lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 4 May 2020 18:14:43 -0700
From:   Jesse Brandeburg <>
To:     Nick Desaulniers <>
Cc:     <>,
        <>, <>,
        <>, <>,
        <>, <>,
        <>, <>, <>,
        <>, <>
Subject: Re: [PATCH v6 1/2] x86: fix bitops.h warning with a moved cast

On Mon, 4 May 2020 12:51:12 -0700
Nick Desaulniers <> wrote:

> Sorry for the very late report.  It turns out that if your config
> tickles __builtin_constant_p just right, this now produces invalid
> assembly:
> $ cat foo.c
> long a(long b, long c) {
>   asm("orb\t%1, %0" : "+q"(c): "r"(b));
>   return c;
> }
> $ gcc foo.c
> foo.c: Assembler messages:
> foo.c:2: Error: `%rax' not allowed with `orb'
> The "q" constraint only has meanting on -m32 otherwise is treated as
> "r".
> Since we have the mask (& 0xff), can we drop the `b` suffix from the
> instruction? Or is a revert more appropriate? Or maybe another way to
> skin this cat?

Figures that such a small change can create problems :-( Sorry for the

The patches in the link below basically add back the cast, but I'm
interested to see if any others can come up with a better fix that
a) passes the above code generation test
b) still keeps sparse happy
c) passes the test module and the code inspection

If need be I'm OK with a revert of the original patch to fix the issue
in the short term, but it seems to me there must be a way to satisfy
both tools.  We went through several iterations on the way to the final
patch that we might be able to pluck something useful from.

> Link:
> This is blowing up our KernelCI reports.

Bummer, how come none of those KernelCI reports are part of
zero-day testing at
I'm interested in your answer but don't want to pollute this thread,
feel free to contact me directly for this one or start a new thread?

Powered by blists - more mailing lists