lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250121202310.GA979442@bhelgaas>
Date: Tue, 21 Jan 2025 14:23:10 -0600
From: Bjorn Helgaas <helgaas@...nel.org>
To: Hans Zhang <18255117159@....com>, Jon Hunter <jonathanh@...dia.com>
Cc: manivannan.sadhasivam@...aro.org, kw@...ux.com, kishon@...nel.org,
	arnd@...db.de, gregkh@...uxfoundation.org,
	linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org,
	rockswang7@...il.com, Niklas Cassel <cassel@...nel.org>,
	linux-tegra@...r.kernel.org
Subject: Re: [v11 2/2] misc: pci_endpoint_test: Fix overflow of bar_size

On Tue, Jan 21, 2025 at 05:46:43PM +0000, Jon Hunter wrote:
> On 09/01/2025 09:45, Hans Zhang wrote:
> > With 8GB BAR2, running pcitest -b 2 fails with "TEST FAILED".
> > 
> > The return value of the `pci_resource_len` interface is not an integer.
> > Using `pcitest` with an 8GB BAR2, the bar_size of integer type will
> > overflow.
> > 
> > Change the data type of bar_size from integer to resource_size_t, to fix
> > the above issue.
> > 
> > Signed-off-by: Hans Zhang <18255117159@....com>
> > Suggested-by: Niklas Cassel <cassel@...nel.org>
> > Reviewed-by: Niklas Cassel <cassel@...nel.org>
> > ---
> > Changes since v10:
> > https://lore.kernel.org/linux-pci/20250108080951.1700230-3-18255117159@163.com/
> > 
> > - Replace do_div with the div_u64 API.
> > 
> > Changes since v8-v9:
> > https://lore.kernel.org/linux-pci/20250104151652.1652181-1-18255117159@163.com/
> > 
> > - Split the patch.
> > 
> > Changes since v4-v7:
> > https://lore.kernel.org/linux-pci/20250102120222.1403906-1-18255117159@163.com/
> > 
> > - Fix 32-bit OS warnings and errors.
> > - Fix undefined reference to `__udivmoddi4`
> > 
> > Changes since v3:
> > https://lore.kernel.org/linux-pci/20241221141009.27317-1-18255117159@163.com/
> > 
> > - The patch subject were modified.
> > 
> > Changes since v2:
> > https://lore.kernel.org/linux-pci/20241220075253.16791-1-18255117159@163.com/
> > 
> > - Fix "changes" part goes below the --- line
> > - The patch commit message were modified.
> > 
> > Changes since v1:
> > https://lore.kernel.org/linux-pci/20241217121220.19676-1-18255117159@163.com/
> > 
> > - The patch subject and commit message were modified.
> > ---
> >   drivers/misc/pci_endpoint_test.c | 5 +++--
> >   1 file changed, 3 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c
> > index f78c7540c52c..0f6291801078 100644
> > --- a/drivers/misc/pci_endpoint_test.c
> > +++ b/drivers/misc/pci_endpoint_test.c
> > @@ -280,10 +280,11 @@ static int pci_endpoint_test_bar_memcmp(struct pci_endpoint_test *test,
> >   static bool pci_endpoint_test_bar(struct pci_endpoint_test *test,
> >   				  enum pci_barno barno)
> >   {
> > -	int j, bar_size, buf_size, iters;
> > +	int j, buf_size, iters;
> >   	void *write_buf __free(kfree) = NULL;
> >   	void *read_buf __free(kfree) = NULL;
> >   	struct pci_dev *pdev = test->pdev;
> > +	resource_size_t bar_size;
> >   	if (!test->bar[barno])
> >   		return false;
> > @@ -307,7 +308,7 @@ static bool pci_endpoint_test_bar(struct pci_endpoint_test *test,
> >   	if (!read_buf)
> >   		return false;
> > -	iters = bar_size / buf_size;
> > +	iters = div_u64(bar_size, buf_size);
> >   	for (j = 0; j < iters; j++)
> >   		if (pci_endpoint_test_bar_memcmp(test, barno, buf_size * j,
> >   						 write_buf, read_buf, buf_size))
> 
> 
> This change breaks building the kernel with GCC v7 and I see ...
> 
> ERROR: modpost: "__aeabi_uldivmod" [drivers/misc/pci_endpoint_test.ko]
> undefined!
> ERROR: modpost: "__aeabi_ldivmod" [drivers/misc/pci_endpoint_test.ko]
> undefined!
> 
> I know that this is an old GCC version, but this is a farm builder and the
> kernel still indicates that GCC v5.1 is still supported [0].
> 
> Jon
> 
> [0] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/Documentation/process/changes.rst

Dropping from pci/endpoint-test for now until this gets sorted out.

For reference, the current iteration (the one I'm dropping) is below:

commit c6e73776c0c4 ("misc: pci_endpoint_test: Prevent bar_size overflow")
Author: Hans Zhang <18255117159@....com>
Date:   Thu Jan 9 17:45:56 2025 +0800

    misc: pci_endpoint_test: Prevent bar_size overflow
    
    Running 'pcitest -b 2' fails with "TEST FAILED" when the BAR2 size
    exceeds 4GB.
    
    The return value of the pci_resource_len() macro can be larger than that
    of a signed integer type. As such, for example, when using 'pcitest'
    with an 8GB BAR2, the bar_size of the integer type will overflow.
    
    Change bar_size from integer to resource_size_t to prevent integer
    overflow for large BAR sizes with 32-bit compilers.  Similarly, use
    div_u64() to perform 64-bit division in that situation.
    
    Link: https://lore.kernel.org/r/20250109094556.1724663-3-18255117159@163.com
    Signed-off-by: Hans Zhang <18255117159@....com>
    [kwilczynski: commit log]
    Signed-off-by: Krzysztof WilczyƄski <kwilczynski@...nel.org>
    [bhelgaas: pick up commit log update from
    https://lore.kernel.org/r/Z4jTEkznMUcApzbe@ryzen]
    Signed-off-by: Bjorn Helgaas <bhelgaas@...gle.com>
    Reviewed-by: Niklas Cassel <cassel@...nel.org>
    Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>


diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c
index be0c7c870e6a..abe6c8f03fca 100644
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -283,10 +283,11 @@ static int pci_endpoint_test_bar_memcmp(struct pci_endpoint_test *test,
 static bool pci_endpoint_test_bar(struct pci_endpoint_test *test,
 				  enum pci_barno barno)
 {
-	int j, bar_size, buf_size, iters;
+	int j, buf_size, iters;
 	void *write_buf __free(kfree) = NULL;
 	void *read_buf __free(kfree) = NULL;
 	struct pci_dev *pdev = test->pdev;
+	resource_size_t bar_size;
 
 	if (!test->bar[barno])
 		return false;
@@ -310,7 +311,7 @@ static bool pci_endpoint_test_bar(struct pci_endpoint_test *test,
 	if (!read_buf)
 		return false;
 
-	iters = bar_size / buf_size;
+	iters = div_u64(bar_size, buf_size);
 	for (j = 0; j < iters; j++)
 		if (pci_endpoint_test_bar_memcmp(test, barno, buf_size * j,
 						 write_buf, read_buf, buf_size))

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ