lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6f55c3f0-7c10-1697-17da-79b4807c2498@rasmusvillemoes.dk>
Date:   Mon, 16 May 2022 13:16:12 +0200
From:   Rasmus Villemoes <linux@...musvillemoes.dk>
To:     Kees Cook <keescook@...omium.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>
Cc:     kernel test robot <lkp@...el.com>,
        Vitor Massaru Iha <vitor@...saru.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Daniel Latypov <dlatypov@...gle.com>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] lib: overflow: Always build 64-bit test cases

On 12/05/2022 14.10, Rasmus Villemoes wrote:
> On 11/05/2022 19.45, Kees Cook wrote:
>> There shouldn't be a reason to not build the 64-bit test cases on 32-bit
>> systems; the types exist there too. Remove the #ifdefs.
>>
>> Reported-by: kernel test robot <lkp@...el.com>
>> Link: https://lore.kernel.org/lkml/202205110324.7GrtxG8u-lkp@intel.com
>> Fixes: 455a35a6cdb6 ("lib: add runtime test of check_*_overflow functions")
> 
> The patch is fine, but I disagree with that Fixes tag. Back then, i.e.
> when the overflow checkers were implemented via macros on old enough
> compilers, they simply didn't work for 64 bit types (because of the
> usual 64 bit division problems) - so anybody trying to use the multiply
> overflow checker, including of course the test suite, would get a build
> error on old compilers. You yourself did that: "[kees: add output to
> commit log, drop u64 tests on 32-bit]"
> 

And if you want something that can be backported, getting rid of that
"defined but unused" warning while also enabling checking of the
overflow fallbacks that were actually usable (the add and sub ones), you
could do a two-step thing, the first step being something like
(completely untested)

diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c
index 475f0c064bf6..f46c0f6e26c4 100644
--- a/lib/overflow_kunit.c
+++ b/lib/overflow_kunit.c
@@ -236,8 +236,10 @@ static void do_test_ ## t(struct kunit *test, const
struct test_ ## t *p) \
        check_one_op(t, fmt, add, "+", p->a, p->b, p->sum, p->s_of);    \
        check_one_op(t, fmt, add, "+", p->b, p->a, p->sum, p->s_of);    \
        check_one_op(t, fmt, sub, "-", p->a, p->b, p->diff, p->d_of);   \
-       check_one_op(t, fmt, mul, "*", p->a, p->b, p->prod, p->p_of);   \
-       check_one_op(t, fmt, mul, "*", p->b, p->a, p->prod, p->p_of);   \
+       if (BITS_PER_LONG == 64 || sizeof(t) < 8) {                     \
+               check_one_op(t, fmt, mul, "*", p->a, p->b, p->prod,
p->p_of); \
+               check_one_op(t, fmt, mul, "*", p->b, p->a, p->prod,
p->p_of); \
+       }                                                               \
 }                                                                      \
                                                                        \
 static void t ## _overflow_test(struct kunit *test) {                  \
@@ -255,10 +257,8 @@ DEFINE_TEST_FUNC(u16, "%d");
 DEFINE_TEST_FUNC(s16, "%d");
 DEFINE_TEST_FUNC(u32, "%u");
 DEFINE_TEST_FUNC(s32, "%d");
-#if BITS_PER_LONG == 64
 DEFINE_TEST_FUNC(u64, "%llu");
 DEFINE_TEST_FUNC(s64, "%lld");
-#endif

 static void overflow_shift_test(struct kunit *test)
 {

and then in a second, not-for-backporting, patch remove that if() again.

Rasmus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ