_vma *ev)

        urelocs = u64_to_user_ptr(entry->relocs_ptr);
        remain = entry->relocation_count;
+#ifndef CONFIG_64BIT
        if (unlikely(remain > N_RELOC(ULONG_MAX)))
                return -EINVAL;
+#endif

        /*
         * We must check that the entire relocation array is safe
```

We now have 4 proposed solutions:
1. https://lore.kernel.org/lkml/20191123195321.41305-1-natechancellor@gmail.com/
2. https://lore.kernel.org/lkml/20200211050808.29463-1-natechancellor@gmail.com/
3. https://lore.kernel.org/lkml/20200214054706.33870-1-natechancellor@gmail.com/
4. my diff above
Let's please come to a resolution on this.
-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ