All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ingo Molnar <mingo@kernel.org>
To: Thomas Garnier <thgarnie@google.com>
Cc: Kees Cook <keescook@chromium.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	x86@kernel.org, Borislav Petkov <bp@suse.de>,
	Juergen Gross <jgross@suse.com>,
	Matt Fleming <matt@codeblueprint.co.uk>,
	Toshi Kani <toshi.kani@hpe.com>, Baoquan He <bhe@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Dan Williams <dan.j.williams@intel.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Martin Schwidefsky <schwidefsky@de.ibm.com>,
	Andy Lutomirski <luto@kernel.org>,
	Alexander Kuleshov <kuleshovmail@gmail.com>,
	Alexander Popov <alpopov@ptsecurity.com>,
	Joerg Roedel <jroedel@suse.de>, Dave Young <dyoung@redhat.com>,
	Lv Zheng <lv.zheng@intel.com>, Mark Salter <msalter@redhat.com>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	Dmitry Vyukov <dvyukov@google.com>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	David Rientjes <rientjes@google.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Jan Beulich <JBeulich@suse.com>,
	Kefeng Wang <wangkefeng.wang@huawei.com>,
	Seth Jennings <sjennings@variantweb.net>,
	Yinghai Lu <yinghai@kernel.org>,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v6 1/3] x86/mm: PUD VA support for physical mapping (x86_64)
Date: Tue, 21 Jun 2016 10:18:18 +0200	[thread overview]
Message-ID: <20160621081818.GA10442@gmail.com> (raw)
In-Reply-To: <CAJcbSZGFjcniVwmtcVFCYAPxzGwv2oSbH1c86goKPjZeLH9tqQ@mail.gmail.com>


* Thomas Garnier <thgarnie@google.com> wrote:

> > Secondly, and that's a new problem introduced by this patch:
> >
> >> +     int i = pud_index((unsigned long)__va(addr));
> >> +             pud_t *pud = pud_page + pud_index((unsigned long)__va(addr));
> >
> > ... beyond the repetition, using type casts is fragile. Type casts should be a red
> > flag to anyone involved in low level, security relevant code! So I'm pretty
> > unhappy about seeing such a problem in such a patch.
> >
> > This code should be doing something like:
> >
> >         unsigned long vaddr_start = __va(paddr_start);
> >
> > ... which gets rid of the type cast, the repetition and documents the code much
> > better as well.
> 
> Unfortunately, we can't do that because __va return a void*. We will
> get this warning on compile:
> 
> arch/x86/mm/init_64.c:537:8: warning: assignment makes integer from
> pointer without a cast [enabled by default]
>   vaddr = __va(paddr_start);
> 
> If we used void*, we would need to type cast even more places. What do
> you think?

Hm, indeed, you are right - so I guess the type cast is OK.

Thanks,

	Ingo

  reply	other threads:[~2016-06-21  8:29 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-25 22:57 [PATCH v6 0/3] x86/mm: memory area address KASLR Kees Cook
2016-05-25 22:57 ` [PATCH v6 1/3] x86/mm: PUD VA support for physical mapping (x86_64) Kees Cook
2016-06-17  9:02   ` Ingo Molnar
2016-06-20 16:17     ` Thomas Garnier
2016-06-21  8:18       ` Ingo Molnar [this message]
2016-05-25 22:57 ` [PATCH v6 2/3] x86/mm: Implement ASLR for kernel memory sections (x86_64) Kees Cook
2016-06-17 10:26   ` Ingo Molnar
2016-06-17 17:29     ` Kees Cook
2016-06-21 16:46     ` Thomas Garnier
2016-05-25 22:57 ` [PATCH v6 3/3] x86/mm: Memory hotplug support for KASLR memory randomization Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160621081818.GA10442@gmail.com \
    --to=mingo@kernel.org \
    --cc=JBeulich@suse.com \
    --cc=akpm@linux-foundation.org \
    --cc=alpopov@ptsecurity.com \
    --cc=aneesh.kumar@linux.vnet.ibm.com \
    --cc=bhe@redhat.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=borntraeger@de.ibm.com \
    --cc=bp@suse.de \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=dvyukov@google.com \
    --cc=dyoung@redhat.com \
    --cc=hpa@zytor.com \
    --cc=jgross@suse.com \
    --cc=jroedel@suse.de \
    --cc=keescook@chromium.org \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=kuleshovmail@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=lv.zheng@intel.com \
    --cc=matt@codeblueprint.co.uk \
    --cc=mingo@redhat.com \
    --cc=msalter@redhat.com \
    --cc=rientjes@google.com \
    --cc=schwidefsky@de.ibm.com \
    --cc=sds@tycho.nsa.gov \
    --cc=sjennings@variantweb.net \
    --cc=tglx@linutronix.de \
    --cc=thgarnie@google.com \
    --cc=toshi.kani@hpe.com \
    --cc=wangkefeng.wang@huawei.com \
    --cc=x86@kernel.org \
    --cc=yinghai@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.