lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1eaa025ba7104edd815c9ac66d5790e4@AcuMS.aculab.com>
Date:   Sat, 24 Oct 2020 16:58:25 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Linus Torvalds' <torvalds@...ux-foundation.org>,
        'Peter Anvin' <hpa@...or.com>
CC:     'Rasmus Villemoes' <linux@...musvillemoes.dk>,
        'Thomas Gleixner' <tglx@...utronix.de>,
        'Ingo Molnar' <mingo@...hat.com>,
        'Borislav Petkov' <bp@...en8.de>,
        'the arch/x86 maintainers' <x86@...nel.org>,
        "'Sean Christopherson'" <sean.j.christopherson@...el.com>,
        'Naresh Kamboju' <naresh.kamboju@...aro.org>,
        'Linux Kernel Mailing List' <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] x86/uaccess: fix code generation in put_user()

From: David Laight
> Sent: 23 October 2020 22:52
...
> Could do_put_user() do an initial check for 64 bit
> then expand a different #define that contains the actual
> code passing either "a" or "A" for the constriant.
> 
> Apart from another level of indirection nothing is duplicated.

This code seems to compile to something sensible.
It does need change the registers that get_user_n() must
use - the normal return value is now in %ax (and %dx for
64bit values on 32bit systems, with the error in %cx.
(I've not actually tested it.)

#define __inttype_max(x, _max) __typeof__(      \
        __typefits(x,char,                      \
          __typefits(x,short,                   \
            __typefits(x,int,                   \
              __typefits(x,long,_max)))))

#define __inttype(x) __inttype_max(x, 0ULL)

#define get_user_1(x, ptr, type, constraint)                            \
({                                                                      \
        int __ret_gu;                                                   \
        type __val_gu;                                                  \
        asm volatile("call __get_user_%P4"                              \
                     : "=c" (__ret_gu), constraint (__val_gu),          \
                        ASM_CALL_CONSTRAINT                             \
                     : "a" (ptr), "i" (sizeof(*(ptr))));                \
        (x) = (__force __typeof__(*(ptr))) __val_gu;                    \
        __builtin_expect(__ret_gu, 0);                                  \
})

#define get_user(x, ptr)                                                \
({                                                                      \
        __chk_user_ptr(ptr);                                            \
        might_fault();                                                  \
        (sizeof *(ptr) > sizeof(long))                                  \
                ? get_user_1(x, ptr, long long, "=A")                   \
                : get_user_1(x, ptr, __inttype_max(*(ptr),0ul), "=a");  \
})

The __inttype_max() is needed (I think) because clang will try (and fail)
to generate the asm for 64bit values on 32bit systems.
So the type needs limiting to 32bits.
Always using 'long' works - but generates extra casts.

The "=A" constraint (%rax or %rdx) is never used on 64bit because
the test is always false.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ