lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Feb 2022 22:28:32 -0600
From:   Dinh Nguyen <dinguyen@...nel.org>
To:     Arnd Bergmann <arnd@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Christoph Hellwig <hch@....de>, linux-arch@...r.kernel.org,
        linux-mm@...ck.org, linux-api@...r.kernel.org, arnd@...db.de,
        linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk
Cc:     linux@...linux.org.uk, will@...nel.org, guoren@...nel.org,
        bcain@...eaurora.org, geert@...ux-m68k.org, monstr@...str.eu,
        tsbogend@...ha.franken.de, nickhu@...estech.com,
        green.hu@...il.com, shorne@...il.com, deller@....de,
        mpe@...erman.id.au, peterz@...radead.org, mingo@...hat.com,
        mark.rutland@....com, hca@...ux.ibm.com, dalias@...c.org,
        davem@...emloft.net, richard@....at, x86@...nel.org,
        jcmvbkbc@...il.com, ebiederm@...ssion.com,
        akpm@...ux-foundation.org, ardb@...nel.org,
        linux-alpha@...r.kernel.org, linux-snps-arc@...ts.infradead.org,
        linux-csky@...r.kernel.org, linux-hexagon@...r.kernel.org,
        linux-ia64@...r.kernel.org, linux-m68k@...ts.linux-m68k.org,
        linux-mips@...r.kernel.org, openrisc@...ts.librecores.org,
        linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
        linux-riscv@...ts.infradead.org, linux-s390@...r.kernel.org,
        linux-sh@...r.kernel.org, sparclinux@...r.kernel.org,
        linux-um@...ts.infradead.org, linux-xtensa@...ux-xtensa.org
Subject: Re: [PATCH v2 02/18] uaccess: fix nios2 and microblaze get_user_8()



On 2/16/22 07:13, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@...db.de>
> 
> These two architectures implement 8-byte get_user() through
> a memcpy() into a four-byte variable, which won't fit.
> 
> Use a temporary 64-bit variable instead here, and use a double
> cast the way that risc-v and openrisc do to avoid compile-time
> warnings.
> 
> Fixes: 6a090e97972d ("arch/microblaze: support get_user() of size 8 bytes")
> Fixes: 5ccc6af5e88e ("nios2: Memory management")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
>   arch/microblaze/include/asm/uaccess.h | 18 +++++++++---------
>   arch/nios2/include/asm/uaccess.h      | 26 ++++++++++++++++----------
>   2 files changed, 25 insertions(+), 19 deletions(-)
> 
> diff --git a/arch/microblaze/include/asm/uaccess.h b/arch/microblaze/include/asm/uaccess.h
> index 5b6e0e7788f4..3fe96979d2c6 100644
> --- a/arch/microblaze/include/asm/uaccess.h
> +++ b/arch/microblaze/include/asm/uaccess.h
> @@ -130,27 +130,27 @@ extern long __user_bad(void);
>   
>   #define __get_user(x, ptr)						\
>   ({									\
> -	unsigned long __gu_val = 0;					\
>   	long __gu_err;							\
>   	switch (sizeof(*(ptr))) {					\
>   	case 1:								\
> -		__get_user_asm("lbu", (ptr), __gu_val, __gu_err);	\
> +		__get_user_asm("lbu", (ptr), x, __gu_err);		\
>   		break;							\
>   	case 2:								\
> -		__get_user_asm("lhu", (ptr), __gu_val, __gu_err);	\
> +		__get_user_asm("lhu", (ptr), x, __gu_err);		\
>   		break;							\
>   	case 4:								\
> -		__get_user_asm("lw", (ptr), __gu_val, __gu_err);	\
> +		__get_user_asm("lw", (ptr), x, __gu_err);		\
>   		break;							\
> -	case 8:								\
> -		__gu_err = __copy_from_user(&__gu_val, ptr, 8);		\
> -		if (__gu_err)						\
> -			__gu_err = -EFAULT;				\
> +	case 8: {							\
> +		__u64 __x = 0;						\
> +		__gu_err = raw_copy_from_user(&__x, ptr, 8) ?		\
> +							-EFAULT : 0;	\
> +		(x) = (typeof(x))(typeof((x) - (x)))__x;		\
>   		break;							\
> +	}								\
>   	default:							\
>   		/* __gu_val = 0; __gu_err = -EINVAL;*/ __gu_err = __user_bad();\
>   	}								\
> -	x = (__force __typeof__(*(ptr))) __gu_val;			\
>   	__gu_err;							\
>   })
>   
> diff --git a/arch/nios2/include/asm/uaccess.h b/arch/nios2/include/asm/uaccess.h
> index ba9340e96fd4..ca9285a915ef 100644
> --- a/arch/nios2/include/asm/uaccess.h
> +++ b/arch/nios2/include/asm/uaccess.h
> @@ -88,6 +88,7 @@ extern __must_check long strnlen_user(const char __user *s, long n);
>   /* Optimized macros */
>   #define __get_user_asm(val, insn, addr, err)				\
>   {									\
> +	unsigned long __gu_val;						\
>   	__asm__ __volatile__(						\
>   	"       movi    %0, %3\n"					\
>   	"1:   " insn " %1, 0(%2)\n"					\
> @@ -96,14 +97,20 @@ extern __must_check long strnlen_user(const char __user *s, long n);
>   	"       .section __ex_table,\"a\"\n"				\
>   	"       .word 1b, 2b\n"						\
>   	"       .previous"						\
> -	: "=&r" (err), "=r" (val)					\
> +	: "=&r" (err), "=r" (__gu_val)					\
>   	: "r" (addr), "i" (-EFAULT));					\
> +	val = (__force __typeof__(*(addr)))__gu_val;			\
>   }
>   
> -#define __get_user_unknown(val, size, ptr, err) do {			\
> +extern void __get_user_unknown(void);
> +
> +#define __get_user_8(val, ptr, err) do {				\
> +	u64 __val = 0;							\
>   	err = 0;							\
> -	if (__copy_from_user(&(val), ptr, size)) {			\
> +	if (raw_copy_from_user(&(__val), ptr, sizeof(val))) {		\
>   		err = -EFAULT;						\
> +	} else {							\
> +		val = (typeof(val))(typeof((val) - (val)))__val;	\
>   	}								\
>   	} while (0)
>   
> @@ -119,8 +126,11 @@ do {									\
>   	case 4:								\
>   		__get_user_asm(val, "ldw", ptr, err);			\
>   		break;							\
> +	case 8:								\
> +		__get_user_8(val, ptr, err);				\
> +		break;							\
>   	default:							\
> -		__get_user_unknown(val, size, ptr, err);		\
> +		__get_user_unknown();					\
>   		break;							\
>   	}								\
>   } while (0)
> @@ -129,9 +139,7 @@ do {									\
>   	({								\
>   	long __gu_err = -EFAULT;					\
>   	const __typeof__(*(ptr)) __user *__gu_ptr = (ptr);		\
> -	unsigned long __gu_val = 0;					\
> -	__get_user_common(__gu_val, sizeof(*(ptr)), __gu_ptr, __gu_err);\
> -	(x) = (__force __typeof__(x))__gu_val;				\
> +	__get_user_common(x, sizeof(*(ptr)), __gu_ptr, __gu_err);	\
>   	__gu_err;							\
>   	})
>   
> @@ -139,11 +147,9 @@ do {									\
>   ({									\
>   	long __gu_err = -EFAULT;					\
>   	const __typeof__(*(ptr)) __user *__gu_ptr = (ptr);		\
> -	unsigned long __gu_val = 0;					\
>   	if (access_ok( __gu_ptr, sizeof(*__gu_ptr)))	\
> -		__get_user_common(__gu_val, sizeof(*__gu_ptr),		\
> +		__get_user_common(x, sizeof(*__gu_ptr),			\
>   			__gu_ptr, __gu_err);				\
> -	(x) = (__force __typeof__(x))__gu_val;				\
>   	__gu_err;							\
>   })
>   

Acked-by: Dinh Nguyen <dinguyen@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ