lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 26 Mar 2020 13:11:58 -0700
From:   Nathan Chancellor <natechancellor@...il.com>
To:     Nick Desaulniers <ndesaulniers@...gle.com>,
        Jani Nikula <jani.nikula@...ux.intel.com>,
        Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
        Rodrigo Vivi <rodrigo.vivi@...el.com>
Cc:     Michel Dänzer <michel@...nzer.net>,
        Chris Wilson <chris@...is-wilson.co.uk>,
        intel-gfx@...ts.freedesktop.org,
        LKML <linux-kernel@...r.kernel.org>,
        dri-devel <dri-devel@...ts.freedesktop.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>
Subject: Re: [PATCH] drm/i915: Cast remain to unsigned long in eb_relocate_vma

On Mon, Mar 16, 2020 at 02:41:23PM -0700, Nick Desaulniers wrote:
> On Fri, Feb 14, 2020 at 7:36 AM Michel Dänzer <michel@...nzer.net> wrote:
> >
> > On 2020-02-14 12:49 p.m., Jani Nikula wrote:
> > > On Fri, 14 Feb 2020, Chris Wilson <chris@...is-wilson.co.uk> wrote:
> > >> Quoting Jani Nikula (2020-02-14 06:36:15)
> > >>> On Thu, 13 Feb 2020, Nathan Chancellor <natechancellor@...il.com> wrote:
> > >>>> A recent commit in clang added -Wtautological-compare to -Wall, which is
> > >>>> enabled for i915 after -Wtautological-compare is disabled for the rest
> > >>>> of the kernel so we see the following warning on x86_64:
> > >>>>
> > >>>>  ../drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c:1433:22: warning:
> > >>>>  result of comparison of constant 576460752303423487 with expression of
> > >>>>  type 'unsigned int' is always false
> > >>>>  [-Wtautological-constant-out-of-range-compare]
> > >>>>          if (unlikely(remain > N_RELOC(ULONG_MAX)))
> > >>>>             ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
> > >>>>  ../include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
> > >>>>  # define unlikely(x)    __builtin_expect(!!(x), 0)
> > >>>>                                             ^
> > >>>>  1 warning generated.
> > >>>>
> > >>>> It is not wrong in the case where ULONG_MAX > UINT_MAX but it does not
> > >>>> account for the case where this file is built for 32-bit x86, where
> > >>>> ULONG_MAX == UINT_MAX and this check is still relevant.
> > >>>>
> > >>>> Cast remain to unsigned long, which keeps the generated code the same
> > >>>> (verified with clang-11 on x86_64 and GCC 9.2.0 on x86 and x86_64) and
> > >>>> the warning is silenced so we can catch more potential issues in the
> > >>>> future.
> > >>>>
> > >>>> Link: https://github.com/ClangBuiltLinux/linux/issues/778
> > >>>> Suggested-by: Michel Dänzer <michel@...nzer.net>
> > >>>> Signed-off-by: Nathan Chancellor <natechancellor@...il.com>
> > >>>
> > >>> Works for me as a workaround,
> > >>
> > >> But the whole point was that the compiler could see that it was
> > >> impossible and not emit the code. Doesn't this break that?
> > >
> > > It seems that goal and the warning are fundamentally incompatible.
> >
> > Not really:
> >
> >     if (sizeof(remain) >= sizeof(unsigned long) &&
> >         unlikely(remain > N_RELOC(ULONG_MAX)))
> >              return -EINVAL;
> >
> > In contrast to the cast, this doesn't generate any machine code on 64-bit:
> >
> > https://godbolt.org/z/GmUE4S
> >
> > but still generates the same code on 32-bit:
> >
> > https://godbolt.org/z/hAoz8L
> 
> Exactly.
> 
> This check is only a tautology when `sizeof(long) == sizeof(int)` (ie.
> ILP32 platforms, like 32b x86), notice how BOTH GCC AND Clang generate
> exactly the same code: https://godbolt.org/z/6ShrDM
> 
> Both compilers eliminate the check when `-m32` is not set, and
> generate the exact same check otherwise.  How about:
> ```
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> index d3f4f28e9468..25b9d3f3ad57 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> @@ -1415,8 +1415,10 @@ static int eb_relocate_vma(struct
> i915_execbuffer *eb, struct eb_vma *ev)
> 
>         urelocs = u64_to_user_ptr(entry->relocs_ptr);
>         remain = entry->relocation_count;
> +#ifndef CONFIG_64BIT
>         if (unlikely(remain > N_RELOC(ULONG_MAX)))
>                 return -EINVAL;
> +#endif
> 
>         /*
>          * We must check that the entire relocation array is safe
> ```
> 
> We now have 4 proposed solutions:
> 1. https://lore.kernel.org/lkml/20191123195321.41305-1-natechancellor@gmail.com/
> 2. https://lore.kernel.org/lkml/20200211050808.29463-1-natechancellor@gmail.com/
> 3. https://lore.kernel.org/lkml/20200214054706.33870-1-natechancellor@gmail.com/
> 4. my diff above
> Let's please come to a resolution on this.

This is the only warning on an x86_64 defconfig build. Apologies if we
are being too persistent or nagging but we need guidance from the i915
maintainers on which solution they would prefer so it can be picked up.
I understand you all are busy and I appreciate the work you all do but
I do not want this to fall between the cracks because it is annoying to
constantly see this warning.

Cheers,
Nathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ