| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <32a0f305-031b-e4da-345d-0f03b2b42189@csgroup.eu>
Date: Tue, 27 Apr 2021 07:05:12 +0200
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Nathan Chancellor <nathan@...nel.org>,
Michael Ellerman <mpe@...erman.id.au>
Cc: Nick Desaulniers <ndesaulniers@...gle.com>,
linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com,
Paul Mackerras <paulus@...ba.org>,
linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH] powerpc: Avoid clang uninitialized warning in
__get_user_size_allowed
Le 26/04/2021 à 22:35, Nathan Chancellor a écrit :
> Commit 9975f852ce1b ("powerpc/uaccess: Remove calls to __get_user_bad()
> and __put_user_bad()") switch to BUILD_BUG() in the default case, which
> leaves x uninitialized. This will not be an issue because the build will
> be broken in that case but clang does static analysis before it realizes
> the default case will be done so it warns about x being uninitialized
> (trimmed for brevity):
>
> In file included from mm/mprotect.c:13:
> In file included from ./include/linux/hugetlb.h:28:
> In file included from ./include/linux/mempolicy.h:16:
> ./include/linux/pagemap.h:772:16: warning: variable '__gu_val' is used
> uninitialized whenever switch default is taken [-Wsometimes-uninitialized]
> if (unlikely(__get_user(c, uaddr) != 0))
> ^~~~~~~~~~~~~~~~~~~~
> ./arch/powerpc/include/asm/uaccess.h:266:2: note: expanded from macro '__get_user'
> __get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ./arch/powerpc/include/asm/uaccess.h:235:2: note: expanded from macro
> '__get_user_size_allowed'
> default: BUILD_BUG(); \
> ^~~~~~~
>
> Commit 5cd29b1fd3e8 ("powerpc/uaccess: Use asm goto for get_user when
> compiler supports it") added an initialization for x because of the same
> reason. Do the same thing here so there is no warning across all
> versions of clang.
Ah yes, I tested with Clang 11 which has CONFIG_CC_HAS_ASM_GOTO_OUTPUT, that's the reason why I hit
that warning only in the CONFIG_CC_HAS_ASM_GOTO_OUTPUT branch.
But regardless, is that normal that Clang warns that on a never taken branch ? That's puzzling.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/1359
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>
Acked-by: Christophe Leroy <christophe.leroy@...roup.eu>
> ---
> arch/powerpc/include/asm/uaccess.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
> index a4e791bcd3fe..a09e4240c5b1 100644
> --- a/arch/powerpc/include/asm/uaccess.h
> +++ b/arch/powerpc/include/asm/uaccess.h
> @@ -232,7 +232,7 @@ do { \
> case 2: __get_user_asm(x, (u16 __user *)ptr, retval, "lhz"); break; \
> case 4: __get_user_asm(x, (u32 __user *)ptr, retval, "lwz"); break; \
> case 8: __get_user_asm2(x, (u64 __user *)ptr, retval); break; \
> - default: BUILD_BUG(); \
> + default: x = 0; BUILD_BUG(); \
> } \
> } while (0)
>
>
> base-commit: ee6b25fa7c037e42cc5f3b5c024b2a779edab6dd
>
Powered by blists - more mailing lists