| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250520224314.7f929b5f@pumpkin>
Date: Tue, 20 May 2025 22:43:14 +0100
From: David Laight <david.laight.linux@...il.com>
To: Nicolas Pitre <npitre@...libre.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org,
u.kleine-koenig@...libre.com, Oleg Nesterov <oleg@...hat.com>, Peter
Zijlstra <peterz@...radead.org>, Biju Das <biju.das.jz@...renesas.com>
Subject: Re: [PATCH v2 next 2/4] lib: mul_u64_u64_div_u64() Use BUG_ON() for
divide by zero
On Mon, 19 May 2025 22:21:15 -0400 (EDT)
Nicolas Pitre <npitre@...libre.com> wrote:
> On Sun, 18 May 2025, David Laight wrote:
>
> > Do an explicit BUG_ON(!divisor) instead of hoping the 'undefined
> > behaviour' the compiler generated for a compile-time 1/0 is in any
> > way useful.
> >
> > It may be better to define the function to return ~(u64)0 for
> > divide by zero.
> >
> > Signed-off-by: David Laight <david.laight.linux@...il.com>
> > ---
> >
> > A new change for v2 of the patchset.
> > Whereas gcc inserts (IIRC) 'ud2' clang is likely to let the code
> > continue and generate 'random' results for any 'undefined bahaviour'.
>
> clang does exactly the same as gcc.
Did you see the recent 'rant' from Linus about the way clang handles UB.
I'm pretty sure 'divide by zero' is UB, valid options include.
- Jump to random location in the current function (what Linus was ranting).
- Jump to any random location with any register values.
- Enable user access to all kernel memory.
- Permanently damage your cpu.
- Make your computer catch fire.
- Send an ICBM to some unspecified location.
If you want a 'divide by zero' error you better generate one. eg:
int n = 0;
OPTIMSER_HIDE_VAR(n);
i = 1 / n;
David
>
> As mentioned earlier, this is a soft NAK from me.
>
> The above explanation is more speculation than fact. And here we really
> want to duplicate the behavior a regular runtime 32-bit by 32-bit x/0
> would produce, or in other words behave just like div64_u64() for that
> matter.
>
> > lib/math/div64.c | 10 +++-------
> > 1 file changed, 3 insertions(+), 7 deletions(-)
> >
> > diff --git a/lib/math/div64.c b/lib/math/div64.c
> > index a5c966a36836..c426fa0660bc 100644
> > --- a/lib/math/div64.c
> > +++ b/lib/math/div64.c
> > @@ -186,6 +186,9 @@ EXPORT_SYMBOL(iter_div_u64_rem);
> > #ifndef mul_u64_u64_div_u64
> > u64 mul_u64_u64_div_u64(u64 a, u64 b, u64 d)
> > {
> > + /* Trigger exception if divisor is zero */
> > + BUG_ON(!d);
> > +
> > if (ilog2(a) + ilog2(b) <= 62)
> > return div64_u64(a * b, d);
> >
> > @@ -212,13 +215,6 @@ u64 mul_u64_u64_div_u64(u64 a, u64 b, u64 d)
> >
> > #endif
> >
> > - /* make sure d is not zero, trigger exception otherwise */
> > -#pragma GCC diagnostic push
> > -#pragma GCC diagnostic ignored "-Wdiv-by-zero"
> > - if (unlikely(d == 0))
> > - return 1/0;
> > -#pragma GCC diagnostic pop
> > -
> > int shift = __builtin_ctzll(d);
> >
> > /* try reducing the fraction in case the dividend becomes <= 64 bits */
> > --
> > 2.39.5
> >
> >
Powered by blists - more mailing lists