From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Jann Horn <jannh@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Mikhail Zaslonko <zaslonko@linux.ibm.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.4 56/60] lib/zlib: remove outdated and incorrect pre-increment optimization
Date: Wed, 17 Jun 2020 21:30:00 -0400 [thread overview]
Message-ID: <20200618013004.610532-56-sashal@kernel.org> (raw)
In-Reply-To: <20200618013004.610532-1-sashal@kernel.org>
From: Jann Horn <jannh@google.com>
[ Upstream commit acaab7335bd6f0c0b54ce3a00bd7f18222ce0f5f ]
The zlib inflate code has an old micro-optimization based on the
assumption that for pre-increment memory accesses, the compiler will
generate code that fits better into the processor's pipeline than what
would be generated for post-increment memory accesses.
This optimization was already removed in upstream zlib in 2016:
https://github.com/madler/zlib/commit/9aaec95e8211
This optimization causes UB according to C99, which says in section 6.5.6
"Additive operators": "If both the pointer operand and the result point to
elements of the same array object, or one past the last element of the
array object, the evaluation shall not produce an overflow; otherwise, the
behavior is undefined".
This UB is not only a theoretical concern, but can also cause trouble for
future work on compiler-based sanitizers.
According to the zlib commit, this optimization also is not optimal
anymore with modern compilers.
Replace uses of OFF, PUP and UP_UNALIGNED with their definitions in the
POSTINC case, and remove the macro definitions, just like in the upstream
patch.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Mikhail Zaslonko <zaslonko@linux.ibm.com>
Link: http://lkml.kernel.org/r/20200507123112.252723-1-jannh@google.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/zlib_inflate/inffast.c | 91 +++++++++++++++-----------------------
1 file changed, 35 insertions(+), 56 deletions(-)
diff --git a/lib/zlib_inflate/inffast.c b/lib/zlib_inflate/inffast.c
index 2c13ecc5bb2c..ed1f3df27260 100644
--- a/lib/zlib_inflate/inffast.c
+++ b/lib/zlib_inflate/inffast.c
@@ -10,17 +10,6 @@
#ifndef ASMINF
-/* Allow machine dependent optimization for post-increment or pre-increment.
- Based on testing to date,
- Pre-increment preferred for:
- - PowerPC G3 (Adler)
- - MIPS R5000 (Randers-Pehrson)
- Post-increment preferred for:
- - none
- No measurable difference:
- - Pentium III (Anderson)
- - M68060 (Nikl)
- */
union uu {
unsigned short us;
unsigned char b[2];
@@ -38,16 +27,6 @@ get_unaligned16(const unsigned short *p)
return mm.us;
}
-#ifdef POSTINC
-# define OFF 0
-# define PUP(a) *(a)++
-# define UP_UNALIGNED(a) get_unaligned16((a)++)
-#else
-# define OFF 1
-# define PUP(a) *++(a)
-# define UP_UNALIGNED(a) get_unaligned16(++(a))
-#endif
-
/*
Decode literal, length, and distance codes and write out the resulting
literal and match bytes until either not enough input or output is
@@ -115,9 +94,9 @@ void inflate_fast(z_streamp strm, unsigned start)
/* copy state to local variables */
state = (struct inflate_state *)strm->state;
- in = strm->next_in - OFF;
+ in = strm->next_in;
last = in + (strm->avail_in - 5);
- out = strm->next_out - OFF;
+ out = strm->next_out;
beg = out - (start - strm->avail_out);
end = out + (strm->avail_out - 257);
#ifdef INFLATE_STRICT
@@ -138,9 +117,9 @@ void inflate_fast(z_streamp strm, unsigned start)
input data or output space */
do {
if (bits < 15) {
- hold += (unsigned long)(PUP(in)) << bits;
+ hold += (unsigned long)(*in++) << bits;
bits += 8;
- hold += (unsigned long)(PUP(in)) << bits;
+ hold += (unsigned long)(*in++) << bits;
bits += 8;
}
this = lcode[hold & lmask];
@@ -150,14 +129,14 @@ void inflate_fast(z_streamp strm, unsigned start)
bits -= op;
op = (unsigned)(this.op);
if (op == 0) { /* literal */
- PUP(out) = (unsigned char)(this.val);
+ *out++ = (unsigned char)(this.val);
}
else if (op & 16) { /* length base */
len = (unsigned)(this.val);
op &= 15; /* number of extra bits */
if (op) {
if (bits < op) {
- hold += (unsigned long)(PUP(in)) << bits;
+ hold += (unsigned long)(*in++) << bits;
bits += 8;
}
len += (unsigned)hold & ((1U << op) - 1);
@@ -165,9 +144,9 @@ void inflate_fast(z_streamp strm, unsigned start)
bits -= op;
}
if (bits < 15) {
- hold += (unsigned long)(PUP(in)) << bits;
+ hold += (unsigned long)(*in++) << bits;
bits += 8;
- hold += (unsigned long)(PUP(in)) << bits;
+ hold += (unsigned long)(*in++) << bits;
bits += 8;
}
this = dcode[hold & dmask];
@@ -180,10 +159,10 @@ void inflate_fast(z_streamp strm, unsigned start)
dist = (unsigned)(this.val);
op &= 15; /* number of extra bits */
if (bits < op) {
- hold += (unsigned long)(PUP(in)) << bits;
+ hold += (unsigned long)(*in++) << bits;
bits += 8;
if (bits < op) {
- hold += (unsigned long)(PUP(in)) << bits;
+ hold += (unsigned long)(*in++) << bits;
bits += 8;
}
}
@@ -205,13 +184,13 @@ void inflate_fast(z_streamp strm, unsigned start)
state->mode = BAD;
break;
}
- from = window - OFF;
+ from = window;
if (write == 0) { /* very common case */
from += wsize - op;
if (op < len) { /* some from window */
len -= op;
do {
- PUP(out) = PUP(from);
+ *out++ = *from++;
} while (--op);
from = out - dist; /* rest from output */
}
@@ -222,14 +201,14 @@ void inflate_fast(z_streamp strm, unsigned start)
if (op < len) { /* some from end of window */
len -= op;
do {
- PUP(out) = PUP(from);
+ *out++ = *from++;
} while (--op);
- from = window - OFF;
+ from = window;
if (write < len) { /* some from start of window */
op = write;
len -= op;
do {
- PUP(out) = PUP(from);
+ *out++ = *from++;
} while (--op);
from = out - dist; /* rest from output */
}
@@ -240,21 +219,21 @@ void inflate_fast(z_streamp strm, unsigned start)
if (op < len) { /* some from window */
len -= op;
do {
- PUP(out) = PUP(from);
+ *out++ = *from++;
} while (--op);
from = out - dist; /* rest from output */
}
}
while (len > 2) {
- PUP(out) = PUP(from);
- PUP(out) = PUP(from);
- PUP(out) = PUP(from);
+ *out++ = *from++;
+ *out++ = *from++;
+ *out++ = *from++;
len -= 3;
}
if (len) {
- PUP(out) = PUP(from);
+ *out++ = *from++;
if (len > 1)
- PUP(out) = PUP(from);
+ *out++ = *from++;
}
}
else {
@@ -264,29 +243,29 @@ void inflate_fast(z_streamp strm, unsigned start)
from = out - dist; /* copy direct from output */
/* minimum length is three */
/* Align out addr */
- if (!((long)(out - 1 + OFF) & 1)) {
- PUP(out) = PUP(from);
+ if (!((long)(out - 1) & 1)) {
+ *out++ = *from++;
len--;
}
- sout = (unsigned short *)(out - OFF);
+ sout = (unsigned short *)(out);
if (dist > 2) {
unsigned short *sfrom;
- sfrom = (unsigned short *)(from - OFF);
+ sfrom = (unsigned short *)(from);
loops = len >> 1;
do
#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
- PUP(sout) = PUP(sfrom);
+ *sout++ = *sfrom++;
#else
- PUP(sout) = UP_UNALIGNED(sfrom);
+ *sout++ = get_unaligned16(sfrom++);
#endif
while (--loops);
- out = (unsigned char *)sout + OFF;
- from = (unsigned char *)sfrom + OFF;
+ out = (unsigned char *)sout;
+ from = (unsigned char *)sfrom;
} else { /* dist == 1 or dist == 2 */
unsigned short pat16;
- pat16 = *(sout-1+OFF);
+ pat16 = *(sout-1);
if (dist == 1) {
union uu mm;
/* copy one char pattern to both bytes */
@@ -296,12 +275,12 @@ void inflate_fast(z_streamp strm, unsigned start)
}
loops = len >> 1;
do
- PUP(sout) = pat16;
+ *sout++ = pat16;
while (--loops);
- out = (unsigned char *)sout + OFF;
+ out = (unsigned char *)sout;
}
if (len & 1)
- PUP(out) = PUP(from);
+ *out++ = *from++;
}
}
else if ((op & 64) == 0) { /* 2nd level distance code */
@@ -336,8 +315,8 @@ void inflate_fast(z_streamp strm, unsigned start)
hold &= (1U << bits) - 1;
/* update state and return */
- strm->next_in = in + OFF;
- strm->next_out = out + OFF;
+ strm->next_in = in;
+ strm->next_out = out;
strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last));
strm->avail_out = (unsigned)(out < end ?
257 + (end - out) : 257 - (out - end));
--
2.25.1
next prev parent reply other threads:[~2020-06-18 1:34 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-18 1:29 [PATCH AUTOSEL 4.4 01/60] clk: sunxi: Fix incorrect usage of round_down() Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 02/60] i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 03/60] iio: light: isl29125: fix iio_triggered_buffer_{predisable,postenable} positions Sasha Levin
2020-06-19 16:31 ` Jonathan Cameron
2020-06-22 0:07 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 04/60] clk: qcom: msm8916: Fix the address location of pll->config_reg Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 05/60] ALSA: isa/wavefront: prevent out of bounds write in ioctl Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 06/60] Smack: slab-out-of-bounds in vsscanf Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 07/60] scsi: qla2xxx: Fix issue with adapter's stopping state Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 08/60] i2c: pxa: clear all master action bits in i2c_pxa_stop_message() Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 09/60] usblp: poison URBs upon disconnect Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 10/60] ps3disk: use the default segment boundary Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 11/60] vfio/pci: fix memory leaks in alloc_perm_bits() Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 12/60] mfd: wm8994: Fix driver operation if loaded as modules Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 13/60] scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 14/60] powerpc/pseries: Update hv-24x7 information after migration Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 15/60] nfsd: Fix svc_xprt refcnt leak when setup callback client failed Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 16/60] powerpc/crashkernel: Take "mem=" option into account Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 17/60] yam: fix possible memory leak in yam_init_driver Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 18/60] fat: don't allow to mount if the FAT length == 0 Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 19/60] mksysmap: Fix the mismatch of '.L' symbols in System.map Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 20/60] scsi: sr: Fix sr_probe() missing deallocate of device minor Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 21/60] scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 22/60] staging: rtl8712: fix multiline derefernce warnings Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 23/60] iio: buffer: Don't allow buffers without any channels enabled to be activated Sasha Levin
2020-06-19 16:27 ` Jonathan Cameron
2020-06-22 0:07 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 24/60] ALSA: usb-audio: Improve frames size computation Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 25/60] s390/qdio: put thinint indicator after early error Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 26/60] tty: hvc: Fix data abort due to race in hvc_open Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 27/60] staging: sm750fb: add missing case while setting FB_VISUAL Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 28/60] i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 29/60] serial: amba-pl011: Make sure we initialize the port.lock spinlock Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 30/60] drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 31/60] PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 32/60] power: supply: smb347-charger: IRQSTAT_D is volatile Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 33/60] scsi: mpt3sas: Fix double free warnings Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 34/60] dlm: remove BUG() before panic() Sasha Levin
2020-06-18 1:29 ` [Cluster-devel] " Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 35/60] clk: ti: composite: fix memory leak Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 36/60] tty: n_gsm: Fix SOF skipping Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 37/60] tty: n_gsm: Fix waking up upper tty layer when room available Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 38/60] powerpc/pseries/ras: Fix FWNMI_VALID off by one Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 39/60] powerpc/ps3: Fix kexec shutdown hang Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 40/60] vfio-pci: Mask cap zero Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 41/60] usb/ohci-platform: Fix a warning when hibernating Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 42/60] USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 43/60] tty: n_gsm: Fix bogus i++ in gsm_data_kick Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 44/60] clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 45/60] watchdog: da9062: No need to ping manually before setting timeout Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 46/60] usb: dwc2: gadget: move gadget resume after the core is in L0 state Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 47/60] USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 48/60] usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 49/60] usb: gadget: fix potential double-free in m66592_probe Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 50/60] vfio/pci: fix memory leaks of eventfd ctx Sasha Levin
2020-06-18 1:37 ` Alex Williamson
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 51/60] net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 52/60] ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed Sasha Levin
2020-06-18 1:29 ` Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 53/60] openrisc: Fix issue with argument clobbering for clone/fork Sasha Levin
2020-06-18 1:29 ` [OpenRISC] " Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 54/60] gfs2: Allow lock_nolock mount to specify jid=X Sasha Levin
2020-06-18 1:29 ` [Cluster-devel] " Sasha Levin
2020-06-18 1:29 ` [PATCH AUTOSEL 4.4 55/60] scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj Sasha Levin
2020-06-18 1:30 ` Sasha Levin [this message]
2020-06-18 1:30 ` [PATCH AUTOSEL 4.4 57/60] include/linux/bitops.h: avoid clang shift-count-overflow warnings Sasha Levin
2020-06-18 1:30 ` [PATCH AUTOSEL 4.4 58/60] elfnote: mark all .note sections SHF_ALLOC Sasha Levin
2020-06-18 1:30 ` [PATCH AUTOSEL 4.4 59/60] selftests/net: in timestamping, strncpy needs to preserve null byte Sasha Levin
2020-06-18 1:30 ` [PATCH AUTOSEL 4.4 60/60] scsi: acornscsi: Fix an error handling path in acornscsi_probe() Sasha Levin
2020-06-18 1:30 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200618013004.610532-56-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=jannh@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=zaslonko@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.