lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5dff8bff-4b36-4766-9da5-385aeb304474@mkarcher.dialup.fu-berlin.de>
Date: Thu, 4 Sep 2025 16:14:18 +0200
From: Michael Karcher <kernel@...rcher.dialup.fu-berlin.de>
To: Andreas Larsson <andreas@...sler.com>,
 Anthony Yznaga <anthony.yznaga@...cle.com>, linux-kernel@...r.kernel.org
Cc: sparclinux@...r.kernel.org,
 John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>
Subject: Re: [PATCH 2/4] sparc: fix accurate exception reporting in
 copy_{from_to}_user for UltraSPARC III

Am 04.09.2025 um 16:05 schrieb Andreas Larsson:
> On 2025-08-30 10:35, Michael Karcher wrote:
>>> I think there should be a little more text about the nature of the failure. Maybe:
>> I will add something like that in v2 of the series.
>> Do you think it is useful to add the message ID
>> b14f55642207e63e907965e209f6323a0df6dcee.camel@...sik.fu-berlin.de
>> as well, or an abbreviated backtrace from that message?
>> I suppose, that is the BUG_ON you are referring to.
> If that is the message referred to, I think it is a good idea to refer
> to it, in addition to a description. If so, please do it on the form of
> a lore link, like this:
>
> https://lore.kernel.org/r/<message-id>

My current draft for v2 has this text, including the link.

> Anthony Yznaga tracked down that a BUG_ON in ext4 code with large folios
> enabled resulted from copy_from_user() returning impossibly large values
> greater than the size to be copied. This lead to __copy_from_iter()
> returning impossible values instead of the actual number of bytes it was
> able to copy.
>
> The BUG_ON has been reported in
> https://lore.kernel.org/r/b14f55642207e63e907965e209f6323a0df6dcee.camel@physik.fu-berlin.de
>
> Fixes: ee841d0aff64 ("sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.")
> Tested-by: John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>
> Reviewed-by: Anthony Yznaga <anthony.yznaga@...cle.com>
> Tested-by: René Rebe <rene@...ctcode.com> # UltraSparc III+ and UltraSparc IIIi
> Signed-off-by: Michael Karcher <kernel@...rcher.dialup.fu-berlin.de>

I will add a short explanation to the other commits, possibly this text

> copy_from_user and copy_to_user use exception handlers on user-space access
> instructions that return from the respective function and calculate the
> remaining bytes left to copy from the current register contents. This commit
> fixes a couple of bad calculations. This will fix the return value of
> copy_from_user and copy_to_user in the faulting case. The behaviour of
> memcpy stays unchanged.

That text will be pasted into all the commits, and if only loads or only stores
need to be fixed, it will only mention copy_from_user or copy_to_user.

Thanks for your feedback and kind regards
   Michael Karcher


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ