[PATCH] Make sure get_user_desc() doesn't sign extend.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Make sure get_user_desc() doesn't sign extend.
@ 2009-10-21  7:40 Chris Lalancette
  2009-10-21  9:52 ` Paolo Bonzini
  0 siblings, 1 reply; 3+ messages in thread
From: Chris Lalancette @ 2009-10-21  7:40 UTC (permalink / raw)
  To: mingo; +Cc: x86, kvm, pbonzini, Chris Lalancette

The current implementation of get_user_desc() sign extends
the return value because of integer promotion rules.  For
the most part, this doesn't matter, because the top bit of
base2 is usually 0.  If, however, that bit is 1, then the
entire value will be 0xffff... which is probably not what
the caller intended.  This patch casts the entire thing
to unsigned before returning, which generates almost the
same assembly as the current code but replaces the final
"cltq" (sign extend) with a "mov %eax %eax" (zero-extend).
This fixes booting certain guests under KVM.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
---
 arch/x86/include/asm/desc.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
index e8de2f6..617bd56 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -288,7 +288,7 @@ static inline void load_LDT(mm_context_t *pc)

 static inline unsigned long get_desc_base(const struct desc_struct *desc)
 {
-	return desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24);
+	return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24));
 }

 static inline void set_desc_base(struct desc_struct *desc, unsigned long base)
-- 
1.6.0.6

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Make sure get_user_desc() doesn't sign extend.
  2009-10-21  7:40 [PATCH] Make sure get_user_desc() doesn't sign extend Chris Lalancette
@ 2009-10-21  9:52 ` Paolo Bonzini
  0 siblings, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2009-10-21  9:52 UTC (permalink / raw)
  To: Chris Lalancette; +Cc: mingo, x86, kvm

On 10/21/2009 09:40 AM, Chris Lalancette wrote:
> The current implementation of get_user_desc() sign extends
> the return value because of integer promotion rules.  For
> the most part, this doesn't matter, because the top bit of
> base2 is usually 0.  If, however, that bit is 1, then the
> entire value will be 0xffff... which is probably not what
> the caller intended.  This patch casts the entire thing
> to unsigned before returning, which generates almost the
> same assembly as the current code but replaces the final
> "cltq" (sign extend) with a "mov %eax %eax" (zero-extend).
> This fixes booting certain guests under KVM.

For the record, the reason why this wasn't noticed so far is that 
get_user_desc will be zero outside KVM except if used for FS and GS. 
KVM with the right guest will easily see a 0xC0000000 segment base, but 
you would need TLS data allocated above 2 GB to see the bug outside KVM. 
  TLS data is in the same mmap-ed memory that hosts the thread stacks, 
so it will typically be below the 2 GB mark and have its most 
significant bit cleared.

I suppose you could see the bug if you used pthread_attr_setstack, plus 
of course all the right circumstances---which are rare because all but 
the most obscure users anyway cast the result to u32.

Paolo

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH] Make sure get_user_desc() doesn't sign extend.
@ 2009-10-23 11:20 Chris Lalancette
  0 siblings, 0 replies; 3+ messages in thread
From: Chris Lalancette @ 2009-10-23 11:20 UTC (permalink / raw)
  To: x86; +Cc: mingo, kvm, pbonzini, linux-kernel, Chris Lalancette

The current implementation of get_user_desc() sign extends
the return value because of integer promotion rules.  For
the most part, this doesn't matter, because the top bit of
base2 is usually 0.  If, however, that bit is 1, then the
entire value will be 0xffff... which is probably not what
the caller intended.  This patch casts the entire thing
to unsigned before returning, which generates almost the
same assembly as the current code but replaces the final
"cltq" (sign extend) with a "mov %eax %eax" (zero-extend).
This fixes booting certain guests under KVM.

(resend; I got no response last time so I guess I sent it to
the wrong places)

Signed-off-by: Chris Lalancette <clalance@redhat.com>
---
 arch/x86/include/asm/desc.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
index e8de2f6..617bd56 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -288,7 +288,7 @@ static inline void load_LDT(mm_context_t *pc)

 static inline unsigned long get_desc_base(const struct desc_struct *desc)
 {
-	return desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24);
+	return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24));
 }

 static inline void set_desc_base(struct desc_struct *desc, unsigned long base)
-- 
1.6.0.6

^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2009-10-23 11:21 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-21  7:40 [PATCH] Make sure get_user_desc() doesn't sign extend Chris Lalancette
2009-10-21  9:52 ` Paolo Bonzini
  -- strict thread matches above, loose matches on Subject: below --
2009-10-23 11:20 Chris Lalancette

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.