From: Arnd Bergmann <arnd@arndb.de>
To: Nick Desaulniers <ndesaulniers@google.com>
Cc: "linux-aio@kvack.org" <linux-aio@kvack.org>,
David Hildenbrand <david@redhat.com>,
"linux-mips@vger.kernel.org" <linux-mips@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
Christoph Hellwig <hch@lst.de>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"kernel-team@android.com" <kernel-team@android.com>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
"io-uring@vger.kernel.org" <io-uring@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Jens Axboe <axboe@kernel.dk>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
Greg KH <gregkh@linuxfoundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
David Laight <David.Laight@aculab.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: Re: Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c"
Date: Thu, 22 Oct 2020 22:06:49 +0200 [thread overview]
Message-ID: <CAK8P3a0xjfj8VPZQ+cweSE7UWtLP5t=a0YJ9m19N4JwftHwfiQ@mail.gmail.com> (raw)
In-Reply-To: <CAKwvOdnhONvrHLAuz_BrAuEpnF5mD9p0YPGJs=NZZ0EZNo7dFQ@mail.gmail.com>
On Thu, Oct 22, 2020 at 9:05 PM Nick Desaulniers
<ndesaulniers@google.com> wrote:
>
> On Thu, Oct 22, 2020 at 11:13 AM Arnd Bergmann <arnd@arndb.de> wrote:
> >
> > On Thu, Oct 22, 2020 at 7:54 PM Nick Desaulniers
> > <ndesaulniers@google.com> wrote:
> > > On Thu, Oct 22, 2020 at 9:35 AM David Laight <David.Laight@aculab.com> wrote:
> > > >
> > > > Which makes it a bug in the kernel C syscall wrappers.
> > > > They need to explicitly mask the high bits of 32bit
> > > > arguments on arm64 but not x86-64.
> > >
> > > Why not x86-64? Wouldn't it be *any* LP64 ISA?
> >
> > x86-64 is slightly special because most instructions on a 32-bit
> > argument clear the upper 32 bits, while on most architectures
> > the same instruction would leave the upper bits unchanged.
>
> Oh interesting, depends on the operations too on x86_64 IIUC?
It seems this doesn't impact the calling conventions (see below),
it's just that there are more cases on x86 where the callee doesn't
have to explicitly clear the upper bits because the this is implied.
> > > Attaching a patch that uses the proper width, but I'm pretty sure
> > > there's still a signedness issue . Greg, would you mind running this
> > > through the wringer?
> >
> > I would not expect this to change anything for the bug that Greg
> > is chasing, unless there is also a bug in clang.
> >
> > In the version before the patch, we get a 64-bit argument from
> > user space, which may consist of the intended value in the lower
> > bits plus garbage in the upper bits. However, vlen only gets
> > passed down into import_iovec() without any other operations
> > on it, and since import_iovec takes a 32-bit argument, this is
> > where it finally gets narrowed.
>
> Passing an `unsigned long` as an `unsigned int` does no such
> narrowing: https://godbolt.org/z/TvfMxe (same vice-versa, just tail
> calls, no masking instructions).
Sorry I got it wrong, looked up the aarch64 AAPCS now, which
explains
"Unlike in the 32-bit AAPCS, named integral values must be
narrowed by the callee rather than the caller."
Also confirmed using https://godbolt.org/z/acPrjj, which
shows more combinations of compilers and architectures
in addition to your example. I had expected arm64 to be
like powerpc64 and arm32 in this case, but it's the reverse.
I also verified that SYSCALL_DEFINEx() is correct on arm64
and saw that as of v4.19 it passes the syscall arguments
through pt_regs, which will do the right thing here regardless
of the argument passing rules. The earlier version also seems
to be working as intended.
Arnd
next prev parent reply other threads:[~2020-10-22 20:10 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-25 4:51 let import_iovec deal with compat_iovecs as well v4 Christoph Hellwig
2020-09-25 4:51 ` [PATCH 1/9] compat.h: fix a spelling error in <linux/compat.h> Christoph Hellwig
2020-09-25 4:51 ` [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c Christoph Hellwig
2020-10-21 16:13 ` Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c" Greg KH
2020-10-21 20:59 ` David Laight
2020-10-21 23:39 ` Al Viro
2020-10-22 8:26 ` Greg KH
2020-10-22 8:35 ` David Hildenbrand
2020-10-22 8:40 ` David Laight
2020-10-22 8:48 ` David Hildenbrand
2020-10-22 9:01 ` Greg KH
2020-10-22 9:06 ` David Laight
2020-10-22 9:19 ` David Hildenbrand
2020-10-22 9:25 ` David Hildenbrand
2020-10-22 9:32 ` David Laight
2020-10-22 9:36 ` David Hildenbrand
2020-10-22 10:48 ` Greg KH
2020-10-22 12:18 ` Greg KH
2020-10-22 12:42 ` David Hildenbrand
2020-10-22 12:57 ` Greg KH
2020-10-22 13:50 ` Greg KH
2020-10-22 14:28 ` Arnd Bergmann
2020-10-22 14:40 ` Greg KH
2020-10-22 16:15 ` David Laight
2020-10-23 12:46 ` David Laight
2020-10-23 13:09 ` David Hildenbrand
2020-10-23 14:33 ` David Hildenbrand
2020-10-23 14:39 ` David Laight
2020-10-23 14:47 ` 'Greg KH'
2020-10-23 16:33 ` David Hildenbrand
2020-11-02 9:06 ` David Laight
2020-11-02 13:52 ` 'Greg KH'
2020-11-02 18:23 ` David Laight
2020-10-23 17:58 ` Al Viro
2020-10-23 18:27 ` Segher Boessenkool
2020-10-23 21:28 ` David Laight
2020-10-24 17:29 ` Segher Boessenkool
2020-10-24 21:12 ` David Laight
2020-10-23 13:23 ` Arnd Bergmann
2020-10-23 13:28 ` David Laight
2020-10-22 13:23 ` Christoph Hellwig
2020-10-22 16:35 ` David Laight
2020-10-22 16:40 ` Matthew Wilcox
2020-10-22 16:50 ` David Laight
2020-10-22 17:00 ` Nick Desaulniers
2020-10-22 20:59 ` Eric Biggers
2020-10-22 21:28 ` Al Viro
2020-10-22 18:19 ` Al Viro
2020-10-22 17:54 ` Nick Desaulniers
2020-10-22 18:12 ` Arnd Bergmann
2020-10-22 19:04 ` Nick Desaulniers
2020-10-22 19:24 ` Al Viro
2020-10-22 19:27 ` Al Viro
2020-10-22 20:06 ` Al Viro
2020-10-22 20:09 ` Al Viro
2020-10-22 20:11 ` Nick Desaulniers
2020-10-22 22:07 ` David Laight
2020-10-23 13:12 ` David Hildenbrand
2020-10-22 20:06 ` Arnd Bergmann [this message]
2020-10-22 22:04 ` David Laight
2020-10-22 9:28 ` David Laight
2020-10-22 9:02 ` David Laight
2020-10-22 9:14 ` Arnd Bergmann
2020-10-22 9:16 ` Arnd Bergmann
2020-09-25 4:51 ` [PATCH 3/9] iov_iter: refactor rw_copy_check_uvector and import_iovec Christoph Hellwig
2020-09-25 4:51 ` [PATCH 4/9] iov_iter: transparently handle compat iovecs in import_iovec Christoph Hellwig
2020-09-25 4:51 ` [PATCH 5/9] fs: remove various compat readv/writev helpers Christoph Hellwig
2020-09-25 4:51 ` [PATCH 6/9] fs: remove the compat readv/writev syscalls Christoph Hellwig
2020-09-25 4:51 ` [PATCH 7/9] fs: remove compat_sys_vmsplice Christoph Hellwig
2020-09-25 4:51 ` [PATCH 8/9] mm: remove compat_process_vm_{readv,writev} Christoph Hellwig
2020-09-25 4:51 ` [PATCH 9/9] security/keys: remove compat_keyctl_instantiate_key_iov Christoph Hellwig
2020-09-25 15:23 ` let import_iovec deal with compat_iovecs as well v4 Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAK8P3a0xjfj8VPZQ+cweSE7UWtLP5t=a0YJ9m19N4JwftHwfiQ@mail.gmail.com' \
--to=arnd@arndb.de \
--cc=David.Laight@aculab.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=david@redhat.com \
--cc=dhowells@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=io-uring@vger.kernel.org \
--cc=kernel-team@android.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-aio@kvack.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=sparclinux@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).