| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a6e7a571-91d2-4e66-bc86-ba30f624294b@sifive.com>
Date: Wed, 12 Nov 2025 20:36:03 -0600
From: Samuel Holland <samuel.holland@...ive.com>
To: Joe Perches <joe@...ches.com>, Palmer Dabbelt <palmer@...belt.com>,
Paul Walmsley <pjw@...nel.org>, linux-riscv@...ts.infradead.org,
Andrew Morton <akpm@...ux-foundation.org>,
David Hildenbrand <david@...hat.com>, linux-mm@...ck.org
Cc: devicetree@...r.kernel.org, Suren Baghdasaryan <surenb@...gle.com>,
linux-kernel@...r.kernel.org, Mike Rapoport <rppt@...nel.org>,
Michal Hocko <mhocko@...e.com>, Conor Dooley <conor@...nel.org>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
Krzysztof Kozlowski <krzk+dt@...nel.org>, Alexandre Ghiti <alex@...ti.fr>,
Emil Renner Berthing <kernel@...il.dk>, Rob Herring <robh+dt@...nel.org>,
Vlastimil Babka <vbabka@...e.cz>, "Liam R . Howlett"
<Liam.Howlett@...cle.com>, Andy Whitcroft <apw@...onical.com>,
Dwaipayan Ray <dwaipayanray1@...il.com>,
Lukas Bulwahn <lukas.bulwahn@...il.com>
Subject: Re: [PATCH v3 07/22] checkpatch: Warn on page table access without
accessors
On 2025-11-12 8:21 PM, Joe Perches wrote:
> On Wed, 2025-11-12 at 17:45 -0800, Samuel Holland wrote:
>> Architectures may have special rules for accessing the hardware page
>> tables (for example, atomicity/ordering requirements), so the generic MM
>> code provides the pXXp_get() and set_pXX() hooks for architectures to
>> implement. These accessor functions are often omitted where a raw
>> pointer dereference is believed to be safe (i.e. race-free). However,
>> RISC-V needs to use these hooks to rewrite the page table values at
>> read/write time on some platforms. A raw pointer dereference will no
>> longer produce the correct value on those platforms, so the generic code
>> must always use the accessor functions.
> []
>> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> []
>> @@ -7721,6 +7721,13 @@ sub process {
>> ERROR("MISSING_SENTINEL", "missing sentinel in ID array\n" . "$here\n$stat\n");
>> }
>> }
>> +
>> +# check for raw dereferences of hardware page table pointers
>> + if ($realfile !~ m@...ch/@ &&
>> + $line =~ /(?<!pte_t |p[mu4g]d_t |izeof\()\*\(?(vmf(\.|->))?(pte|p[mu4g]d)p?\b/) {
>> + WARN("PAGE_TABLE_ACCESSORS",
>> + "Use $3p_get()/set_$3() instead of dereferencing page table pointers\n" . $herecurr);
>> + }
>> }
>
> Seems like a lot of matches
>
> $ git grep -P '(?<!pte_t |p[mu4g]d_t |izeof\()\*\(?(vmf(\.|->))?(pte|p[mu4g]d)p?\b' | \
> grep -v '^arch/' | wc -l
> 766
>
> Is this really appropriate?
Other patches in this series remove 277 of these matches. But it looks like a
couple of driver systems (iommu, dm) use variables that match this pattern as
well. Limiting the check to include/ and mm/ avoids the false positives.
> trivia:
>
> izeof is really odd looking. I'd prefer sizeof.
I agree, but my perl complains "Variable length lookbehind not implemented in
regex m/(?<!pte_t |p[mu4g]d_t |sizeof\()\*\(?(vmf(\.|->))?(pte|p[mu4g]d)p?\b/ at
scripts/checkpatch.pl line 7727." I could split this into two patterns, which
would also solve the false positives with multiple variable declarations.
Regards,
Samuel
Powered by blists - more mailing lists