From: Scott Wood <scott.wood@nxp.com>
To: Arnd Bergmann <arnd@arndb.de>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Cc: Arvind Yadav <arvind.yadav.cs@gmail.com>,
"zajec5@gmail.com" <zajec5@gmail.com>,
"leoli@freescale.com" <leoli@freescale.com>,
"qiang.zhao@freescale.com" <qiang.zhao@freescale.com>,
"viresh.kumar@linaro.org" <viresh.kumar@linaro.org>,
"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
"David.Laight@aculab.com" <David.Laight@aculab.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"scottwood@freescale.com" <scottwood@freescale.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"linux@roeck-us.net" <linux@roeck-us.net>
Subject: Re: [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems.
Date: Mon, 1 Aug 2016 16:55:43 +0000 [thread overview]
Message-ID: <DB5PR0401MB19280ACA87C7F5EE2822D5FB91040@DB5PR0401MB1928.eurprd04.prod.outlook.com> (raw)
In-Reply-To: 1956647.cOmaJREgOE@wuerfel
On 08/01/2016 02:02 AM, Arnd Bergmann wrote:
> On Sunday, July 31, 2016 4:48:44 PM CEST Arvind Yadav wrote:
>> IS_ERR_VALUE() assumes that parameter is an unsigned long.
>> It can not be used to check if 'unsigned int' is passed insted.
>> Which tends to reflect an error.
>>
>> In 64bit architectures sizeof (int) == 4 && sizeof (long) == 8.
>> IS_ERR_VALUE(x) is ((x) >= (unsigned long)-4095).
>>
>> IS_ERR_VALUE() of 'unsigned int' is always false because the 32bit
>> value is zero extended to 64 bits.
>>
>> Value of (unsigned int)-4095 is always less than value of
>> (unsigned long)-4095.
>>
>> Now We are taking only first 32 bit for error checking rest of the 32 bit
>> we ignore such that we get appropriate comparison on 64bit system as well.
>
> This is completely wrong: if you have a valid 64-bit pointer like
> 0x00001234ffffff00, this will be interpreted as an error now.
>
>> First 32bit of Value of (unsigned int)-4095 and (unsigned long)-4095 will
>> be equal.
>>
>> Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
>> ---
>> include/linux/err.h | 12 +++++++++++-
>> 1 file changed, 11 insertions(+), 1 deletion(-)
>>
>> diff --git a/include/linux/err.h b/include/linux/err.h
>> index 1e35588..c2a2789 100644
>> --- a/include/linux/err.h
>> +++ b/include/linux/err.h
>> @@ -18,7 +18,17 @@
>>
>> #ifndef __ASSEMBLY__
>>
>> -#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
>> +#define IS_ERR_VALUE(x) unlikely(is_error_check(x))
>> +
>> +static inline int is_error_check(unsigned long error)
>
> Please leave the existing macro alone. I think you were looking for
> something specific to the return code of qe_muram_alloc() function,
> so please add a helper in that subsystem if you need it, not in
> the generic header files.
qe_muram_alloc (a.k.a. cpm_muram_alloc) returns unsigned long. The
problem is certain callers that store the return value in a u32. Why
not just fix those callers to store it in unsigned long (at least until
error checking is done)?
-Scott
WARNING: multiple messages have this Message-ID (diff)
From: Scott Wood <scott.wood@nxp.com>
To: Arnd Bergmann <arnd@arndb.de>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Cc: Arvind Yadav <arvind.yadav.cs@gmail.com>,
"zajec5@gmail.com" <zajec5@gmail.com>,
"leoli@freescale.com" <leoli@freescale.com>,
"qiang.zhao@freescale.com" <qiang.zhao@freescale.com>,
"viresh.kumar@linaro.org" <viresh.kumar@linaro.org>,
"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
"David.Laight@aculab.com" <David.Laight@aculab.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"scottwood@freescale.com" <scottwood@freescale.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"linux@roeck-us.net" <linux@roeck-us.net>
Subject: Re: [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems.
Date: Mon, 1 Aug 2016 16:55:43 +0000 [thread overview]
Message-ID: <DB5PR0401MB19280ACA87C7F5EE2822D5FB91040@DB5PR0401MB1928.eurprd04.prod.outlook.com> (raw)
In-Reply-To: 1956647.cOmaJREgOE@wuerfel
On 08/01/2016 02:02 AM, Arnd Bergmann wrote:=0A=
> On Sunday, July 31, 2016 4:48:44 PM CEST Arvind Yadav wrote:=0A=
>> IS_ERR_VALUE() assumes that parameter is an unsigned long.=0A=
>> It can not be used to check if 'unsigned int' is passed insted.=0A=
>> Which tends to reflect an error.=0A=
>>=0A=
>> In 64bit architectures sizeof (int) =3D=3D 4 && sizeof (long) =3D=3D 8.=
=0A=
>> IS_ERR_VALUE(x) is ((x) >=3D (unsigned long)-4095).=0A=
>>=0A=
>> IS_ERR_VALUE() of 'unsigned int' is always false because the 32bit=0A=
>> value is zero extended to 64 bits.=0A=
>>=0A=
>> Value of (unsigned int)-4095 is always less than value of=0A=
>> (unsigned long)-4095.=0A=
>>=0A=
>> Now We are taking only first 32 bit for error checking rest of the 32 bi=
t=0A=
>> we ignore such that we get appropriate comparison on 64bit system as wel=
l.=0A=
> =0A=
> This is completely wrong: if you have a valid 64-bit pointer like=0A=
> 0x00001234ffffff00, this will be interpreted as an error now.=0A=
> =0A=
>> First 32bit of Value of (unsigned int)-4095 and (unsigned long)-4095 wil=
l=0A=
>> be equal.=0A=
>>=0A=
>> Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>=0A=
>> ---=0A=
>> include/linux/err.h | 12 +++++++++++-=0A=
>> 1 file changed, 11 insertions(+), 1 deletion(-)=0A=
>>=0A=
>> diff --git a/include/linux/err.h b/include/linux/err.h=0A=
>> index 1e35588..c2a2789 100644=0A=
>> --- a/include/linux/err.h=0A=
>> +++ b/include/linux/err.h=0A=
>> @@ -18,7 +18,17 @@=0A=
>> =0A=
>> #ifndef __ASSEMBLY__=0A=
>> =0A=
>> -#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >=3D (unsig=
ned long)-MAX_ERRNO)=0A=
>> +#define IS_ERR_VALUE(x) unlikely(is_error_check(x))=0A=
>> +=0A=
>> +static inline int is_error_check(unsigned long error)=0A=
> =0A=
> Please leave the existing macro alone. I think you were looking for=0A=
> something specific to the return code of qe_muram_alloc() function,=0A=
> so please add a helper in that subsystem if you need it, not in=0A=
> the generic header files.=0A=
=0A=
qe_muram_alloc (a.k.a. cpm_muram_alloc) returns unsigned long. The=0A=
problem is certain callers that store the return value in a u32. Why=0A=
not just fix those callers to store it in unsigned long (at least until=0A=
error checking is done)?=0A=
=0A=
-Scott=0A=
=0A=
next prev parent reply other threads:[~2016-08-01 18:32 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-31 11:18 [v4] Fix to avoid IS_ERR_VALUE and IS_ERR abuses on 64bit systems Arvind Yadav
2016-07-31 11:18 ` Arvind Yadav
2016-08-01 7:02 ` Arnd Bergmann
2016-08-01 7:02 ` Arnd Bergmann
2016-08-01 16:55 ` Scott Wood [this message]
2016-08-01 16:55 ` Scott Wood
2016-08-02 7:45 ` Arnd Bergmann
2016-08-02 7:45 ` Arnd Bergmann
2016-08-02 15:34 ` arvind Yadav
2016-08-02 15:34 ` arvind Yadav
2016-08-02 19:57 ` Scott Wood
2016-08-02 19:57 ` Scott Wood
2016-08-03 13:55 ` arvind Yadav
2016-08-02 15:48 ` arvind Yadav
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DB5PR0401MB19280ACA87C7F5EE2822D5FB91040@DB5PR0401MB1928.eurprd04.prod.outlook.com \
--to=scott.wood@nxp.com \
--cc=David.Laight@aculab.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=arvind.yadav.cs@gmail.com \
--cc=davem@davemloft.net \
--cc=leoli@freescale.com \
--cc=linux-wireless@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=netdev@vger.kernel.org \
--cc=qiang.zhao@freescale.com \
--cc=scottwood@freescale.com \
--cc=viresh.kumar@linaro.org \
--cc=zajec5@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.