* Re: [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems.
@ 2016-08-02 7:45 ` Arnd Bergmann
0 siblings, 0 replies; 14+ messages in thread
From: Arnd Bergmann @ 2016-08-02 7:45 UTC (permalink / raw)
To: linuxppc-dev
Cc: qiang.zhao, viresh.kumar, zajec5, linux-wireless, Scott Wood,
David.Laight, netdev, scottwood, Arvind Yadav, akpm, davem,
linux
On Monday, August 1, 2016 4:55:43 PM CEST Scott Wood wrote:
> On 08/01/2016 02:02 AM, Arnd Bergmann wrote:
> >> diff --git a/include/linux/err.h b/include/linux/err.h
> >> index 1e35588..c2a2789 100644
> >> --- a/include/linux/err.h
> >> +++ b/include/linux/err.h
> >> @@ -18,7 +18,17 @@
> >>
> >> #ifndef __ASSEMBLY__
> >>
> >> -#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
> >> +#define IS_ERR_VALUE(x) unlikely(is_error_check(x))
> >> +
> >> +static inline int is_error_check(unsigned long error)
> >
> > Please leave the existing macro alone. I think you were looking for
> > something specific to the return code of qe_muram_alloc() function,
> > so please add a helper in that subsystem if you need it, not in
> > the generic header files.
>
> qe_muram_alloc (a.k.a. cpm_muram_alloc) returns unsigned long. The
> problem is certain callers that store the return value in a u32. Why
> not just fix those callers to store it in unsigned long (at least until
> error checking is done)?
>
Yes, that would also address another problem with code like
kfree((void *)ugeth->tx_bd_ring_offset[i]);
which is not 64-bit safe when tx_bd_ring_offset is a 32-bit value
that also holds the return value of qe_muram_alloc.
Arnd
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems.
2016-08-02 7:45 ` Arnd Bergmann
@ 2016-08-02 15:34 ` arvind Yadav
-1 siblings, 0 replies; 14+ messages in thread
From: arvind Yadav @ 2016-08-02 15:34 UTC (permalink / raw)
To: Arnd Bergmann, linuxppc-dev
Cc: qiang.zhao, viresh.kumar, zajec5, linux-wireless, Scott Wood,
David.Laight, netdev, scottwood, akpm, davem, linux
[-- Attachment #1.1: Type: text/plain, Size: 1523 bytes --]
On Tuesday 02 August 2016 01:15 PM, Arnd Bergmann wrote:
> On Monday, August 1, 2016 4:55:43 PM CEST Scott Wood wrote:
>> On 08/01/2016 02:02 AM, Arnd Bergmann wrote:
>>>> diff --git a/include/linux/err.h b/include/linux/err.h
>>>> index 1e35588..c2a2789 100644
>>>> --- a/include/linux/err.h
>>>> +++ b/include/linux/err.h
>>>> @@ -18,7 +18,17 @@
>>>>
>>>> #ifndef __ASSEMBLY__
>>>>
>>>> -#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
>>>> +#define IS_ERR_VALUE(x) unlikely(is_error_check(x))
>>>> +
>>>> +static inline int is_error_check(unsigned long error)
>>> Please leave the existing macro alone. I think you were looking for
>>> something specific to the return code of qe_muram_alloc() function,
>>> so please add a helper in that subsystem if you need it, not in
>>> the generic header files.
>> qe_muram_alloc (a.k.a. cpm_muram_alloc) returns unsigned long. The
>> problem is certain callers that store the return value in a u32. Why
>> not just fix those callers to store it in unsigned long (at least until
>> error checking is done)?
>>
> Yes, that would also address another problem with code like
>
> kfree((void *)ugeth->tx_bd_ring_offset[i]);
>
> which is not 64-bit safe when tx_bd_ring_offset is a 32-bit value
> that also holds the return value of qe_muram_alloc.
>
> Arnd
Yes, we will fix caller. Caller api is not safe on 64bit.
Even qe_muram_addr(a.k.a. cpm_muram_addr )passing value unsigned int,
but it should be unsigned long.
[-- Attachment #1.2: Type: text/html, Size: 2373 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems.
@ 2016-08-02 15:34 ` arvind Yadav
0 siblings, 0 replies; 14+ messages in thread
From: arvind Yadav @ 2016-08-02 15:34 UTC (permalink / raw)
To: Arnd Bergmann, linuxppc-dev
Cc: Scott Wood, qiang.zhao, viresh.kumar, zajec5, linux-wireless,
David.Laight, netdev, scottwood, akpm, davem, linux
[-- Attachment #1: Type: text/plain, Size: 1523 bytes --]
On Tuesday 02 August 2016 01:15 PM, Arnd Bergmann wrote:
> On Monday, August 1, 2016 4:55:43 PM CEST Scott Wood wrote:
>> On 08/01/2016 02:02 AM, Arnd Bergmann wrote:
>>>> diff --git a/include/linux/err.h b/include/linux/err.h
>>>> index 1e35588..c2a2789 100644
>>>> --- a/include/linux/err.h
>>>> +++ b/include/linux/err.h
>>>> @@ -18,7 +18,17 @@
>>>>
>>>> #ifndef __ASSEMBLY__
>>>>
>>>> -#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
>>>> +#define IS_ERR_VALUE(x) unlikely(is_error_check(x))
>>>> +
>>>> +static inline int is_error_check(unsigned long error)
>>> Please leave the existing macro alone. I think you were looking for
>>> something specific to the return code of qe_muram_alloc() function,
>>> so please add a helper in that subsystem if you need it, not in
>>> the generic header files.
>> qe_muram_alloc (a.k.a. cpm_muram_alloc) returns unsigned long. The
>> problem is certain callers that store the return value in a u32. Why
>> not just fix those callers to store it in unsigned long (at least until
>> error checking is done)?
>>
> Yes, that would also address another problem with code like
>
> kfree((void *)ugeth->tx_bd_ring_offset[i]);
>
> which is not 64-bit safe when tx_bd_ring_offset is a 32-bit value
> that also holds the return value of qe_muram_alloc.
>
> Arnd
Yes, we will fix caller. Caller api is not safe on 64bit.
Even qe_muram_addr(a.k.a. cpm_muram_addr )passing value unsigned int,
but it should be unsigned long.
[-- Attachment #2: Type: text/html, Size: 2373 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems.
2016-08-02 15:34 ` arvind Yadav
@ 2016-08-02 19:57 ` Scott Wood
-1 siblings, 0 replies; 14+ messages in thread
From: Scott Wood @ 2016-08-02 19:57 UTC (permalink / raw)
To: arvind Yadav, Arnd Bergmann, linuxppc-dev
Cc: qiang.zhao, viresh.kumar, zajec5, linux-wireless, David.Laight,
netdev, scottwood, akpm, davem, linux, Li Yang
On 08/02/2016 10:34 AM, arvind Yadav wrote:
>
>
> On Tuesday 02 August 2016 01:15 PM, Arnd Bergmann wrote:
>> On Monday, August 1, 2016 4:55:43 PM CEST Scott Wood wrote:
>>> On 08/01/2016 02:02 AM, Arnd Bergmann wrote:
>>>>> diff --git a/include/linux/err.h b/include/linux/err.h
>>>>> index 1e35588..c2a2789 100644
>>>>> --- a/include/linux/err.h
>>>>> +++ b/include/linux/err.h
>>>>> @@ -18,7 +18,17 @@
>>>>>
>>>>> #ifndef __ASSEMBLY__
>>>>>
>>>>> -#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
>>>>> +#define IS_ERR_VALUE(x) unlikely(is_error_check(x))
>>>>> +
>>>>> +static inline int is_error_check(unsigned long error)
>>>> Please leave the existing macro alone. I think you were looking for
>>>> something specific to the return code of qe_muram_alloc() function,
>>>> so please add a helper in that subsystem if you need it, not in
>>>> the generic header files.
>>> qe_muram_alloc (a.k.a. cpm_muram_alloc) returns unsigned long. The
>>> problem is certain callers that store the return value in a u32. Why
>>> not just fix those callers to store it in unsigned long (at least until
>>> error checking is done)?
>>>
>> Yes, that would also address another problem with code like
>>
>> kfree((void *)ugeth->tx_bd_ring_offset[i]);
>>
>> which is not 64-bit safe when tx_bd_ring_offset is a 32-bit value
>> that also holds the return value of qe_muram_alloc.
Well, hopefully it doesn't hold a return of qe_muram_alloc() when it's
being passed to kfree()...
There's also the code that casts kmalloc()'s return to u32, etc.
ucc_geth is not 64-bit clean in general.
>>
>> Arnd
> Yes, we will fix caller. Caller api is not safe on 64bit.
The API is fine (or at least, I haven't seen a valid issue pointed out
yet). The problem is the ucc_geth driver.
> Even qe_muram_addr(a.k.a. cpm_muram_addr )passing value unsigned int,
> but it should be unsigned long.
cpm_muram_addr takes unsigned long as a parameter, not that it matters
since you can't pass errors into it and a muram offset should never
exceed 32 bits.
-Scott
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems.
@ 2016-08-02 19:57 ` Scott Wood
0 siblings, 0 replies; 14+ messages in thread
From: Scott Wood @ 2016-08-02 19:57 UTC (permalink / raw)
To: arvind Yadav, Arnd Bergmann, linuxppc-dev
Cc: qiang.zhao, viresh.kumar, zajec5, linux-wireless, David.Laight,
netdev, scottwood, akpm, davem, linux, Li Yang
On 08/02/2016 10:34 AM, arvind Yadav wrote:=0A=
> =0A=
> =0A=
> On Tuesday 02 August 2016 01:15 PM, Arnd Bergmann wrote:=0A=
>> On Monday, August 1, 2016 4:55:43 PM CEST Scott Wood wrote:=0A=
>>> On 08/01/2016 02:02 AM, Arnd Bergmann wrote:=0A=
>>>>> diff --git a/include/linux/err.h b/include/linux/err.h=0A=
>>>>> index 1e35588..c2a2789 100644=0A=
>>>>> --- a/include/linux/err.h=0A=
>>>>> +++ b/include/linux/err.h=0A=
>>>>> @@ -18,7 +18,17 @@=0A=
>>>>> =0A=
>>>>> #ifndef __ASSEMBLY__=0A=
>>>>> =0A=
>>>>> -#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >=3D (un=
signed long)-MAX_ERRNO)=0A=
>>>>> +#define IS_ERR_VALUE(x) unlikely(is_error_check(x))=0A=
>>>>> +=0A=
>>>>> +static inline int is_error_check(unsigned long error)=0A=
>>>> Please leave the existing macro alone. I think you were looking for=0A=
>>>> something specific to the return code of qe_muram_alloc() function,=0A=
>>>> so please add a helper in that subsystem if you need it, not in=0A=
>>>> the generic header files.=0A=
>>> qe_muram_alloc (a.k.a. cpm_muram_alloc) returns unsigned long. The=0A=
>>> problem is certain callers that store the return value in a u32. Why=
=0A=
>>> not just fix those callers to store it in unsigned long (at least until=
=0A=
>>> error checking is done)?=0A=
>>>=0A=
>> Yes, that would also address another problem with code like=0A=
>>=0A=
>> kfree((void *)ugeth->tx_bd_ring_offset[i]);=0A=
>>=0A=
>> which is not 64-bit safe when tx_bd_ring_offset is a 32-bit value=0A=
>> that also holds the return value of qe_muram_alloc.=0A=
=0A=
Well, hopefully it doesn't hold a return of qe_muram_alloc() when it's=0A=
being passed to kfree()...=0A=
=0A=
There's also the code that casts kmalloc()'s return to u32, etc.=0A=
ucc_geth is not 64-bit clean in general.=0A=
=0A=
>>=0A=
>> Arnd=0A=
> Yes, we will fix caller. Caller api is not safe on 64bit.=0A=
=0A=
The API is fine (or at least, I haven't seen a valid issue pointed out=0A=
yet). The problem is the ucc_geth driver.=0A=
=0A=
> Even qe_muram_addr(a.k.a. cpm_muram_addr )passing value unsigned int,=0A=
> but it should be unsigned long.=0A=
=0A=
cpm_muram_addr takes unsigned long as a parameter, not that it matters=0A=
since you can't pass errors into it and a muram offset should never=0A=
exceed 32 bits.=0A=
=0A=
-Scott=0A=
=0A=
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems.
2016-08-02 19:57 ` Scott Wood
(?)
@ 2016-08-03 13:55 ` arvind Yadav
-1 siblings, 0 replies; 14+ messages in thread
From: arvind Yadav @ 2016-08-03 13:55 UTC (permalink / raw)
To: Scott Wood, Arnd Bergmann, linuxppc-dev
Cc: qiang.zhao, viresh.kumar, zajec5, linux-wireless, David.Laight,
netdev, scottwood, akpm, davem, linux, Li Yang
On Wednesday 03 August 2016 01:27 AM, Scott Wood wrote:
> On 08/02/2016 10:34 AM, arvind Yadav wrote:
>>
>> On Tuesday 02 August 2016 01:15 PM, Arnd Bergmann wrote:
>>> On Monday, August 1, 2016 4:55:43 PM CEST Scott Wood wrote:
>>>> On 08/01/2016 02:02 AM, Arnd Bergmann wrote:
>>>>>> diff --git a/include/linux/err.h b/include/linux/err.h
>>>>>> index 1e35588..c2a2789 100644
>>>>>> --- a/include/linux/err.h
>>>>>> +++ b/include/linux/err.h
>>>>>> @@ -18,7 +18,17 @@
>>>>>>
>>>>>> #ifndef __ASSEMBLY__
>>>>>>
>>>>>> -#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
>>>>>> +#define IS_ERR_VALUE(x) unlikely(is_error_check(x))
>>>>>> +
>>>>>> +static inline int is_error_check(unsigned long error)
>>>>> Please leave the existing macro alone. I think you were looking for
>>>>> something specific to the return code of qe_muram_alloc() function,
>>>>> so please add a helper in that subsystem if you need it, not in
>>>>> the generic header files.
>>>> qe_muram_alloc (a.k.a. cpm_muram_alloc) returns unsigned long. The
>>>> problem is certain callers that store the return value in a u32. Why
>>>> not just fix those callers to store it in unsigned long (at least until
>>>> error checking is done)?
>>>>
>>> Yes, that would also address another problem with code like
>>>
>>> kfree((void *)ugeth->tx_bd_ring_offset[i]);
>>>
>>> which is not 64-bit safe when tx_bd_ring_offset is a 32-bit value
>>> that also holds the return value of qe_muram_alloc.
> Well, hopefully it doesn't hold a return of qe_muram_alloc() when it's
> being passed to kfree()...
>
> There's also the code that casts kmalloc()'s return to u32, etc.
> ucc_geth is not 64-bit clean in general.
>
>>> Arnd
>> Yes, we will fix caller. Caller api is not safe on 64bit.
> The API is fine (or at least, I haven't seen a valid issue pointed out
> yet). The problem is the ucc_geth driver.
>
>> Even qe_muram_addr(a.k.a. cpm_muram_addr )passing value unsigned int,
>> but it should be unsigned long.
> cpm_muram_addr takes unsigned long as a parameter, not that it matters
> since you can't pass errors into it and a muram offset should never
> exceed 32 bits.
>
> -Scott
Yes, It will work for 32bit machine. But will not safe for 64bit.
Example :
ugeth->tx_bd_ring_offset[j] =
qe_muram_alloc(length UCC_GETH_TX_BD_RING_ALIGNMENT);
if (!IS_ERR_VALUE(ugeth->tx_bd_ring_offset[j]))
ugeth->p_tx_bd_ring[j] =
(u8 __iomem *) qe_muram_addr(ugeth-> tx_bd_ring_offset[j]);
If qe_muram_alloc will return any error, IS_ERR_VALUE will
always return 0 (IS_ERR_VALUE will always pass for 'unsigned int').
Now qe_muram_addr will return wrong virtual address. Which
can cause an error.
-Arvind
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems.
2016-08-02 7:45 ` Arnd Bergmann
(?)
(?)
@ 2016-08-02 15:48 ` arvind Yadav
-1 siblings, 0 replies; 14+ messages in thread
From: arvind Yadav @ 2016-08-02 15:48 UTC (permalink / raw)
To: Arnd Bergmann, linuxppc-dev
Cc: Scott Wood, qiang.zhao, viresh.kumar, zajec5, linux-wireless,
David.Laight, netdev, scottwood, akpm, davem, linux
On Tuesday 02 August 2016 01:15 PM, Arnd Bergmann wrote:
> On Monday, August 1, 2016 4:55:43 PM CEST Scott Wood wrote:
>> On 08/01/2016 02:02 AM, Arnd Bergmann wrote:
>>>> diff --git a/include/linux/err.h b/include/linux/err.h
>>>> index 1e35588..c2a2789 100644
>>>> --- a/include/linux/err.h
>>>> +++ b/include/linux/err.h
>>>> @@ -18,7 +18,17 @@
>>>>
>>>> #ifndef __ASSEMBLY__
>>>>
>>>> -#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
>>>> +#define IS_ERR_VALUE(x) unlikely(is_error_check(x))
>>>> +
>>>> +static inline int is_error_check(unsigned long error)
>>> Please leave the existing macro alone. I think you were looking for
>>> something specific to the return code of qe_muram_alloc() function,
>>> so please add a helper in that subsystem if you need it, not in
>>> the generic header files.
>> qe_muram_alloc (a.k.a. cpm_muram_alloc) returns unsigned long. The
>> problem is certain callers that store the return value in a u32. Why
>> not just fix those callers to store it in unsigned long (at least until
>> error checking is done)?
>>
> Yes, that would also address another problem with code like
>
> kfree((void *)ugeth->tx_bd_ring_offset[i]);
>
> which is not 64-bit safe when tx_bd_ring_offset is a 32-bit value
> that also holds the return value of qe_muram_alloc.
>
> Arnd
Yes, we will fix caller. Caller api is not safe on 64bit.
Even qe_muram_addr(a.k.a. cpm_muram_addr )passing value unsigned int,
but it should be unsigned long. Need to work on it.
Arvind
^ permalink raw reply [flat|nested] 14+ messages in thread