lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <17020e56-b0a9-4705-8ee3-c675eca99490@arm.com>
Date: Tue, 20 Aug 2024 06:55:16 +0530
From: Anshuman Khandual <anshuman.khandual@....com>
To: Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org
Cc: Ard Biesheuvel <ardb@...nel.org>,
 Andrew Morton <akpm@...ux-foundation.org>, Yury Norov
 <yury.norov@...il.com>, Rasmus Villemoes <linux@...musvillemoes.dk>,
 Linux-Arch <linux-arch@...r.kernel.org>
Subject: Re: [PATCH V3 1/2] uapi: Define GENMASK_U128



On 8/19/24 12:43, Arnd Bergmann wrote:
> On Fri, Aug 16, 2024, at 08:28, Anshuman Khandual wrote:
>>
>> This is caused by ((unsigned __int128)(1) << (128)) which is generated
>> via (h + 1) element in __GENMASK_U128().
>>
>> #define _BIT128(x)	((unsigned __int128)(1) << (x))
>> #define __GENMASK_U128(h, l) \
>> 	((_BIT128((h) + 1)) - (_BIT128(l)))
> 
> Right, makes sense.
> 
>>
>> The most significant bit in the generate mask can be added separately
>> , thus voiding that extra shift. The following patch solves the build
>> problem.
>>
>> diff --git a/include/uapi/linux/bits.h b/include/uapi/linux/bits.h
>> index 4d4b7b08003c..4e50f635c6d9 100644
>> --- a/include/uapi/linux/bits.h
>> +++ b/include/uapi/linux/bits.h
>> @@ -13,6 +13,6 @@
>>           (~_ULL(0) >> (__BITS_PER_LONG_LONG - 1 - (h))))
>>
>>  #define __GENMASK_U128(h, l) \
>> -       ((_BIT128((h) + 1)) - (_BIT128(l)))
>> +       (((_BIT128(h)) - (_BIT128(l))) | (_BIT128(h)))
> 
> This could probably use a comment then, as it's less intuitive.

Right, a comment explaining the need for this additional bit to
cover the corner 127 bit case could be added for reference.

> 
> Another solution might be to use a double shift, as in
> 
> #define __GENMASK_U128(h, l) \
>        ((_BIT128((h)) << 1) - (_BIT128(l)))

This looks much cleaner, passed all the tests without warning.
But for the above 127 bit case, wondering how the bit position
is managed after the second shift operation because it still
goes beyond __int128 element's 128 bit representation.

(_BIT128((127)) << 1)
(((unsigned __int128)(1) << (127)) << 1)

Should not the second shift operation warn about the possible
overflow scenario ? But actually it does not. Or the compiler
is too smart in detecting what's happening next in the overall
equation and do the needful while creating the mask below the
highest bit.

> 
> but I have not checked if this is correct for all inputs
> or if it avoids the warning. Your version looks fine to
> me otherwise.

This approach is much cleaner, passes all tests without warning,
unless something else shows up, will fold this in instead.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ