From: David Laight <David.Laight@ACULAB.COM>
To: 'Al Viro' <viro@zeniv.linux.org.uk>,
Nick Desaulniers <ndesaulniers@google.com>
Cc: Arnd Bergmann <arnd@arndb.de>, Christoph Hellwig <hch@lst.de>,
"David Hildenbrand" <david@redhat.com>,
Greg KH <gregkh@linuxfoundation.org>,
"kernel-team@android.com" <kernel-team@android.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jens Axboe <axboe@kernel.dk>, David Howells <dhowells@redhat.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mips@vger.kernel.org" <linux-mips@vger.kernel.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"linux-aio@kvack.org" <linux-aio@kvack.org>,
"io-uring@vger.kernel.org" <io-uring@vger.kernel.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>
Subject: RE: Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c"
Date: Thu, 22 Oct 2020 22:07:02 +0000 [thread overview]
Message-ID: <f35a74d034054d7fa8ce8835afb1ca6c@AcuMS.aculab.com> (raw)
In-Reply-To: <20201022192458.GV3576660@ZenIV.linux.org.uk>
From: Al Viro
> Sent: 22 October 2020 20:25
>
> On Thu, Oct 22, 2020 at 12:04:52PM -0700, Nick Desaulniers wrote:
>
> > Passing an `unsigned long` as an `unsigned int` does no such
> > narrowing: https://godbolt.org/z/TvfMxe (same vice-versa, just tail
> > calls, no masking instructions).
> > So if rw_copy_check_uvector() is inlined into import_iovec() (looking
> > at the mainline@1028ae406999), then children calls of
> > `rw_copy_check_uvector()` will be interpreting the `nr_segs` register
> > unmodified, ie. garbage in the upper 32b.
>
> FWIW,
>
> void f(unsinged long v)
> {
> if (v != 1)
> printf("failed\n");
> }
>
> void g(unsigned int v)
> {
> f(v);
> }
>
> void h(unsigned long v)
> {
> g(v);
> }
>
> main()
> {
> h(0x100000001);
> }
>
> must not produce any output on a host with 32bit int and 64bit long, regardless of
> the inlining, having functions live in different compilation units, etc.
>
> Depending upon the calling conventions, compiler might do truncation in caller or
> in a callee, but it must be done _somewhere_.
Put g() in a separate compilation unit and use the 'wrong' type
in the prototypes t() used to call g() and g() uses to call f().
Then you might see where and masking does (or does not) happen.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2020-10-22 22:07 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-25 4:51 let import_iovec deal with compat_iovecs as well v4 Christoph Hellwig
2020-09-25 4:51 ` [PATCH 1/9] compat.h: fix a spelling error in <linux/compat.h> Christoph Hellwig
2020-09-25 4:51 ` [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c Christoph Hellwig
2020-10-21 16:13 ` Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c" Greg KH
2020-10-21 23:39 ` Al Viro
2020-10-22 8:26 ` Greg KH
2020-10-22 8:35 ` David Hildenbrand
2020-10-22 8:40 ` David Laight
2020-10-22 8:48 ` David Hildenbrand
2020-10-22 9:01 ` Greg KH
2020-10-22 9:19 ` David Hildenbrand
2020-10-22 9:25 ` David Hildenbrand
2020-10-22 9:32 ` David Laight
2020-10-22 9:36 ` David Hildenbrand
2020-10-22 10:48 ` Greg KH
2020-10-22 12:18 ` Greg KH
2020-10-22 12:42 ` David Hildenbrand
2020-10-22 12:57 ` Greg KH
2020-10-22 13:50 ` Greg KH
2020-10-22 14:28 ` Arnd Bergmann
2020-10-22 14:40 ` Greg KH
2020-10-22 16:15 ` David Laight
2020-10-23 12:46 ` David Laight
2020-10-23 13:09 ` David Hildenbrand
2020-10-23 14:33 ` David Hildenbrand
2020-10-23 14:39 ` David Laight
2020-10-23 14:47 ` 'Greg KH'
2020-10-23 16:33 ` David Hildenbrand
2020-11-02 9:06 ` David Laight
2020-11-02 13:52 ` 'Greg KH'
2020-11-02 18:23 ` David Laight
2020-10-23 17:58 ` Al Viro
2020-10-23 18:27 ` Segher Boessenkool
2020-10-23 21:28 ` David Laight
2020-10-24 17:29 ` Segher Boessenkool
2020-10-24 21:12 ` David Laight
2020-10-23 13:23 ` Arnd Bergmann
2020-10-23 13:28 ` David Laight
2020-10-22 13:23 ` Christoph Hellwig
2020-10-22 16:35 ` David Laight
2020-10-22 16:40 ` Matthew Wilcox
2020-10-22 16:50 ` David Laight
2020-10-22 17:00 ` Nick Desaulniers
2020-10-22 20:59 ` Eric Biggers
2020-10-22 21:28 ` Al Viro
2020-10-22 18:19 ` Al Viro
2020-10-22 17:54 ` Nick Desaulniers
2020-10-22 18:12 ` Arnd Bergmann
2020-10-22 19:04 ` Nick Desaulniers
2020-10-22 19:24 ` Al Viro
2020-10-22 19:27 ` Al Viro
2020-10-22 20:06 ` Al Viro
2020-10-22 20:09 ` Al Viro
2020-10-22 20:11 ` Nick Desaulniers
2020-10-22 22:07 ` David Laight [this message]
2020-10-23 13:12 ` David Hildenbrand
2020-10-22 20:06 ` Arnd Bergmann
2020-10-22 22:04 ` David Laight
2020-10-22 9:28 ` David Laight
2020-10-22 9:02 ` David Laight
2020-10-22 9:14 ` Arnd Bergmann
2020-10-22 9:16 ` Arnd Bergmann
2020-09-25 4:51 ` [PATCH 3/9] iov_iter: refactor rw_copy_check_uvector and import_iovec Christoph Hellwig
2020-09-25 4:51 ` [PATCH 4/9] iov_iter: transparently handle compat iovecs in import_iovec Christoph Hellwig
2020-09-25 4:51 ` [PATCH 5/9] fs: remove various compat readv/writev helpers Christoph Hellwig
2020-09-25 4:51 ` [PATCH 6/9] fs: remove the compat readv/writev syscalls Christoph Hellwig
2020-09-25 4:51 ` [PATCH 7/9] fs: remove compat_sys_vmsplice Christoph Hellwig
2020-09-25 4:51 ` [PATCH 8/9] mm: remove compat_process_vm_{readv,writev} Christoph Hellwig
2020-09-25 4:51 ` [PATCH 9/9] security/keys: remove compat_keyctl_instantiate_key_iov Christoph Hellwig
2020-09-25 15:23 ` let import_iovec deal with compat_iovecs as well v4 Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f35a74d034054d7fa8ce8835afb1ca6c@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=axboe@kernel.dk \
--cc=david@redhat.com \
--cc=dhowells@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=io-uring@vger.kernel.org \
--cc=kernel-team@android.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-aio@kvack.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=sparclinux@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).