lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKwvOd=KxY5PBgedkerrL_3BAV_ri8N4F-=piJ6tQXHwFDSr3g@mail.gmail.com>
Date:   Tue, 7 Jun 2022 16:43:32 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Andrew Morton <akpm@...ux-foundation.org>,
        Justin Stitt <jstitt007@...il.com>
Cc:     Nathan Chancellor <nathan@...nel.org>, Tom Rix <trix@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        clang-built-linux <llvm@...ts.linux.dev>,
        Richard Smith <richardsmith@...gle.com>
Subject: Re: [PATCH] include/uapi/linux/swab.h: add __u16 cast to __swab16 conditional

On Tue, Jun 7, 2022 at 4:21 PM Andrew Morton <akpm@...ux-foundation.org> wrote:
>
> On Tue, 7 Jun 2022 15:42:56 -0700 Nick Desaulniers <ndesaulniers@...gle.com> wrote:
>
> > On Tue, Jun 7, 2022 at 3:27 PM Andrew Morton <akpm@...ux-foundation.org> wrote:
> > >
> > > On Tue,  7 Jun 2022 15:20:06 -0700 Justin Stitt <jstitt007@...il.com> wrote:
> > >
> > > > if __HAVE_BUILTIN_BSWAP16__ is defined then __swab16 utilizes a __u16 cast.
> > > > This same cast should be used if __HAVE_BUILTIN_BSWAP16__ is not defined as
> > > > well. This should fix loads (at least a few) clang -Wformat warnings
> > > > specifically with `ntohs()`
> > > >
> > > > ...
> > > >
> > > > --- a/include/uapi/linux/swab.h
> > > > +++ b/include/uapi/linux/swab.h
> > > > @@ -102,7 +102,7 @@ static inline __attribute_const__ __u32 __fswahb32(__u32 val)
> > > >  #define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
> > > >  #else
> > > >  #define __swab16(x)                          \
> > > > -     (__builtin_constant_p((__u16)(x)) ?     \
> > > > +     (__u16)(__builtin_constant_p((__u16)(x)) ?      \
> > > >       ___constant_swab16(x) :                 \
> > > >       __fswab16(x))
> > > >  #endif
> > >
> > > More explanation, please?  Both ___constant_swab16() and __fswab16()
> > > return __u16, so why does this patch have any effect?
> > >
> >
> > See this example:
> > https://godbolt.org/z/fzE73jn13
> > And the ImplicitCastExpr nodes adding to the AST:
> > https://godbolt.org/z/oYeYxYdKW
> >
> > Both the second and third operand are promoted to int.
> >
> > C11: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1548.pdf
> >
> > 6.5.15/5
> > >> If both the second and third operands have arithmetic type, the result type that would be determined by the usual arithmetic conversions, were they applied to those two operands, is the type of the result.
> > 6.3.1.8/1
> > >> Otherwise, the integer promotions are performed on both operands.
> > 6.3.1.1/2
> > >> If an int can represent all values of the original type (as restricted by the width, for a bit-field), the value is converted to an int; otherwise, it is converted to an unsigned int. These are called the integer promotions.
>
> Geeze.  Can we please turn this into English and add it to the changelog?
>
> Is it saying that an expression
>
>         int ? u16 : u16
>
> has type int?

Yep.

> Or something else?

Technically, the `int` in your example (the first operand) doesn't
matter. Could be a `long long` or a `char` and it would not matter.

> What did we do wrong here and is it

Perhaps the simplest English explanation would be "ternary expressions
with then/else clauses with types smaller than int undergo implicit
promotion to int."

> possible to correct our types rather than adding a cast?

I think the cast is the explicit cast back to __u16 way to go here,
IMO.  I don't think anything within the ternary could be changed to
avoid implicit promotions.


Justin, can you please send a v2 removing the casts withing
__builtin_constant_p (as in the diff I posted previously in this
thread) and with the below text added to the commit message:

Ternary expressions with then/else clauses with types smaller than int
undergo implicit promotion to int. Cast the result of the ternary back
to the expected __u16 to match the type when __HAVE_BUILTIN_BSWAP16__
is defined.

Also remove pointless casts within __builtin_constant_p argument lists.
--
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ