From: Michael Ellerman <mpe@ellerman.id.au>
To: LEROY Christophe <christophe.leroy@csgroup.eu>,
Kees Cook <keescook@chromium.org>
Cc: kernel test robot <lkp@intel.com>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Sudeep Holla <sudeep.holla@arm.com>,
Peter Zijlstra <peterz@infradead.org>,
Nicholas Piggin <npiggin@gmail.com>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>
Subject: Re: [PATCH] powerpc/signal32: Use struct_group() to zero spe regs
Date: Mon, 22 Nov 2021 16:43:36 +1100 [thread overview]
Message-ID: <87ilwkrbhz.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <1e312cbd-cd52-ddce-f839-db765173c526@csgroup.eu>
LEROY Christophe <christophe.leroy@csgroup.eu> writes:
> Le 18/11/2021 à 21:36, Kees Cook a écrit :
>> In preparation for FORTIFY_SOURCE performing compile-time and run-time
>> field bounds checking for memset(), avoid intentionally writing across
>> neighboring fields.
>>
>> Add a struct_group() for the spe registers so that memset() can correctly reason
>> about the size:
>>
>> In function 'fortify_memset_chk',
>> inlined from 'restore_user_regs.part.0' at arch/powerpc/kernel/signal_32.c:539:3:
>> >> include/linux/fortify-string.h:195:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
>> 195 | __write_overflow_field();
>> | ^~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Reported-by: kernel test robot <lkp@intel.com>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>
> Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
> However, is it really worth adding that grouping ? Wouldn't it be
> cleaner to handle evr[] and acc separately ? Now that we are using
> unsafe variants of get/put user performance wouldn't be impacted.
Yeah I agree we should be able to do less of these multi-field copies
now that we have unsafe get/put user.
But I think that's an issue for another patch, Kees' patch is an
improvement, even if the code could be improved further in future.
Though TBH I'm not sure what the future of SPE support is. Both GCC and
glibc have dropped support for it, more than 2 years ago, so it's not
clear to me if we should continue to support it in the kernel much
longer.
cheers
WARNING: multiple messages have this Message-ID (diff)
From: Michael Ellerman <mpe@ellerman.id.au>
To: LEROY Christophe <christophe.leroy@csgroup.eu>,
Kees Cook <keescook@chromium.org>
Cc: kernel test robot <lkp@intel.com>,
Peter Zijlstra <peterz@infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Nicholas Piggin <npiggin@gmail.com>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>,
Paul Mackerras <paulus@samba.org>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
Sudeep Holla <sudeep.holla@arm.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH] powerpc/signal32: Use struct_group() to zero spe regs
Date: Mon, 22 Nov 2021 16:43:36 +1100 [thread overview]
Message-ID: <87ilwkrbhz.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <1e312cbd-cd52-ddce-f839-db765173c526@csgroup.eu>
LEROY Christophe <christophe.leroy@csgroup.eu> writes:
> Le 18/11/2021 à 21:36, Kees Cook a écrit :
>> In preparation for FORTIFY_SOURCE performing compile-time and run-time
>> field bounds checking for memset(), avoid intentionally writing across
>> neighboring fields.
>>
>> Add a struct_group() for the spe registers so that memset() can correctly reason
>> about the size:
>>
>> In function 'fortify_memset_chk',
>> inlined from 'restore_user_regs.part.0' at arch/powerpc/kernel/signal_32.c:539:3:
>> >> include/linux/fortify-string.h:195:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
>> 195 | __write_overflow_field();
>> | ^~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Reported-by: kernel test robot <lkp@intel.com>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>
> Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
> However, is it really worth adding that grouping ? Wouldn't it be
> cleaner to handle evr[] and acc separately ? Now that we are using
> unsafe variants of get/put user performance wouldn't be impacted.
Yeah I agree we should be able to do less of these multi-field copies
now that we have unsafe get/put user.
But I think that's an issue for another patch, Kees' patch is an
improvement, even if the code could be improved further in future.
Though TBH I'm not sure what the future of SPE support is. Both GCC and
glibc have dropped support for it, more than 2 years ago, so it's not
clear to me if we should continue to support it in the kernel much
longer.
cheers
next prev parent reply other threads:[~2021-11-22 5:43 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-18 20:36 [PATCH] powerpc/signal32: Use struct_group() to zero spe regs Kees Cook
2021-11-18 20:36 ` Kees Cook
2021-11-19 8:46 ` LEROY Christophe
2021-11-19 16:28 ` Kees Cook
2021-11-19 16:28 ` Kees Cook
2021-11-19 16:35 ` Christophe Leroy
2021-11-19 16:35 ` Christophe Leroy
2021-11-19 16:42 ` Kees Cook
2021-11-19 16:42 ` Kees Cook
2021-11-22 5:43 ` Michael Ellerman [this message]
2021-11-22 5:43 ` Michael Ellerman
2021-11-22 20:47 ` Kees Cook
2021-11-22 20:47 ` Kees Cook
2021-11-24 0:08 ` Michael Ellerman
2021-11-24 0:08 ` Michael Ellerman
2021-12-01 18:55 ` Kees Cook
2021-12-01 18:55 ` Kees Cook
2021-12-07 13:27 ` Michael Ellerman
2021-12-07 13:27 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ilwkrbhz.fsf@mpe.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=aneesh.kumar@linux.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=christophe.leroy@csgroup.eu \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lkp@intel.com \
--cc=npiggin@gmail.com \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=sudeep.holla@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.