From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Ido Schimmel <idosch@mellanox.com>,
Will Deacon <will.deacon@arm.com>,
Vadim Pasternak <vadimp@mellanox.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Jacek Anaszewski <jacek.anaszewski@gmail.com>,
Pavel Machek <pavel@ucw.cz>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Matthias Kaehlcke <mka@chromium.org>
Subject: [PATCH 4.19 02/73] include/linux/bitops.h: sanitize rotate primitives
Date: Fri, 7 Jun 2019 17:38:49 +0200 [thread overview]
Message-ID: <20190607153848.955759584@linuxfoundation.org> (raw)
In-Reply-To: <20190607153848.669070800@linuxfoundation.org>
From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
commit ef4d6f6b275c498f8e5626c99dbeefdc5027f843 upstream.
The ror32 implementation (word >> shift) | (word << (32 - shift) has
undefined behaviour if shift is outside the [1, 31] range. Similarly
for the 64 bit variants. Most callers pass a compile-time constant
(naturally in that range), but there's an UBSAN report that these may
actually be called with a shift count of 0.
Instead of special-casing that, we can make them DTRT for all values of
shift while also avoiding UB. For some reason, this was already partly
done for rol32 (which was well-defined for [0, 31]). gcc 8 recognizes
these patterns as rotates, so for example
__u32 rol32(__u32 word, unsigned int shift)
{
return (word << (shift & 31)) | (word >> ((-shift) & 31));
}
compiles to
0000000000000020 <rol32>:
20: 89 f8 mov %edi,%eax
22: 89 f1 mov %esi,%ecx
24: d3 c0 rol %cl,%eax
26: c3 retq
Older compilers unfortunately do not do as well, but this only affects
the small minority of users that don't pass constants.
Due to integer promotions, ro[lr]8 were already well-defined for shifts
in [0, 8], and ro[lr]16 were mostly well-defined for shifts in [0, 16]
(only mostly - u16 gets promoted to _signed_ int, so if bit 15 is set,
word << 16 is undefined). For consistency, update those as well.
Link: http://lkml.kernel.org/r/20190410211906.2190-1-linux@rasmusvillemoes.dk
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Reported-by: Ido Schimmel <idosch@mellanox.com>
Tested-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Will Deacon <will.deacon@arm.com>
Cc: Vadim Pasternak <vadimp@mellanox.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Jacek Anaszewski <jacek.anaszewski@gmail.com>
Cc: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/bitops.h | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/include/linux/bitops.h
+++ b/include/linux/bitops.h
@@ -60,7 +60,7 @@ static __always_inline unsigned long hwe
*/
static inline __u64 rol64(__u64 word, unsigned int shift)
{
- return (word << shift) | (word >> (64 - shift));
+ return (word << (shift & 63)) | (word >> ((-shift) & 63));
}
/**
@@ -70,7 +70,7 @@ static inline __u64 rol64(__u64 word, un
*/
static inline __u64 ror64(__u64 word, unsigned int shift)
{
- return (word >> shift) | (word << (64 - shift));
+ return (word >> (shift & 63)) | (word << ((-shift) & 63));
}
/**
@@ -80,7 +80,7 @@ static inline __u64 ror64(__u64 word, un
*/
static inline __u32 rol32(__u32 word, unsigned int shift)
{
- return (word << shift) | (word >> ((-shift) & 31));
+ return (word << (shift & 31)) | (word >> ((-shift) & 31));
}
/**
@@ -90,7 +90,7 @@ static inline __u32 rol32(__u32 word, un
*/
static inline __u32 ror32(__u32 word, unsigned int shift)
{
- return (word >> shift) | (word << (32 - shift));
+ return (word >> (shift & 31)) | (word << ((-shift) & 31));
}
/**
@@ -100,7 +100,7 @@ static inline __u32 ror32(__u32 word, un
*/
static inline __u16 rol16(__u16 word, unsigned int shift)
{
- return (word << shift) | (word >> (16 - shift));
+ return (word << (shift & 15)) | (word >> ((-shift) & 15));
}
/**
@@ -110,7 +110,7 @@ static inline __u16 rol16(__u16 word, un
*/
static inline __u16 ror16(__u16 word, unsigned int shift)
{
- return (word >> shift) | (word << (16 - shift));
+ return (word >> (shift & 15)) | (word << ((-shift) & 15));
}
/**
@@ -120,7 +120,7 @@ static inline __u16 ror16(__u16 word, un
*/
static inline __u8 rol8(__u8 word, unsigned int shift)
{
- return (word << shift) | (word >> (8 - shift));
+ return (word << (shift & 7)) | (word >> ((-shift) & 7));
}
/**
@@ -130,7 +130,7 @@ static inline __u8 rol8(__u8 word, unsig
*/
static inline __u8 ror8(__u8 word, unsigned int shift)
{
- return (word >> shift) | (word << (8 - shift));
+ return (word >> (shift & 7)) | (word << ((-shift) & 7));
}
/**
next prev parent reply other threads:[~2019-06-07 15:57 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-07 15:38 [PATCH 4.19 00/73] 4.19.49-stable review Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 01/73] sparc64: Fix regression in non-hypervisor TLB flush xcall Greg Kroah-Hartman
2019-06-07 15:38 ` Greg Kroah-Hartman [this message]
2019-06-07 15:38 ` [PATCH 4.19 03/73] xhci: update bounce buffer with correct sg num Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 04/73] xhci: Use %zu for printing size_t type Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 05/73] xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 06/73] usb: xhci: avoid null pointer deref when bos field is NULL Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 07/73] usbip: usbip_host: fix BUG: sleeping function called from invalid context Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 08/73] usbip: usbip_host: fix stub_dev lock context imbalance regression Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 09/73] USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 10/73] USB: sisusbvga: fix oops in error path of sisusb_probe Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 11/73] USB: Add LPM quirk for Surface Dock GigE adapter Greg Kroah-Hartman
2019-06-07 15:38 ` [PATCH 4.19 12/73] USB: rio500: refuse more than one device at a time Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 13/73] USB: rio500: fix memory leak in close after disconnect Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 14/73] media: usb: siano: Fix general protection fault in smsusb Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 15/73] media: usb: siano: Fix false-positive "uninitialized variable" warning Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 16/73] media: smsusb: better handle optional alignment Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 17/73] brcmfmac: fix NULL pointer derefence during USB disconnect Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 18/73] scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 19/73] scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 20/73] tracing: Avoid memory leak in predicate_parse() Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 21/73] Btrfs: fix wrong ctime and mtime of a directory after log replay Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 22/73] Btrfs: fix race updating log root item during fsync Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 23/73] Btrfs: fix fsync not persisting changed attributes of a directory Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 24/73] Btrfs: incremental send, fix file corruption when no-holes feature is enabled Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 25/73] iio: dac: ds4422/ds4424 fix chip verification Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 26/73] iio: adc: ti-ads8688: fix timestamp is not updated in buffer Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 27/73] s390/crypto: fix gcm-aes-s390 selftest failures Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 28/73] s390/crypto: fix possible sleep during spinlock aquired Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 29/73] KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 30/73] powerpc/perf: Fix MMCRA corruption by bhrb_filter Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 31/73] ALSA: line6: Assure canceling delayed work at disconnection Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 32/73] ALSA: hda/realtek - Set default power save node to 0 Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 33/73] ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 34/73] KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 35/73] drm/nouveau/i2c: Disable i2c bus access after ->fini() Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 36/73] i2c: mlxcpld: Fix wrong initialization order in probe Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 37/73] i2c: synquacer: fix synquacer_i2c_doxfer() return value Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 38/73] tty: serial: msm_serial: Fix XON/XOFF Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 39/73] tty: max310x: Fix external crystal register setup Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 40/73] memcg: make it work on sparse non-0-node systems Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 41/73] kernel/signal.c: trace_signal_deliver when signal_group_exit Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 42/73] arm64: Fix the arm64_personality() syscall wrapper redirection Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 43/73] docs: Fix conf.py for Sphinx 2.0 Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 44/73] doc: Cope with the deprecation of AutoReporter Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 45/73] doc: Cope with Sphinx logging deprecations Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 46/73] ima: show rules with IMA_INMASK correctly Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 47/73] evm: check hash algorithm passed to init_desc() Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 48/73] vt/fbcon: deinitialize resources in visual_init() after failed memory allocation Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 49/73] serial: sh-sci: disable DMA for uart_console Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 50/73] staging: vc04_services: prevent integer overflow in create_pagelist() Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 51/73] staging: wlan-ng: fix adapter initialization failure Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 52/73] cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 53/73] CIFS: cifs_read_allocate_pages: dont iterate through whole page array on ENOMEM Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 54/73] Revert "lockd: Show pid of lockd for remote locks" Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 55/73] gcc-plugins: Fix build failures under Darwin host Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 56/73] drm/tegra: gem: Fix CPU-cache maintenance for BOs allocated using get_pages() Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 57/73] drm/vmwgfx: Dont send drm sysfs hotplug events on initial master set Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 58/73] drm/sun4i: Fix sun8i HDMI PHY clock initialization Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 59/73] drm/sun4i: Fix sun8i HDMI PHY configuration for > 148.5 MHz Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 60/73] drm/rockchip: shutdown drm subsystem on shutdown Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 61/73] drm/lease: Make sure implicit planes are leased Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 62/73] Compiler Attributes: add support for __copy (gcc >= 9) Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 63/73] include/linux/module.h: copy __init/__exit attrs to init/cleanup_module Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 64/73] Revert "x86/build: Move _etext to actual end of .text" Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 65/73] Revert "binder: fix handling of misaligned binder object" Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 66/73] binder: fix race between munmap() and direct reclaim Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 67/73] x86/ftrace: Do not call function graph from dynamic trampolines Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 68/73] x86/ftrace: Set trampoline pages as executable Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 69/73] x86/kprobes: Set instruction page " Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 70/73] scsi: lpfc: Fix backport of faf5a744f4f8 ("scsi: lpfc: avoid uninitialized variable warning") Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 71/73] of: overlay: validate overlay properties #address-cells and #size-cells Greg Kroah-Hartman
2019-06-07 15:39 ` [PATCH 4.19 72/73] of: overlay: set node fields from properties when add new overlay node Greg Kroah-Hartman
2019-06-07 15:40 ` [PATCH 4.19 73/73] media: uvcvideo: Fix uvc_alloc_entity() allocation alignment Greg Kroah-Hartman
2019-06-07 19:29 ` [PATCH 4.19 00/73] 4.19.49-stable review kernelci.org bot
2019-06-08 7:53 ` Naresh Kamboju
2019-06-08 18:49 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190607153848.955759584@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=idosch@mellanox.com \
--cc=jacek.anaszewski@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mka@chromium.org \
--cc=pavel@ucw.cz \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vadimp@mellanox.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).