lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aaf5ac33-cd24-3b82-a034-2fc1d43d443f@csgroup.eu>
Date:   Wed, 1 Jul 2020 09:05:04 +0200
From:   Christophe Leroy <christophe.leroy@...roup.eu>
To:     Segher Boessenkool <segher@...nel.crashing.org>
Cc:     Michael Ellerman <mpe@...erman.id.au>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Paul Mackerras <paulus@...ba.org>, npiggin@...il.com,
        linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] powerpc/uaccess: Use flexible addressing with
 __put_user()/__get_user()



Le 30/06/2020 à 23:18, Segher Boessenkool a écrit :
> Hi again,
> 
> Thanks for your work so far!
> 
> On Tue, Jun 30, 2020 at 06:53:39PM +0000, Christophe Leroy wrote:
>> On 06/30/2020 04:33 PM, Segher Boessenkool wrote:
>>>>> + make -s CC=powerpc64-linux-gnu-gcc -j 160
>>>>> In file included from /linux/include/linux/uaccess.h:11:0,
>>>>>                   from /linux/include/linux/sched/task.h:11,
>>>>>                   from /linux/include/linux/sched/signal.h:9,
>>>>>                   from /linux/include/linux/rcuwait.h:6,
>>>>>                   from /linux/include/linux/percpu-rwsem.h:7,
>>>>>                   from /linux/include/linux/fs.h:33,
>>>>>                   from /linux/include/linux/huge_mm.h:8,
>>>>>                   from /linux/include/linux/mm.h:675,
>>>>>                   from /linux/arch/powerpc/kernel/signal_32.c:17:
>>>>> /linux/arch/powerpc/kernel/signal_32.c: In function
>>>>> 'save_user_regs.isra.14.constprop':
>>>>> /linux/arch/powerpc/include/asm/uaccess.h:161:2: error: 'asm' operand has
>>>>> impossible constraints
>>>>>    __asm__ __volatile__(     \
>>>>>    ^
>>>>> /linux/arch/powerpc/include/asm/uaccess.h:197:12: note: in expansion of
>>>>> macro '__put_user_asm'
>>>>>      case 4: __put_user_asm(x, ptr, retval, "stw"); break; \
>>>>>              ^
>>>>> /linux/arch/powerpc/include/asm/uaccess.h:206:2: note: in expansion of
>>>>> macro '__put_user_size_allowed'
>>>>>    __put_user_size_allowed(x, ptr, size, retval);  \
>>>>>    ^
>>>>> /linux/arch/powerpc/include/asm/uaccess.h:220:2: note: in expansion of
>>>>> macro '__put_user_size'
>>>>>    __put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err); \
>>>>>    ^
>>>>> /linux/arch/powerpc/include/asm/uaccess.h:96:2: note: in expansion of
>>>>> macro '__put_user_nocheck'
>>>>>    __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
>>>>>    ^
>>>>> /linux/arch/powerpc/kernel/signal_32.c:120:7: note: in expansion of macro
>>>>> '__put_user'
>>>>>     if (__put_user((unsigned int)gregs[i], &frame->mc_gregs[i]))
>>>>>         ^
>>>
>>> Can we see what that was after the macro jungle?  Like, the actual
>>> preprocessed code?
>>
>> Sorry for previous misunderstanding
>>
>> Here is the code:
>>
>> #define __put_user_asm(x, addr, err, op)			\
>> 	__asm__ __volatile__(					\
>> 		"1:	" op "%U2%X2 %1,%2	# put_user\n"	\
>> 		"2:\n"						\
>> 		".section .fixup,\"ax\"\n"			\
>> 		"3:	li %0,%3\n"				\
>> 		"	b 2b\n"					\
>> 		".previous\n"					\
>> 		EX_TABLE(1b, 3b)				\
>> 		: "=r" (err)					\
>> 		: "r" (x), "m<>" (*addr), "i" (-EFAULT), "0" (err))
> 
> Yeah I don't see it.  I'll have to look at compiler debug dumps, but I
> don't have any working 4.9 around, and I cannot reproduce this with
> either older or newer compilers.

I reproduced it with 4.8.5

> 
> It is complainig that constrain_operands just does not work *at all* on
> this "m<>" constraint apparently, which doesn't make much sense.
> 

Here is a small reproducer:

#include <linux/elf.h>
#include <linux/ptrace.h>
#include <linux/uaccess.h>

struct mcontext {
	elf_gregset_t32		mc_gregs;
	elf_fpregset_t		mc_fregs;
	unsigned int		mc_pad[2];
	elf_vrregset_t32	mc_vregs __attribute__((__aligned__(16)));
	elf_vsrreghalf_t32      mc_vsregs __attribute__((__aligned__(16)));
};

int save_general_regs(struct pt_regs *regs, struct mcontext __user *frame)
{
	elf_greg_t64 *gregs = (elf_greg_t64 *)regs;
	int i;

	for (i = 0; i <= PT_RESULT; i ++) {
		if (i == 14)
			i = 32;
		if (__put_user((unsigned int)gregs[i], &frame->mc_gregs[i]))
			return -EFAULT;
	}
	return 0;
}


If you remove the "if i == 14 ..." you get no failure.

Preprocessor result:

int save_general_regs(struct pt_regs *regs, struct mcontext *frame)
{
  elf_greg_t64 *gregs = (elf_greg_t64 *)regs;
  int i;

  for (i = 0; i <= 43; i ++) {
   if (i == 14)
    i = 32;
   if (({ long __pu_err; __typeof__(*((&frame->mc_gregs[i]))) *__pu_addr 
= ((&frame->mc_gregs[i])); __typeof__(*((&frame->mc_gregs[i]))) __pu_val 
= ((__typeof__(*(&frame->mc_gregs[i])))((unsigned int)gregs[i])); 
__typeof__(sizeof(*(&frame->mc_gregs[i]))) __pu_size = 
(sizeof(*(&frame->mc_gregs[i]))); if (!(((unsigned long)__pu_addr) >= 
0x8000000000000000ul)) might_fault(); (void)0; do { 
allow_write_to_user(__pu_addr, __pu_size); do { __pu_err = 0; switch 
(__pu_size) { case 1: __asm__ __volatile__( "1:	" "stb" "%U2%X2 %1,%2	# 
put_user\n" "2:\n" ".section .fixup,\"ax\"\n" "3:	li %0,%3\n" "	b 2b\n" 
".previous\n" ".section __ex_table,\"a\";" " " ".balign 4;" " " ".long 
(1b) - . ;" " " ".long (3b) - . ;" " " ".previous" " " : "=r" (__pu_err) 
: "r" (__pu_val), "m<>" (*__pu_addr), "i" (-14), "0" (__pu_err)); break; 
case 2: __asm__ __volatile__( "1:	" "sth" "%U2%X2 %1,%2	# put_user\n" 
"2:\n" ".section .fixup,\"ax\"\n" "3:	li %0,%3\n" "	b 2b\n" 
".previous\n" ".section __ex_table,\"a\";" " " ".balign 4;" " " ".long 
(1b) - . ;" " " ".long (3b) - . ;" " " ".previous" " " : "=r" (__pu_err) 
: "r" (__pu_val), "m<>" (*__pu_addr), "i" (-14), "0" (__pu_err)); break; 
case 4: __asm__ __volatile__( "1:	" "stw" "%U2%X2 %1,%2	# put_user\n" 
"2:\n" ".section .fixup,\"ax\"\n" "3:	li %0,%3\n" "	b 2b\n" 
".previous\n" ".section __ex_table,\"a\";" " " ".balign 4;" " " ".long 
(1b) - . ;" " " ".long (3b) - . ;" " " ".previous" " " : "=r" (__pu_err) 
: "r" (__pu_val), "m<>" (*__pu_addr), "i" (-14), "0" (__pu_err)); break; 
case 8: __asm__ __volatile__( "1:	" "std" "%U2%X2 %1,%2	# put_user\n" 
"2:\n" ".section .fixup,\"ax\"\n" "3:	li %0,%3\n" "	b 2b\n" 
".previous\n" ".section __ex_table,\"a\";" " " ".balign 4;" " " ".long 
(1b) - . ;" " " ".long (3b) - . ;" " " ".previous" " " : "=r" (__pu_err) 
: "r" (__pu_val), "m<>" (*__pu_addr), "i" (-14), "0" (__pu_err)); break; 
default: __put_user_bad(); } } while (0); 
prevent_write_to_user(__pu_addr, __pu_size); } while (0); __pu_err; }))
    return -14;
  }
  return 0;
}


Christophe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ