lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <dbd203b1-3988-4c9c-909c-2d1f7f173a0d@o2.pl>
Date:   Thu, 21 Apr 2022 22:47:01 +0200
From:   Mateusz Jończyk <mat.jonczyk@...pl>
To:     netdev@...r.kernel.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Cc:     David Laight <David.Laight@...LAB.COM>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Christophe Leroy <christophe.leroy@...roup.eu>,
        Anshuman Khandual <anshuman.khandual@....com>,
        linux-rdma@...r.kernel.org
Subject: "mm: uninline copy_overflow()" breaks i386 build in Mellanox MLX4

Hello,

commit ad7489d5262d ("mm: uninline copy_overflow()")

breaks for me a build for i386 in the Mellanox MLX4 driver:

        In file included from ./arch/x86/include/asm/preempt.h:7,
                         from ./include/linux/preempt.h:78,
                         from ./include/linux/percpu.h:6,
                         from ./include/linux/context_tracking_state.h:5,
                         from ./include/linux/hardirq.h:5,
                         from drivers/net/ethernet/mellanox/mlx4/cq.c:37:
        In function ‘check_copy_size’,
            inlined from ‘copy_to_user’ at ./include/linux/uaccess.h:159:6,
            inlined from ‘mlx4_init_user_cqes’ at drivers/net/ethernet/mellanox/mlx4/cq.c:317:9,
            inlined from ‘mlx4_cq_alloc’ at drivers/net/ethernet/mellanox/mlx4/cq.c:394:10:
        ./include/linux/thread_info.h:228:4: error: call to ‘__bad_copy_from’ declared with attribute error: copy source size is too small
          228 |    __bad_copy_from();
              |    ^~~~~~~~~~~~~~~~~
        make[5]: *** [scripts/Makefile.build:288: drivers/net/ethernet/mellanox/mlx4/cq.o] Błąd 1
        make[4]: *** [scripts/Makefile.build:550: drivers/net/ethernet/mellanox/mlx4] Błąd 2
        make[3]: *** [scripts/Makefile.build:550: drivers/net/ethernet/mellanox] Błąd 2
        make[2]: *** [scripts/Makefile.build:550: drivers/net/ethernet] Błąd 2
        make[1]: *** [scripts/Makefile.build:550: drivers/net] Błąd 2

Reverting this commit fixes the build. Disabling Mellanox Ethernet drivers
in Kconfig (tested only with also disabling of all Infiniband support) also fixes the build.

It appears that uninlining of copy_overflow() causes GCC to analyze the code deeper.

The code in mlx4_init_user_cqes, for reference:

        static int mlx4_init_user_cqes(void *buf, int entries, int cqe_size)
        {
                int entries_per_copy = PAGE_SIZE / cqe_size;
                void *init_ents;
                int err = 0;
                int i;

                init_ents = kmalloc(PAGE_SIZE, GFP_KERNEL);
                // ...
                if (entries_per_copy < entries) {
                        // ...
                } else {
                        // BUG here
                        err = copy_to_user((void __user *)buf, init_ents,
                                        array_size(entries, cqe_size)) ?
                                -EFAULT : 0;
                }

                // ...
        }

My setup: Ubuntu 20.04, gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)

I was using lightly modified Kconfig from Debian i386 Linux packages.

Greetings,

Mateusz Jończyk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ