lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKwvOdmtX8Y8eWESYj4W-H-KF7cZx6w1NbSjoSPt5x5U9ezQUQ@mail.gmail.com>
Date:   Mon, 13 Sep 2021 14:15:21 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Arnd Bergmann <arnd@...nel.org>,
        Sedat Dilek <sedat.dilek@...il.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Naresh Kamboju <naresh.kamboju@...aro.org>,
        Nathan Chancellor <natechancellor@...il.com>,
        Baokun Li <libaokun1@...wei.com>,
        open list <linux-kernel@...r.kernel.org>,
        linux-stable <stable@...r.kernel.org>,
        Hulk Robot <hulkci@...wei.com>,
        Josef Bacik <josef@...icpanda.com>,
        Jens Axboe <axboe@...nel.dk>, Sasha Levin <sashal@...nel.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>,
        lkft-triage@...ts.linaro.org, llvm@...ts.linux.dev,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH 5.14 018/334] nbd: add the check to prevent overflow in __nbd_ioctl()

On Mon, Sep 13, 2021 at 2:13 PM Nick Desaulniers
<ndesaulniers@...gle.com> wrote:
>
> On Mon, Sep 13, 2021 at 1:50 PM Nick Desaulniers
> <ndesaulniers@...gle.com> wrote:
> >
> > On Mon, Sep 13, 2021 at 1:42 PM Linus Torvalds
> > <torvalds@...ux-foundation.org> wrote:
> > >
> > > On Mon, Sep 13, 2021 at 1:16 PM Nick Desaulniers
> > > <ndesaulniers@...gle.com> wrote:
> > > >
> > > > Do we have access to _Generic in GCC 4.9?
> > >
> > > We've ended up using it unconditionally since last year, so yes.
> >
> > Sorry, grepping would have taken < 1s. I'm very lazy.
> > http://threevirtues.com/
> >
> > >
> > > In fact, the compiler version tests got removed when we raised the gcc
> > > version requirement to 4.9 in commit 6ec4476ac825 ("Raise gcc version
> > > requirement to 4.9"):
> > >
> > >    "In particular, raising the minimum to 4.9 means that we can now just
> > >     assume _Generic() exists, which is likely the much better replacement
> > >     for a lot of very convoluted built-time magic with conditionals on
> > >     sizeof and/or __builtin_choose_expr() with same_type() etc"
> > >
> > > but we haven't used it much since.
> > >
> > > The "seqprop" code for picking the right lock for seqlock is perhaps
> > > the main example, and staring at that code will make you go blind, so
> > > look away.
> >
> > Looking at my patch:
> > https://lore.kernel.org/stable/20210913203201.1844253-1-ndesaulniers@google.com/
> > I don't think _Generic helps us in the case of dispatching based on
> > the result of is_signed_type() (the operands could undergo type
> > promotion, so we'd need lots of cases that are more concisely covered
> > by is_signed_type()). It could replace the nested checks in div_64
> > with nested _Generics, I think. Not sure it's a huge win for
> > readability.  Maybe cut the number of expansions of the parameters in
> > half though. Let me give it a try just to see what it looks like.
>
> Is this more readable? Same line count.  I'm not sure if there's such
> a thing as "fallthrough" between the "cases" of _Generic to minimize
> duplication, or whether this could be factored further.  Needs lots
> more () around macro param use and tab'ed out line endings...

Sorry wrong diff:
diff --git a/include/linux/math64.h b/include/linux/math64.h
index bc9c12c168d0..8fc4d56a45b9 100644
--- a/include/linux/math64.h
+++ b/include/linux/math64.h
@@ -162,18 +162,18 @@ static inline s64 div_s64(s64 dividend, s32 divisor)
                div_u64(dividend, divisor));            \
 })

+#define __div_64(dividend, divisor) _Generic((divisor),        \
+  s64: div64_x64(dividend, divisor),   \
+  u64: div64_x64(dividend, divisor),   \
+  default: div_x64(dividend, divisor))
+
 #define div_64(dividend, divisor) ({
         \
        BUILD_BUG_ON_MSG(sizeof(dividend) > sizeof(u64),
         \
                         "128b div unsupported");
         \
-       __builtin_choose_expr(
         \
-               __builtin_types_compatible_p(typeof(dividend), s64) ||
         \
-               __builtin_types_compatible_p(typeof(dividend), u64),
         \
-               __builtin_choose_expr(
         \
-                       __builtin_types_compatible_p(typeof(divisor),
s64) ||   \
-                       __builtin_types_compatible_p(typeof(divisor),
u64),     \
-                       div64_x64(dividend, divisor),
         \
-                       div_x64(dividend, divisor)),
         \
-               dividend / divisor);
         \
+       _Generic((dividend),    \
+               s64: __div_64(dividend, divisor),       \
+               u64: __div_64(dividend, divisor),       \
+               default: dividend / divisor);   \
 })
-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ