lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 3 Mar 2023 09:36:17 -0800
From:   David Matlack <dmatlack@...gle.com>
To:     Mingwei Zhang <mizhang@...gle.com>
Cc:     "Wang, Wei W" <wei.w.wang@...el.com>,
        "pbonzini@...hat.com" <pbonzini@...hat.com>,
        "Christopherson,, Sean" <seanjc@...gle.com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v1] KVM: allow KVM_BUG/KVM_BUG_ON to handle 64-bit cond

On Thu, Mar 02, 2023 at 09:53:35PM -0800, Mingwei Zhang wrote:
> On Thu, Mar 2, 2023 at 5:50 PM Wang, Wei W <wei.w.wang@...el.com> wrote:
> >
> > On Friday, March 3, 2023 2:12 AM, Mingwei Zhang wrote:
> > > > On Thursday, March 2, 2023 12:55 PM, Mingwei Zhang wrote:
> > > > > I don't get it. Why bothering the type if we just do this?
> > > > >
> > > > > diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> > > > > index 4f26b244f6d0..10455253c6ea 100644
> > > > > --- a/include/linux/kvm_host.h
> > > > > +++ b/include/linux/kvm_host.h
> > > > > @@ -848,7 +848,7 @@ static inline void kvm_vm_bugged(struct kvm
> > > > > *kvm)
> > > > >
> > > > >  #define KVM_BUG(cond, kvm, fmt...)                           \
> > > > >  ({                                                           \
> > > > > -     int __ret = (cond);                                     \
> > > > > +     int __ret = !!(cond);                                   \
> > > >
> > > > This is essentially "bool __ret". No biggie to change it this way.
> > >
> > > !! will return an int, not a boolean, but it is used as a boolean.
> >
> > What's the point of defining it as an int when actually being used as a Boolean?
> > Original returning of an 'int' is a bug in this sense. Either returning a Boolean or
> > the same type (length) as cond is good way to me.
> 
> What's the point of using an integer? I think we need to ask the
> original author. But I think one of the reasons might be convenience
> as the return value. I am not sure if we can return a boolean in the
> function. But it should be fine here since it is a macro.
> 
> Anyway, returning an 'int' is not a bug. The bug is the casting from
> 'cond' to the integer that may lose information and this is what you
> have captured.

typeof() won't work if cond is a bitfield. See commit 8d4fbcfbe0a4 ("Fix
WARN_ON() on bitfield ops") from Linus from back in 2007:

commit 8d4fbcfbe0a4bfc73e7f0297c59ae514e1f1436f
Author: Linus Torvalds <torvalds@...dy.linux-foundation.org>
Date:   Tue Jul 31 21:12:07 2007 -0700

    Fix WARN_ON() on bitfield ops

    Alexey Dobriyan noticed that the new WARN_ON() semantics that were
    introduced by commit 684f978347deb42d180373ac4c427f82ef963171 (to also
    return the value to be warned on) didn't compile when given a bitfield,
    because the typeof doesn't work for bitfields.

    So instead of the typeof trick, use an "int" variable together with a
    "!!(x)" expression, as suggested by Al Viro.

    To make matters more interesting, Paul Mackerras points out that that is
    sub-optimal on Power, but the old asm-coded comparison seems to be buggy
    anyway on 32-bit Power if the conditional was 64-bit, so I think there
    are more problems there.

    Regardless, the new WARN_ON() semantics may have been a bad idea.  But
    this at least avoids the more serious complications.

    Cc: Alexey Dobriyan <adobriyan@...ru>
    Cc: Herbert Xu <herbert@...dor.apana.org.au>
    Cc: Paul Mackerras <paulus@...ba.org>
    Cc: Al Viro <viro@....linux.org.uk>
    Cc: Ingo Molnar <mingo@...e.hu>
    Cc: Andrew Morton <akpm@...l.org>
    Signed-off-by: Linus Torvalds <torvalds@...l.org>

diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h
index 344e3091af24..d56fedbb457a 100644
--- a/include/asm-generic/bug.h
+++ b/include/asm-generic/bug.h
@@ -33,7 +33,7 @@ struct bug_entry {

 #ifndef HAVE_ARCH_WARN_ON
 #define WARN_ON(condition) ({                                          \
-       typeof(condition) __ret_warn_on = (condition);                  \
+       int __ret_warn_on = !!(condition);                              \
        if (unlikely(__ret_warn_on)) {                                  \
                printk("WARNING: at %s:%d %s()\n", __FILE__,            \
                        __LINE__, __FUNCTION__);                        \
@
[...]

As for int versus bool, I don't see a strong argument for either. So let's
stick with int since that's what the current code is using and that
aligns with the generic kernel WARN_ON().

If someone wants to propose using a bool instead of an int that should
be a separate commit anyway and needs an actual justification.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ