From: David Hildenbrand <[email protected]>
To: Al Viro <[email protected]>,
Nick Desaulniers <[email protected]>
Cc: Arnd Bergmann <[email protected]>,
David Laight <[email protected]>,
Christoph Hellwig <[email protected]>,
Greg KH <[email protected]>,
"[email protected]" <[email protected]>,
Andrew Morton <[email protected]>,
Jens Axboe <[email protected]>, David Howells <[email protected]>,
"[email protected]"
<[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]" <[email protected]>,
"[email protected]"
<[email protected]>
Subject: Re: Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c"
Date: Fri, 23 Oct 2020 15:12:23 +0200 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
On 22.10.20 21:24, Al Viro wrote:
> On Thu, Oct 22, 2020 at 12:04:52PM -0700, Nick Desaulniers wrote:
>
>> Passing an `unsigned long` as an `unsigned int` does no such
>> narrowing: https://godbolt.org/z/TvfMxe (same vice-versa, just tail
>> calls, no masking instructions).
>> So if rw_copy_check_uvector() is inlined into import_iovec() (looking
>> at the mainline@1028ae406999), then children calls of
>> `rw_copy_check_uvector()` will be interpreting the `nr_segs` register
>> unmodified, ie. garbage in the upper 32b.
>
> FWIW,
>
> void f(unsinged long v)
> {
> if (v != 1)
> printf("failed\n");
> }
>
> void g(unsigned int v)
> {
> f(v);
> }
>
> void h(unsigned long v)
> {
> g(v);
> }
>
> main()
> {
> h(0x100000001);
> }
>
> must not produce any output on a host with 32bit int and 64bit long, regardless of
> the inlining, having functions live in different compilation units, etc.
>
> Depending upon the calling conventions, compiler might do truncation in caller or
> in a callee, but it must be done _somewhere_.
The interesting case is having g() in a separate compilation unit and
force-calling g() with 0x100000001 via inline ASM. So forcing garbage
into high bits.
I'll paly with it.
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2020-10-23 13:12 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-25 4:51 let import_iovec deal with compat_iovecs as well v4 Christoph Hellwig
2020-09-25 4:51 ` [PATCH 1/9] compat.h: fix a spelling error in <linux/compat.h> Christoph Hellwig
2020-09-25 4:51 ` [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c Christoph Hellwig
2020-10-21 16:13 ` Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c" Greg KH
2020-10-21 20:59 ` David Laight
2020-10-21 23:39 ` Al Viro
2020-10-22 8:26 ` Greg KH
2020-10-22 8:35 ` David Hildenbrand
2020-10-22 8:40 ` David Laight
2020-10-22 8:48 ` David Hildenbrand
2020-10-22 9:01 ` Greg KH
2020-10-22 9:06 ` David Laight
2020-10-22 9:19 ` David Hildenbrand
2020-10-22 9:25 ` David Hildenbrand
2020-10-22 9:32 ` David Laight
2020-10-22 9:36 ` David Hildenbrand
2020-10-22 10:48 ` Greg KH
2020-10-22 12:18 ` Greg KH
2020-10-22 12:42 ` David Hildenbrand
2020-10-22 12:57 ` Greg KH
2020-10-22 13:50 ` Greg KH
[not found] ` <CAK8P3a1B7OVdyzW0-97JwzZiwp0D0fnSfyete16QTvPp_1m07A@mail.gmail.com>
2020-10-22 14:40 ` Greg KH
2020-10-22 16:15 ` David Laight
2020-10-23 12:46 ` David Laight
2020-10-23 13:09 ` David Hildenbrand
2020-10-23 14:33 ` David Hildenbrand
2020-10-23 14:39 ` David Laight
2020-10-23 14:47 ` 'Greg KH'
2020-10-23 16:33 ` David Hildenbrand
2020-11-02 9:06 ` David Laight
2020-11-02 13:52 ` 'Greg KH'
2020-11-02 18:23 ` David Laight
2020-10-23 17:58 ` Al Viro
2020-10-23 18:27 ` Segher Boessenkool
2020-10-23 21:28 ` David Laight
2020-10-24 17:29 ` Segher Boessenkool
2020-10-24 21:12 ` David Laight
[not found] ` <CAK8P3a1n+b8hOMhNQSDzgic03dyXbmpccfTJ3C1bGKvzsgMXbg@mail.gmail.com>
2020-10-23 13:28 ` David Laight
2020-10-22 13:23 ` Christoph Hellwig
2020-10-22 16:35 ` David Laight
2020-10-22 16:40 ` Matthew Wilcox
2020-10-22 16:50 ` David Laight
2020-10-22 17:00 ` Nick Desaulniers
2020-10-22 20:59 ` Eric Biggers
2020-10-22 21:28 ` Al Viro
2020-10-22 18:19 ` Al Viro
2020-10-22 17:54 ` Nick Desaulniers
[not found] ` <CAK8P3a3LjG+ZvmQrkb9zpgov8xBkQQWrkHBPgjfYSqBKGrwT4w@mail.gmail.com>
2020-10-22 19:04 ` Nick Desaulniers
2020-10-22 19:24 ` Al Viro
2020-10-22 19:27 ` Al Viro
2020-10-22 20:06 ` Al Viro
2020-10-22 20:09 ` Al Viro
2020-10-22 20:11 ` Nick Desaulniers
2020-10-22 22:07 ` David Laight
2020-10-23 13:12 ` David Hildenbrand [this message]
2020-10-22 22:04 ` David Laight
2020-10-22 9:28 ` David Laight
2020-10-22 9:02 ` David Laight
2020-09-25 4:51 ` [PATCH 3/9] iov_iter: refactor rw_copy_check_uvector and import_iovec Christoph Hellwig
2020-09-25 4:51 ` [PATCH 4/9] iov_iter: transparently handle compat iovecs in import_iovec Christoph Hellwig
2020-09-25 4:51 ` [PATCH 5/9] fs: remove various compat readv/writev helpers Christoph Hellwig
2020-09-25 4:51 ` [PATCH 6/9] fs: remove the compat readv/writev syscalls Christoph Hellwig
2020-09-25 4:51 ` [PATCH 7/9] fs: remove compat_sys_vmsplice Christoph Hellwig
2020-09-25 4:51 ` [PATCH 8/9] mm: remove compat_process_vm_{readv,writev} Christoph Hellwig
2020-09-25 4:51 ` [PATCH 9/9] security/keys: remove compat_keyctl_instantiate_key_iov Christoph Hellwig
2020-09-25 15:23 ` let import_iovec deal with compat_iovecs as well v4 Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox