| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aMq-VKIo-tYoGRSz@J2N7QTR9R3>
Date: Wed, 17 Sep 2025 14:57:40 +0100
From: Mark Rutland <mark.rutland@....com>
To: Yeoreum Yun <yeoreum.yun@....com>
Cc: catalin.marinas@....com, will@...nel.org, broonie@...nel.org,
maz@...nel.org, oliver.upton@...ux.dev, joey.gouly@....com,
james.morse@....com, ardb@...nel.org, scott@...amperecomputing.com,
suzuki.poulose@....com, yuzenghui@...wei.com,
linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v8 5/5] arm64: futex: support futex with FEAT_LSUI
On Wed, Sep 17, 2025 at 02:35:09PM +0100, Yeoreum Yun wrote:
> Hi Mark,
Hi Levi,
Please can you keep the relevant reply headers (i.e. the bit that says
"On ${DATE} ${PERSON} wrote:")? You kept yours from your first reply,
but dropped mine from the reply you're replying to, which is a bit
awkward for anyone following the thread.
> > Aside from the retry issue, I *think* you can simplify this to something
> > like:
> >
> > static __always_inline int
> > __lsui_cmpxchg32(u32 __user *uaddr, u32 oldval, u32 newval, u32 *oval)
> > {
> > uaddr64 = (u64 __user *)PTR_ALIGN_DOWN(uaddr, sizeof(u64));
> > u64 oval64, nval64, orig64;
> >
> > if (get_user(oval64, uaddr64)
> > return -EFAULT;
> >
> > if (IS_ALIGNED(addr, sizeof(u64)) == IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN)) {
Note: typo here, this should be 'uaddr', not 'addr'. Importantly it is
*NOT* 'uaddr64'
> > FIELD_MODIFY(GENMASK_U64(31, 0), &oval64, oldval);
> > FIELD_MODIFY(GENMASK_U64(31, 0), &nval64, newval);
> > } else {
> > FIELD_MODIFY(GENMASK_U64(63, 32), &oval64, oldval);
> > FIELD_MODIFY(GENMASK_U64(63, 32), &nval64, newval);
> > }
> > orig64 = oval64;
> >
> > if (__lsui_cmpxchg64(uaddr_al, &oval64, nval64))
> > return -EFAULT;
> >
> > if (oval64 != orig64)
> > return -EAGAIN;
> >
> > *oval = oldval;
> > return 0;
> > }
>
> Hmm I think this wouldn'b cover the case below when big-endianess used.
>
> struct {
> u32 others 0x55667788;
> u32 futex = 0x11223344;
> };
>
> In this case, memory layout would be:
>
> 55 66 77 88 11 22 33 44
>
> So, the value of fetched oval64 is 0x5566778811223344;
Ok, so the entire struct is aligned to 8 bytes, and the 'futex' field is
4 bytes after that (and not itself aligned to 8 bytes). In that case:
IS_ALIGNED(uaddr, sizeof(u64)) is false, becuase 'futex' is not
aligned to 8 bytes.
IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN) is false, since this is
big-endian.
... so the condition becomes:
if (false == false)
... which is true, and hence we execute the first branch:
FIELD_MODIFY(GENMASK_U64(31, 0), &oval64, oldval);
FIELD_MODIFY(GENMASK_U64(31, 0), &nval64, newval);
> So, it should modify the GENMASK_U64(31, 0) fields.
> But, it tries to modify GENMASK_U64(63, 32) fields.
As above, I think the code does the right thing in this case, but the
typo didn't help -- sorry about that.
Mark.
Powered by blists - more mailing lists