| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250722105034.GA2845@redhat.com>
Date: Tue, 22 Jul 2025 12:50:35 +0200
From: Oleg Nesterov <oleg@...hat.com>
To: David Laight <david.laight.linux@...il.com>
Cc: Ingo Molnar <mingo@...hat.com>, Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
"Li,Rongqing" <lirongqing@...du.com>,
Steven Rostedt <rostedt@...dmis.org>, linux-kernel@...r.kernel.org,
x86@...nel.org
Subject: Re: [PATCH] x86/math64: handle #DE in mul_u64_u64_div_u64()
On 07/21, David Laight wrote:
>
> On Mon, 21 Jul 2025 15:04:22 +0200
> Oleg Nesterov <oleg@...hat.com> wrote:
>
> > Change mul_u64_u64_div_u64() to return ULONG_MAX if the result doesn't
> > fit u64, this matches the generic implementation in lib/math/div64.c.
>
> Not quite, the generic version is likely to trap on divide by zero.
I meant that the generic implementation returns -1ul too if the result
doesn't fit into u64.
> I think it would be better to always trap (eg BUG_ON(!div)).
Well, I don't like adding a BUG_ON(), but OK.
> The trouble there is that (an ignored) ~(u64)0 is likely to cause another
> arithmetic overflow with even more consequences.
>
> So I'm not at all sure what it should look like or whether 0 is a better
> error return (esp for div == 0).
I'm not sure either but x86/generic versions should be consistent. Let's
discuss this and possibly change both implementations later?
> > static inline u64 mul_u64_u64_div_u64(u64 a, u64 mul, u64 div)
> > {
> > + int ok = 0;
> > u64 q;
> >
> > - asm ("mulq %2; divq %3" : "=a" (q)
> > - : "a" (a), "rm" (mul), "rm" (div)
> > - : "rdx");
> > + asm ("mulq %3; 1: divq %4; movl $1,%1; 2:\n"
>
> The "movl $1,%1" is a 5 byte instruction.
> Better to use either 'incl' or get the constraints right for 'movb'
Agreed, thanks,
> > + if (ok)
> > + return q;
> > + WARN_ON_ONCE(!div);
>
> I think you need to WARN for overflow as well as divide by zero.
The generic implementation doesn't WARN... OK, I won't argue.
How about
static inline u64 mul_u64_u64_div_u64(u64 a, u64 mul, u64 div)
{
char ok = 0;
u64 q;
asm ("mulq %3; 1: divq %4; movb $1,%1; 2:\n"
_ASM_EXTABLE(1b, 2b)
: "=a" (q), "+r" (ok)
: "a" (a), "rm" (mul), "rm" (div)
: "rdx");
if (ok)
return q;
BUG_ON(!div);
WARN_ON_ONCE(1);
return ~(u64)0;
}
?
Oleg.
Powered by blists - more mailing lists