lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <77b38aa7-a8b1-4450-8c50-379f130dda16@roeck-us.net>
Date: Thu, 11 Jan 2024 15:57:28 -0800
From: Guenter Roeck <linux@...ck-us.net>
To: Linus Torvalds <torvalds@...ux-foundation.org>,
 Yoshinori Sato <ysato@...rs.sourceforge.jp>, Rich Felker <dalias@...c.org>,
 John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>
Cc: Miklos Szeredi <mszeredi@...hat.com>, linux-fsdevel@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
 linux-man@...r.kernel.org, linux-security-module@...r.kernel.org,
 Karel Zak <kzak@...hat.com>, Ian Kent <raven@...maw.net>,
 David Howells <dhowells@...hat.com>, Al Viro <viro@...iv.linux.org.uk>,
 Christian Brauner <christian@...uner.io>, Amir Goldstein
 <amir73il@...il.com>, Matthew House <mattlloydhouse@...il.com>,
 Florian Weimer <fweimer@...hat.com>, Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH v4 5/6] add listmount(2) syscall

On 1/11/24 12:14, Linus Torvalds wrote:
> On Thu, 11 Jan 2024 at 10:57, Guenter Roeck <linux@...ck-us.net> wrote:
>>
>> Any variance of put_user() with &buf[ctr] or buf + ctr fails
>> if ctr is a variable and permitted to be != 0.
> 
> Crazy. But the 64-bit put_user() is a bit special and tends to require
> more registers (the 64-bit value is passed in two registers), so that
> probably then results in the ICE.
> 
> Side note: looking at the SH version of __put_user_u64(), I think it's
> buggy and is missing the exception handler for the second 32-bit move.
> I dunno, I don't read sh asm, but it looks suspicious.
> 

I wonder if something may be wrong with the definition and use of __m
for u64 accesses. The code below also fixes the build problem.

But then I really don't know what

struct __large_struct { unsigned long buf[100]; };
#define __m(x) (*(struct __large_struct __user *)(x))

is supposed to be doing in the first place, and I still don't understand
why the problem only shows up with CONFIG_MMU=n.

Guenter

---
diff --git a/arch/sh/include/asm/uaccess_32.h b/arch/sh/include/asm/uaccess_32.h
index 5d7ddc092afd..f0451a37b6ff 100644
--- a/arch/sh/include/asm/uaccess_32.h
+++ b/arch/sh/include/asm/uaccess_32.h
@@ -196,7 +196,7 @@ __asm__ __volatile__( \
         ".long  1b, 3b\n\t" \
         ".previous" \
         : "=r" (retval) \
-       : "r" (val), "m" (__m(addr)), "i" (-EFAULT), "0" (retval) \
+       : "r" (val), "m" (*(u64 *)(addr)), "i" (-EFAULT), "0" (retval) \
          : "memory"); })
  #else
  #define __put_user_u64(val,addr,retval) \
@@ -218,7 +218,7 @@ __asm__ __volatile__( \
         ".long  1b, 3b\n\t" \
         ".previous" \
         : "=r" (retval) \
-       : "r" (val), "m" (__m(addr)), "i" (-EFAULT), "0" (retval) \
+       : "r" (val), "m" (*(u64 *)(addr)), "i" (-EFAULT), "0" (retval) \
          : "memory"); })
  #endif

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ