lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 15 Jul 2021 13:40:20 +0100
From:   Colin Ian King <colin.king@...onical.com>
To:     Ilya Leoshkevich <iii@...ux.ibm.com>,
        Michael Holzheu <holzheu@...ux.vnet.ibm.com>,
        Martin Schwidefsky <schwidefsky@...ibm.com>
Cc:     Heiko Carstens <hca@...ux.ibm.com>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        linux-s390@...r.kernel.org,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        bpf@...r.kernel.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: Range checking on r1 in function reg_set_seen in
 arch/s390/net/bpf_jit_comp.c

On 15/07/2021 13:09, Ilya Leoshkevich wrote:
> On Thu, 2021-07-15 at 13:02 +0100, Colin Ian King wrote:
>> Hi
>>
>> Static analysis with cppcheck picked up an interesting issue with the
>> following inline helper function in arch/s390/net/bpf_jit_comp.c :
>>
>> static inline void reg_set_seen(struct bpf_jit *jit, u32 b1)
>> {
>>         u32 r1 = reg2hex[b1];
>>
>>         if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15)
>>                 jit->seen_reg[r1] = 1;
>> }
>>
>> Although I believe r1 is always within range, the range check on r1
>> is
>> being performed before the more cache/memory expensive lookup on
>> jit->seen_reg[r1].  I can't see why the range change is being
>> performed
>> after the access of jit->seen_reg[r1]. The following seems more
>> correct:
>>
>>         if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1])
>>                 jit->seen_reg[r1] = 1;
>>
>> ..since the check on r1 are less expensive than !jit->seen_reg[r1]
>> and
>> also the range check ensures the array access is not out of bounds. I
>> was just wondering if I'm missing something deeper to why the order
>> is
>> the way it is.
>>
>> Colin
> 
> Hi,
> 
> I think your analysis is correct, thanks for spotting this!
> Even though I don't think the performance difference would be 
> measurable here, not confusing future readers is a good reason
> to make a change that you suggest.
> Do you plan to send a patch?

I'll send a patch later today.  Colin
> 
> Best regards,
> Ilya
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ