From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.2 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95B21C433F5 for ; Mon, 13 Sep 2021 19:53:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6DCC5610FE for ; Mon, 13 Sep 2021 19:53:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347623AbhIMTyv (ORCPT ); Mon, 13 Sep 2021 15:54:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240745AbhIMTyr (ORCPT ); Mon, 13 Sep 2021 15:54:47 -0400 Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EDA5CC061760 for ; Mon, 13 Sep 2021 12:53:30 -0700 (PDT) Received: by mail-lf1-x135.google.com with SMTP id c8so23518550lfi.3 for ; Mon, 13 Sep 2021 12:53:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IuIV1pMgtSTFHYB/MlE6n0ObQf+QrwwyHfpeOlhLGV4=; b=KtLYMNSMN0Y5c8c4r4J0ZLqCJXsRLL29VR5uX/2Yu4BVj5zwY2hNGlKuYA+6nTpKM1 ivocdJ+TW1l885Sq1gNrjIVMJ8HXJuAGqEkh92ycGBDRf1c2rfkZRpvYFsy3oAxFDGUW qaxOOWivMUORLVhuNZz2TQd6lccTVM0cm2bUF0QCL00suayRvj14i4d67X8frC65ox1j m4MFscHPBjjXUEqDTQ356k+5sssUHbTvpg7sBwdXEvNlH8GkYqhFp8bud6Yi44KxE8hi 48knGdoWzMrFo1fqqE/HDdhaxB9RXcCee9xpP7vflu05cgMvZkTEo0YYwmoB7vRUkjGt G8zA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IuIV1pMgtSTFHYB/MlE6n0ObQf+QrwwyHfpeOlhLGV4=; b=Dfl9sjCjPlTegACvvxFUJJ+Jza+Y31S7bAzJuSa7ABaNn2+typlAZI0KRhSg/s89wG sxWe3+hqPWqFTYSDl5do0BRfmDFXBdyyTwGO//EzOgmQpvjYxOpi/eqJGhAW3oczAhzb wYb2ODxxdSXW4WZXDsJt3dsAwQVVhsvVjRiPkaLbGRf8YT+Kpi8k4ldE0PHboHjl7NyG C5XhJL1FVpEtD9jVfmgThC1eiepSxWNKkwUuxwgBCPjFwU9KrfiEWgW/we0nnhYxJXE8 SaRNyWlWwxrmuxRRanQxkO6kKGmAflB/awsFvma7p0E+1mdWyvEtaoLK6YvbBNtQ5XUw ZdrQ== X-Gm-Message-State: AOAM531JgE7ehljX+OwkgXCVu/U7NGlA1v9+7Pqx70PDZYpaRRNz0G2S eVEzlelfvI7kzrJbi/E1QA6KWL6tW7oE8lLoTmeo7g== X-Google-Smtp-Source: ABdhPJxUVIrSRPA+S6grlctRP94ZAZIBKy5defr5w6yBJRo3gzNh1hyZtfPLM5hyf7YELNj1ADse+/Ttsx8GxAJU0Tc= X-Received: by 2002:ac2:4c46:: with SMTP id o6mr10039958lfk.240.1631562809064; Mon, 13 Sep 2021 12:53:29 -0700 (PDT) MIME-Version: 1.0 References: <20210913131113.390368911@linuxfoundation.org> <20210913131114.028340332@linuxfoundation.org> In-Reply-To: From: Nick Desaulniers Date: Mon, 13 Sep 2021 12:53:17 -0700 Message-ID: Subject: Re: [PATCH 5.14 018/334] nbd: add the check to prevent overflow in __nbd_ioctl() To: Greg Kroah-Hartman , Linus Torvalds Cc: Naresh Kamboju , Nathan Chancellor , Baokun Li , open list , linux-stable , Hulk Robot , Josef Bacik , Jens Axboe , Sasha Levin , clang-built-linux , lkft-triage@lists.linaro.org, llvm@lists.linux.dev, Kees Cook Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 13, 2021 at 11:39 AM Nick Desaulniers wrote: > > On Mon, Sep 13, 2021 at 10:58 AM Greg Kroah-Hartman > wrote: > > > > On Mon, Sep 13, 2021 at 09:52:33PM +0530, Naresh Kamboju wrote: > > > [PATCH 00/10] raise minimum GCC version to 5.1 > > > https://lore.kernel.org/lkml/20210910234047.1019925-1-ndesaulniers@google.com/ > > > > Has anyone submitted a fix for this upstream yet? I can't seem to find > > one :( > > That lore link has a series to address this, though that's maybe > something we don't want to backport to stable. > > I thought about this all weekend; I think I might be able to work > around the one concern I had with my other approach, using > __builtin_choose_expr(). > > There's an issue with my alternative approach > (https://gist.github.com/nickdesaulniers/2479818f4983bbf2d688cebbab435863) > with declaring the local variable z in div_64() since either operand > could be 64b, which result in an unwanted truncation if the dividend > is 32b (or less, and divisor is 64b). I think (what I realized this > weekend) is that we might be able to replace the `if` with > `__builtin_choose_expr`, then have that whole expression be the final > statement and thus the "return value" of the statement expression. Christ...that...works? Though, did Linus just merge my patches for gcc 5.1? Anyways, I'll send something like this for stable: --- diff --git a/include/linux/math64.h b/include/linux/math64.h index 2928f03d6d46..e9ab8c25f8d3 100644 --- a/include/linux/math64.h +++ b/include/linux/math64.h @@ -11,6 +11,9 @@ #define div64_long(x, y) div64_s64((x), (y)) #define div64_ul(x, y) div64_u64((x), (y)) +#ifndef is_signed_type +#define is_signed_type(type) (((type)(-1)) < (type)1) +#endif /** * div_u64_rem - unsigned 64bit divide with 32bit divisor with remainder @@ -112,6 +115,15 @@ extern s64 div64_s64(s64 dividend, s64 divisor); #endif /* BITS_PER_LONG */ +#define div64_x64(dividend, divisor) ({ \ + BUILD_BUG_ON_MSG(sizeof(dividend) < sizeof(u64),\ + "prefer div_x64"); \ + __builtin_choose_expr( \ + is_signed_type(typeof(dividend)), \ + div64_s64(dividend, divisor), \ + div64_u64(dividend, divisor)); \ +}) + /** * div_u64 - unsigned 64bit divide with 32bit divisor * @dividend: unsigned 64bit dividend @@ -142,6 +154,28 @@ static inline s64 div_s64(s64 dividend, s32 divisor) } #endif +#define div_x64(dividend, divisor) ({ \ + BUILD_BUG_ON_MSG(sizeof(dividend) > sizeof(u32),\ + "prefer div64_x64"); \ + __builtin_choose_expr( \ + is_signed_type(typeof(dividend)), \ + div_s64(dividend, divisor), \ + div_u64(dividend, divisor)); \ +}) + +// TODO: what if divisor is 128b? +#define div_64(dividend, divisor) ({ \ + __builtin_choose_expr( \ + __builtin_types_compatible_p(typeof(dividend), s64) || \ + __builtin_types_compatible_p(typeof(dividend), u64), \ + __builtin_choose_expr( \ + __builtin_types_compatible_p(typeof(divisor), s64) || \ + __builtin_types_compatible_p(typeof(divisor), u64), \ + div64_x64(dividend, divisor), \ + div_x64(dividend, divisor)), \ + dividend / divisor); \ +}) + u32 iter_div_u64_rem(u64 dividend, u32 divisor, u64 *remainder); #ifndef mul_u32_u32 --- -- Thanks, ~Nick Desaulniers