lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <73E0BBBC-434D-4877-8E43-F995F8F4FE25@fb.com>
Date:   Mon, 30 Nov 2020 18:19:34 +0000
From:   Nick Terrell <terrelln@...com>
To:     Gao Xiang <hsiangkao@...hat.com>
CC:     Andrew Morton <akpm@...ux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        "linux-erofs@...ts.ozlabs.org" <linux-erofs@...ts.ozlabs.org>,
        Yann Collet <yann.collet.73@...il.com>,
        "Miao Xie" <miaoxie@...wei.com>, Chao Yu <yuchao0@...wei.com>,
        Li Guifu <bluce.liguifu@...wei.com>,
        Guo Xuenan <guoxuenan@...wei.com>
Subject: Re: [PATCH v2] lib/lz4: explicitly support in-place decompression



> On Nov 21, 2020, at 7:07 PM, Gao Xiang <hsiangkao@...hat.com> wrote:
> 
> LZ4 final literal copy could be overlapped when doing
> in-place decompression, so it's unsafe to just use memcpy()
> on an optimized memcpy approach but memmove() instead.
> 
> Upstream LZ4 has updated this years ago [1] (and the impact
> is non-sensible [2] plus only a few bytes remain), this commit
> just synchronizes LZ4 upstream code to the kernel side as well.
> 
> It can be observed as EROFS in-place decompression failure
> on specific files when X86_FEATURE_ERMS is unsupported,
> memcpy() optimization of commit 59daa706fbec ("x86, mem:
> Optimize memcpy by avoiding memory false dependece") will
> be enabled then.
> 
> Currently most modern x86-CPUs support ERMS, these CPUs just
> use "rep movsb" approach so no problem at all. However, it can
> still be verified with forcely disabling ERMS feature...
> 
> arch/x86/lib/memcpy_64.S:
>        ALTERNATIVE_2 "jmp memcpy_orig", "", X86_FEATURE_REP_GOOD, \
> -                     "jmp memcpy_erms", X86_FEATURE_ERMS
> +                     "jmp memcpy_orig", X86_FEATURE_ERMS
> 
> We didn't observe any strange on arm64/arm/x86 platform before
> since most memcpy() would behave in an increasing address order
> ("copy upwards" [3]) and it's the correct order of in-place
> decompression but it really needs an update to memmove() for sure
> considering it's an undefined behavior according to the standard
> and some unique optimization already exists in the kernel.
> 
> [1] https://github.com/lz4/lz4/commit/33cb8518ac385835cc17be9a770b27b40cd0e15b
> [2] https://github.com/lz4/lz4/pull/717#issuecomment-497818921
> [3] https://sourceware.org/bugzilla/show_bug.cgi?id=12518 
> Cc: Yann Collet <yann.collet.73@...il.com>
> Cc: Nick Terrell <terrelln@...com>
> Cc: Miao Xie <miaoxie@...wei.com>
> Cc: Chao Yu <yuchao0@...wei.com>
> Cc: Li Guifu <bluce.liguifu@...wei.com>
> Cc: Guo Xuenan <guoxuenan@...wei.com>
> Signed-off-by: Gao Xiang <hsiangkao@...hat.com>
> ---
> changes since v1:
> - refine commit message;
> - Cc more people.
> 
> Hi Andrew,
> 
> Could you kindly consider picking this patch up, although
> the impact is EROFS but it touchs in-kernel lz4 library
> anyway...
> 
> Thanks,
> Gao Xiang
> 
> lib/lz4/lz4_decompress.c | 6 +++++-
> lib/lz4/lz4defs.h        | 1 +
> 2 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
> index 00cb0d0b73e1..8a7724a6ce2f 100644
> --- a/lib/lz4/lz4_decompress.c
> +++ b/lib/lz4/lz4_decompress.c
> @@ -263,7 +263,11 @@ static FORCE_INLINE int LZ4_decompress_generic(
> 				}
> 			}
> 
> -			LZ4_memcpy(op, ip, length);
> +			/*
> +			 * supports overlapping memory regions; only matters
> +			 * for in-place decompression scenarios
> +			 */
> +			LZ4_memmove(op, ip, length);
> 			ip += length;
> 			op += length;
> 
> diff --git a/lib/lz4/lz4defs.h b/lib/lz4/lz4defs.h
> index c91dd96ef629..673bd206aa98 100644
> --- a/lib/lz4/lz4defs.h
> +++ b/lib/lz4/lz4defs.h
> @@ -146,6 +146,7 @@ static FORCE_INLINE void LZ4_writeLE16(void *memPtr, U16 value)
>  * environments. This is needed when decompressing the Linux Kernel, for example.
>  */
> #define LZ4_memcpy(dst, src, size) __builtin_memcpy(dst, src, size)
> +#define LZ4_memmove(dst, src, size) __builtin_memmove(dst, src, size)
> 
> static FORCE_INLINE void LZ4_copy8(void *dst, const void *src)
> {
> -- 
> 2.18.4
> 

Looks good to me! You can add:

Reviewed-by: Nick Terrell <terrelln@...com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ