| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Dec 2021 17:49:27 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Ard Biesheuvel' <ardb@...nel.org>,
Arnd Bergmann <arnd@...nel.org>,
"Jason A. Donenfeld" <Jason@...c4.com>,
"johannes@...solutions.net" <johannes@...solutions.net>,
Kees Cook <keescook@...omium.org>,
"Nick Desaulniers" <ndesaulniers@...gle.com>
CC: Rich Felker <dalias@...c.org>,
"linux-sh@...r.kernel.org" <linux-sh@...r.kernel.org>,
Amitkumar Karwar <amitkarwar@...il.com>,
"Russell King" <linux@...linux.org.uk>,
Eric Dumazet <edumazet@...gle.com>,
"Paul Mackerras" <paulus@...ba.org>,
"H. Peter Anvin" <hpa@...or.com>,
"open list:SPARC + UltraSPARC (sparc/sparc64)"
<sparclinux@...r.kernel.org>, Thomas Gleixner <tglx@...utronix.de>,
linux-arch <linux-arch@...r.kernel.org>,
Florian Fainelli <f.fainelli@...il.com>,
Yoshinori Sato <ysato@...rs.sourceforge.jp>,
X86 ML <x86@...nel.org>, "James Morris" <jmorris@...ei.org>,
Ingo Molnar <mingo@...hat.com>,
"Geert Uytterhoeven" <geert@...ux-m68k.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
"Richard Russon (FlatCap)" <ldm@...tcap.org>,
Jakub Kicinski <kuba@...nel.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Jonas Bonn <jonas@...thpole.se>, Arnd Bergmann <arnd@...db.de>,
Ganapathi Bhat <ganapathi017@...il.com>,
"open list:LINUX FOR POWERPC (32-BIT AND 64-BIT)"
<linuxppc-dev@...ts.ozlabs.org>,
"Stefan Kristiansson" <stefan.kristiansson@...nalahti.fi>,
"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
linux-m68k <linux-m68k@...ts.linux-m68k.org>,
"openrisc@...ts.librecores.org" <openrisc@...ts.librecores.org>,
Borislav Petkov <bp@...en8.de>,
"Stafford Horne" <shorne@...il.com>,
Kalle Valo <kvalo@...eaurora.org>,
Jens Axboe <axboe@...nel.dk>,
John Johansen <john.johansen@...onical.com>,
Xinming Hu <huxinming820@...il.com>,
Vineet Gupta <vgupta@...opsys.com>,
"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
Vladimir Oltean <vladimir.oltean@....com>,
"linux-ntfs-dev@...ts.sourceforge.net"
<linux-ntfs-dev@...ts.sourceforge.net>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
"open list:BPF JIT for MIPS (32-BIT AND 64-BIT)"
<netdev@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Sharvari Harisangam <sharvari.harisangam@....com>
Subject: RE: [PATCH v2 00/13] Unify asm/unaligned.h around struct helper
From: Ard Biesheuvel
> Sent: 16 December 2021 17:30
>
> Hi Arnd,
>
> (replying to an old thread as this came up in the discussion regarding
> misaligned loads and stored in siphash() when compiled for ARM
> [f7e5b9bfa6c8820407b64eabc1f29c9a87e8993d])
>
> On Fri, 14 May 2021 at 12:02, Arnd Bergmann <arnd@...nel.org> wrote:
> >
> > From: Arnd Bergmann <arnd@...db.de>
> >
> > The get_unaligned()/put_unaligned() helpers are traditionally architecture
> > specific, with the two main variants being the "access-ok.h" version
> > that assumes unaligned pointer accesses always work on a particular
> > architecture, and the "le-struct.h" version that casts the data to a
> > byte aligned type before dereferencing, for architectures that cannot
> > always do unaligned accesses in hardware.
I'm pretty sure the compiler is allowed to 'read through' that cast
and still do an aligned access.
It has always been hard to get the compiler to 'forget' about known/expected
alignment - typically trying to stop memcpy() faulting on sparc.
Real function calls are usually required - but LTO may scupper that.
> >
> > Based on the discussion linked below, it appears that the access-ok
> > version is not realiable on any architecture, but the struct version
> > probably has no downsides. This series changes the code to use the
> > same implementation on all architectures, addressing the few exceptions
> > separately.
> >
> > I've included this version in the asm-generic tree for 5.14 already,
> > addressing the few issues that were pointed out in the RFC. If there
> > are any remaining problems, I hope those can be addressed as follow-up
> > patches.
> >
>
> I think this series is a huge improvement, but it does not solve the
> UB problem completely. As we found, there are open issues in the GCC
> bugzilla regarding assumptions in the compiler that aligned quantities
> either overlap entirely or not at all. (e.g.,
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100363)
I think we can stop the compiler merging unaligned requests by adding a byte-sized
memory barrier for the base address before and after the access.
That should still support complex addressing modes (esp on x86).
Another option is to do the misaligned access from within an asm statement.
While architecture dependant, it only really depends on the syntax of the ld/st
instruction.
The compiler can't merge those because it doesn't know whether the data is
'frobbed' before/after the memory access.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists