lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <d9e3f41e-d152-4382-bb99-7b134ff9f26f@app.fastmail.com>
Date: Mon, 06 Oct 2025 12:07:24 +0200
From: "Arnd Bergmann" <arnd@...db.de>
To: "Finn Thain" <fthain@...ux-m68k.org>
Cc: "Geert Uytterhoeven" <geert@...ux-m68k.org>,
 "Peter Zijlstra" <peterz@...radead.org>, "Will Deacon" <will@...nel.org>,
 "Andrew Morton" <akpm@...ux-foundation.org>,
 "Boqun Feng" <boqun.feng@...il.com>, "Jonathan Corbet" <corbet@....net>,
 "Mark Rutland" <mark.rutland@....com>, linux-kernel@...r.kernel.org,
 Linux-Arch <linux-arch@...r.kernel.org>, linux-m68k@...r.kernel.org,
 "Lance Yang" <lance.yang@...ux.dev>
Subject: Re: [RFC v2 2/3] atomic: Specify alignment for atomic_t and atomic64_t

On Mon, Oct 6, 2025, at 11:25, Finn Thain wrote:
> On Tue, 30 Sep 2025, Arnd Bergmann wrote:
>> On Tue, Sep 30, 2025, at 04:18, Finn Thain wrote:
>> 
>> Since there is nothing telling the compiler that the 'old' argument to 
>> atomic*_try_cmpcxchg() needs to be naturally aligned, maybe that check 
>> should be changed to only test for the ABI-guaranteed alignment? I think 
>> that would still be needed on x86-32.
>>  
>> diff --git a/include/linux/atomic/atomic-instrumented.h b/include/linux/atomic/atomic-instrumented.h
>> index 9409a6ddf3e0..e57763a889bd 100644
>> --- a/include/linux/atomic/atomic-instrumented.h
>> +++ b/include/linux/atomic/atomic-instrumented.h
>> @@ -1276,7 +1276,7 @@ atomic_try_cmpxchg(atomic_t *v, int *old, int new)
>>  {
>>  	kcsan_mb();
>>  	instrument_atomic_read_write(v, sizeof(*v));
>> -	instrument_atomic_read_write(old, sizeof(*old));
>> +	instrument_atomic_read_write(old, alignof(*old));
>>  	return raw_atomic_try_cmpxchg(v, old, new);
>>  }
>>  
>
> In the same file, we have:
>
> #define try_cmpxchg(ptr, oldp, ...) \
> ({ \
>         typeof(ptr) __ai_ptr = (ptr); \
>         typeof(oldp) __ai_oldp = (oldp); \
>         kcsan_mb(); \
>         instrument_atomic_read_write(__ai_ptr, sizeof(*__ai_ptr)); \
>         instrument_read_write(__ai_oldp, sizeof(*__ai_oldp)); \
>         raw_try_cmpxchg(__ai_ptr, __ai_oldp, __VA_ARGS__); \
> })
>
> In try_cmpxchg(), unlike atomic_try_cmpxchg(), the 'old' parameter is 
> checked by instrument_read_write() instead of 
> instrument_atomic_read_write(), which suggests a different patch.

Right, we still need the effect of instrument_read_write() for
kasan/kcsan sanitizing with the correct size, only the alignment
check from the instrument_atomic_read_write() is wrong here
here.

It looks like Mark Rutland fixed the try_cmpxchg() function this
way in commit ec570320b09f ("locking/atomic: Correct (cmp)xchg()
instrumentation"), but for some reason we still have the wrong
annotation on the atomic_try_cmpxchg() helpers.


> This header is generated by a script so the change below would be more 
> complicated in practice.
>
> diff --git a/include/linux/atomic/atomic-instrumented.h 
> b/include/linux/atomic/atomic-instrumented.h
> index 9409a6ddf3e0..ce3890bcd903 100644
> --- a/include/linux/atomic/atomic-instrumented.h
> +++ b/include/linux/atomic/atomic-instrumented.h
> @@ -1276,7 +1276,7 @@ atomic_try_cmpxchg(atomic_t *v, int *old, int new)
>  {
>  	kcsan_mb();
>  	instrument_atomic_read_write(v, sizeof(*v));
> -	instrument_atomic_read_write(old, sizeof(*old));
> +	instrument_read_write(old, sizeof(*old));
>  	return raw_atomic_try_cmpxchg(v, old, new);
>  }

This looks good to me.

Mark, I've tried to modify your script to produce that output,
the output looks correct to me, but it makes the script more
complex than I liked and I'm not sure that matching on
"${type}"="p" is the best way to check for this.

Maybe you can come up with a version that is clearer or more robust.

      Arnd

diff --git a/scripts/atomic/gen-atomic-instrumented.sh b/scripts/atomic/gen-atomic-instrumented.sh
index 592f3ec89b5f..9c1d53f81eb2 100755
--- a/scripts/atomic/gen-atomic-instrumented.sh
+++ b/scripts/atomic/gen-atomic-instrumented.sh
@@ -12,7 +12,7 @@ gen_param_check()
 	local arg="$1"; shift
 	local type="${arg%%:*}"
 	local name="$(gen_param_name "${arg}")"
-	local rw="write"
+	local rw="atomic_write"
 
 	case "${type#c}" in
 	i) return;;
@@ -20,14 +20,17 @@ gen_param_check()
 
 	if [ ${type#c} != ${type} ]; then
 		# We don't write to constant parameters.
-		rw="read"
+		rw="atomic_read"
+	elif [ "${type}" = "p" ] ; then
+		# The "old" argument in try_cmpxchg() gets accessed non-atomically
+		rw="read_write"
 	elif [ "${meta}" != "s" ]; then
 		# An atomic RMW: if this parameter is not a constant, and this atomic is
 		# not just a 's'tore, this parameter is both read from and written to.
-		rw="read_write"
+		rw="atomic_read_write"
 	fi
 
-	printf "\tinstrument_atomic_${rw}(${name}, sizeof(*${name}));\n"
+	printf "\tinstrument_${rw}(${name}, sizeof(*${name}));\n"
 }
 
 #gen_params_checks(meta, arg...)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ