lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZbCpWDQuymTbdgz5@google.com>
Date: Tue, 23 Jan 2024 22:08:24 -0800
From: Dmitry Torokhov <dmitry.torokhov@...il.com>
To: Dave Hansen <dave.hansen@...el.com>
Cc: Dipendra Khadka <kdipendra88@...il.com>, tglx@...utronix.de,
	mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com,
	x86@...nel.org, hpa@...or.com, mjguzik@...il.com,
	ira.weiny@...el.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86: Fixes warning: cast removes address space '__user'
 of expression in uaccess_64.h

On Fri, Nov 17, 2023 at 07:19:12AM -0800, Dave Hansen wrote:
> On 11/16/23 09:38, Dipendra Khadka wrote:
> > Sparse has identified a warning as follows:
> > 
> > ./arch/x86/include/asm/uaccess_64.h:88:24: warning: cast removes address space '__user' of expression.
> > 
> > Since the valid_user_address(x) macro implicitly casts the argument
> > to long and compares the converted value of x to zero, casting ptr
> > to unsigned long has no functional impact and does not trigger a 
> > Sparse warning either.
> 
> Why does sparse complain about a cast to 'long' but not 'unsigned long'?
>  Both remove the '__user' address space from the expression.  Were there
> just so many __user pointers being cast to 'unsigned long' that there's
> an exception in sparse for 'void __user *' => 'unsigned long'?

Yes, unsigned long is special:

commit 7816e4c4a2dba6fef24c9a52c6b17a8cde0c8138
Author: Linus Torvalds <torvalds@...970.osdl.org>
Date:   Mon May 31 13:18:57 2004 -0700

    Allow casting of user pointers to "unsigned long".

    It's reasonably common to do special pointer arithmetic
    in unsigned long, and making people force the cast just
    adds noise.


I wonder if we should have:

#define valid_user_address(x) ((__force long)(x) >= 0)

or  

#define valid_user_address(x) ((long)(unsigned long)(x) >= 0)

Thanks.

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ