| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <875xdhaaun.ffs@tglx>
Date: Wed, 17 Sep 2025 07:48:00 +0200
From: Thomas Gleixner <tglx@...utronix.de>
To: "Russell King (Oracle)" <linux@...linux.org.uk>
Cc: LKML <linux-kernel@...r.kernel.org>, Linus Torvalds
<torvalds@...ux-foundation.org>, Peter Zijlstra <peterz@...radead.org>,
kernel test robot <lkp@...el.com>, linux-arm-kernel@...ts.infradead.org,
Nathan Chancellor <nathan@...nel.org>, Christophe Leroy
<christophe.leroy@...roup.eu>, Darren Hart <dvhart@...radead.org>,
Davidlohr Bueso <dave@...olabs.net>, André Almeida
<andrealmeid@...lia.com>, x86@...nel.org, Alexander Viro
<viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan
Kara <jack@...e.cz>, linux-fsdevel@...r.kernel.org
Subject: Re: [patch V2 1/6] ARM: uaccess: Implement missing
__get_user_asm_dword()
On Tue, Sep 16 2025 at 22:26, Russell King wrote:
> On Tue, Sep 16, 2025 at 06:33:09PM +0200, Thomas Gleixner wrote:
>> When CONFIG_CPU_SPECTRE=n then get_user() is missing the 8 byte ASM variant
>> for no real good reason. This prevents using get_user(u64) in generic code.
>
> I'm sure you will eventually discover the reason when you start getting
> all the kernel build bot warnings that will result from a cast from a
> u64 to a pointer.
I really don't know which cast you are talking about.
u64 __user *uaddr = ...;
u64 val;
....
unsafe_get_user(val, uaddr, fault);
The only casts in this macro maze are in __get_user_err():
1) Casting the uaddr pointer to unsigned long:
unsigned long __gu_addr = (unsigned long)(ptr);
which is correct because a *u64 pointer is still only 32bit wide on a
32bit machine, no?
2) Casting the result:
(x) = (__typeof__(*(ptr)))__gu_val;
which is casting to the type to which the pointer points to,
i.e. u64 in this case.
I definitely checked the ASM result after I successfully compiled the
above w/o warnings. It compiles to:
ad0: ee032f10 mcr 15, 0, r2, cr3, cr0, {0}
ad4: e3a00000 mov r0, #0
ad8: e4b3e000 ldrt lr, [r3], #0
adc: e2833004 add r3, r3, #4
ae0: e4b32000 ldrt r2, [r3], #0
ae4: ee03cf10 mcr 15, 0, ip, cr3, cr0, {0}
ae8: e16f0f10 clz r0, r0
aec: e581e000 str lr, [r1]
af0: e5812004 str r2, [r1, #4]
which is magically correct despite the fact that I missed to change the
type of __gu_val to 'unsigned long long'. I just noticed when I tried to
figure out which cast you were referring to.
The wonderful and surprising world of macro preprocessing. :)
That unsigned long long is not hurtful as the compiler is smart enough
to optimize it away when __get_user_err() is invoked to read an u8 from
user:
b18: ee033f10 mcr 15, 0, r3, cr3, cr0, {0}
b1c: e3a03000 mov r3, #0
b20: e4f04000 ldrbt r4, [r0], #0
b24: ee032f10 mcr 15, 0, r2, cr3, cr0, {0}
b28: e16f0f13 clz r0, r3
b2c: e5c14000 strb r4, [r1]
which is exactly the same result as before this change.
Thanks,
tglx
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -286,7 +286,7 @@ extern int __put_user_8(void *, unsigned
#define __get_user_err(x, ptr, err, __t) \
do { \
unsigned long __gu_addr = (unsigned long)(ptr); \
- unsigned long __gu_val; \
+ unsigned long long __gu_val; \
unsigned int __ua_flags; \
__chk_user_ptr(ptr); \
might_fault(); \
Powered by blists - more mailing lists