Re: [PATCH 02/13] hvc: Fix use of uninitialized array in udbg_hvc_putc

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michael Ellerman <mpe@ellerman.id.au>
To: Christophe Leroy <christophe.leroy@csgroup.eu>,
	Nicholas Miehlbradt <nicholas@linux.ibm.com>,
	"glider@google.com" <glider@google.com>,
	"elver@google.com" <elver@google.com>,
	"dvyukov@google.com" <dvyukov@google.com>,
	"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
	"npiggin@gmail.com" <npiggin@gmail.com>
Cc: "linux-mm@kvack.org" <linux-mm@kvack.org>,
	"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
	"iii@linux.ibm.com" <iii@linux.ibm.com>,
	"kasan-dev@googlegroups.com" <kasan-dev@googlegroups.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 02/13] hvc: Fix use of uninitialized array in udbg_hvc_putc
Date: Thu, 21 Dec 2023 23:09:49 +1100	[thread overview]
Message-ID: <87frzvlpte.fsf@mail.lhotse> (raw)
In-Reply-To: <aab89390-264f-49bd-8e6e-b69de7f8c526@csgroup.eu>

Christophe Leroy <christophe.leroy@csgroup.eu> writes:
> Le 14/12/2023 à 06:55, Nicholas Miehlbradt a écrit :
>> All elements of bounce_buffer are eventually read and passed to the
>> hypervisor so it should probably be fully initialized.
>
> should or shall ?
>
>> 
>> Signed-off-by: Nicholas Miehlbradt <nicholas@linux.ibm.com>
>
> Should be a Fixed: tag ?
>
>> ---
>>   drivers/tty/hvc/hvc_vio.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/drivers/tty/hvc/hvc_vio.c b/drivers/tty/hvc/hvc_vio.c
>> index 736b230f5ec0..1e88bfcdde20 100644
>> --- a/drivers/tty/hvc/hvc_vio.c
>> +++ b/drivers/tty/hvc/hvc_vio.c
>> @@ -227,7 +227,7 @@ static const struct hv_ops hvterm_hvsi_ops = {
>>   static void udbg_hvc_putc(char c)
>>   {
>>   	int count = -1;
>> -	unsigned char bounce_buffer[16];
>> +	unsigned char bounce_buffer[16] = { 0 };
>
> Why 16 while we have a count of 1 in the call to hvterm_raw_put_chars() ?

Because hvterm_raw_put_chars() calls hvc_put_chars() which requires a 16
byte buffer, because it passes the buffer directly to firmware which
expects a 16 byte buffer.

It's a pretty horrible calling convention, but I guess it's to avoid
needing another bounce buffer inside hvc_put_chars().

We should probably do the change below, to at least document the
interface better.

cheers


diff --git a/arch/powerpc/include/asm/hvconsole.h b/arch/powerpc/include/asm/hvconsole.h
index ccb2034506f0..0ee7ed019e23 100644
--- a/arch/powerpc/include/asm/hvconsole.h
+++ b/arch/powerpc/include/asm/hvconsole.h
@@ -22,7 +22,7 @@
  * parm is included to conform to put_chars() function pointer template
  */
 extern int hvc_get_chars(uint32_t vtermno, char *buf, int count);
-extern int hvc_put_chars(uint32_t vtermno, const char *buf, int count);
+extern int hvc_put_chars(uint32_t vtermno, const char buf[16], int count);

 /* Provided by HVC VIO */
 void hvc_vio_init_early(void);
diff --git a/arch/powerpc/platforms/pseries/hvconsole.c b/arch/powerpc/platforms/pseries/hvconsole.c
index 1ac52963e08b..c40a82e49d59 100644
--- a/arch/powerpc/platforms/pseries/hvconsole.c
+++ b/arch/powerpc/platforms/pseries/hvconsole.c
@@ -52,7 +52,7 @@ EXPORT_SYMBOL(hvc_get_chars);
  *     firmware. Must be at least 16 bytes, even if count is less than 16.
  * @count: Send this number of characters.
  */
-int hvc_put_chars(uint32_t vtermno, const char *buf, int count)
+int hvc_put_chars(uint32_t vtermno, const char buf[16], int count)
 {
        unsigned long *lbuf = (unsigned long *) buf;
        long ret;
diff --git a/drivers/tty/hvc/hvc_vio.c b/drivers/tty/hvc/hvc_vio.c
index 736b230f5ec0..011b239a7e52 100644
--- a/drivers/tty/hvc/hvc_vio.c
+++ b/drivers/tty/hvc/hvc_vio.c
@@ -115,7 +115,7 @@ static int hvterm_raw_get_chars(uint32_t vtermno, char *buf, int count)
  *       you are sending fewer chars.
  * @count: number of chars to send.
  */
-static int hvterm_raw_put_chars(uint32_t vtermno, const char *buf, int count)
+static int hvterm_raw_put_chars(uint32_t vtermno, const char buf[16], int count)
 {
        struct hvterm_priv *pv = hvterm_privs[vtermno];

WARNING: multiple messages have this Message-ID (diff)

From: Michael Ellerman <mpe@ellerman.id.au>
To: Christophe Leroy <christophe.leroy@csgroup.eu>,
	Nicholas Miehlbradt <nicholas@linux.ibm.com>,
	"glider@google.com" <glider@google.com>,
	"elver@google.com" <elver@google.com>,
	"dvyukov@google.com" <dvyukov@google.com>,
	"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
	"npiggin@gmail.com" <npiggin@gmail.com>
Cc: "linux-mm@kvack.org" <linux-mm@kvack.org>,
	"kasan-dev@googlegroups.com" <kasan-dev@googlegroups.com>,
	"iii@linux.ibm.com" <iii@linux.ibm.com>,
	"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 02/13] hvc: Fix use of uninitialized array in udbg_hvc_putc
Date: Thu, 21 Dec 2023 23:09:49 +1100	[thread overview]
Message-ID: <87frzvlpte.fsf@mail.lhotse> (raw)
In-Reply-To: <aab89390-264f-49bd-8e6e-b69de7f8c526@csgroup.eu>

Christophe Leroy <christophe.leroy@csgroup.eu> writes:
> Le 14/12/2023 à 06:55, Nicholas Miehlbradt a écrit :
>> All elements of bounce_buffer are eventually read and passed to the
>> hypervisor so it should probably be fully initialized.
>
> should or shall ?
>
>> 
>> Signed-off-by: Nicholas Miehlbradt <nicholas@linux.ibm.com>
>
> Should be a Fixed: tag ?
>
>> ---
>>   drivers/tty/hvc/hvc_vio.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/drivers/tty/hvc/hvc_vio.c b/drivers/tty/hvc/hvc_vio.c
>> index 736b230f5ec0..1e88bfcdde20 100644
>> --- a/drivers/tty/hvc/hvc_vio.c
>> +++ b/drivers/tty/hvc/hvc_vio.c
>> @@ -227,7 +227,7 @@ static const struct hv_ops hvterm_hvsi_ops = {
>>   static void udbg_hvc_putc(char c)
>>   {
>>   	int count = -1;
>> -	unsigned char bounce_buffer[16];
>> +	unsigned char bounce_buffer[16] = { 0 };
>
> Why 16 while we have a count of 1 in the call to hvterm_raw_put_chars() ?

Because hvterm_raw_put_chars() calls hvc_put_chars() which requires a 16
byte buffer, because it passes the buffer directly to firmware which
expects a 16 byte buffer.

It's a pretty horrible calling convention, but I guess it's to avoid
needing another bounce buffer inside hvc_put_chars().

We should probably do the change below, to at least document the
interface better.

cheers


diff --git a/arch/powerpc/include/asm/hvconsole.h b/arch/powerpc/include/asm/hvconsole.h
index ccb2034506f0..0ee7ed019e23 100644
--- a/arch/powerpc/include/asm/hvconsole.h
+++ b/arch/powerpc/include/asm/hvconsole.h
@@ -22,7 +22,7 @@
  * parm is included to conform to put_chars() function pointer template
  */
 extern int hvc_get_chars(uint32_t vtermno, char *buf, int count);
-extern int hvc_put_chars(uint32_t vtermno, const char *buf, int count);
+extern int hvc_put_chars(uint32_t vtermno, const char buf[16], int count);

 /* Provided by HVC VIO */
 void hvc_vio_init_early(void);
diff --git a/arch/powerpc/platforms/pseries/hvconsole.c b/arch/powerpc/platforms/pseries/hvconsole.c
index 1ac52963e08b..c40a82e49d59 100644
--- a/arch/powerpc/platforms/pseries/hvconsole.c
+++ b/arch/powerpc/platforms/pseries/hvconsole.c
@@ -52,7 +52,7 @@ EXPORT_SYMBOL(hvc_get_chars);
  *     firmware. Must be at least 16 bytes, even if count is less than 16.
  * @count: Send this number of characters.
  */
-int hvc_put_chars(uint32_t vtermno, const char *buf, int count)
+int hvc_put_chars(uint32_t vtermno, const char buf[16], int count)
 {
        unsigned long *lbuf = (unsigned long *) buf;
        long ret;
diff --git a/drivers/tty/hvc/hvc_vio.c b/drivers/tty/hvc/hvc_vio.c
index 736b230f5ec0..011b239a7e52 100644
--- a/drivers/tty/hvc/hvc_vio.c
+++ b/drivers/tty/hvc/hvc_vio.c
@@ -115,7 +115,7 @@ static int hvterm_raw_get_chars(uint32_t vtermno, char *buf, int count)
  *       you are sending fewer chars.
  * @count: number of chars to send.
  */
-static int hvterm_raw_put_chars(uint32_t vtermno, const char *buf, int count)
+static int hvterm_raw_put_chars(uint32_t vtermno, const char buf[16], int count)
 {
        struct hvterm_priv *pv = hvterm_privs[vtermno];

next prev parent reply	other threads:[~2023-12-21 12:10 UTC|newest]

Thread overview: 60+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-14  5:55 [PATCH 00/13] kmsan: Enable on powerpc Nicholas Miehlbradt
2023-12-14  5:55 ` Nicholas Miehlbradt
2023-12-14  5:55 ` [PATCH 01/13] kmsan: Export kmsan_handle_dma Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2024-02-19 19:37   ` Christophe Leroy
2024-02-19 19:37     ` Christophe Leroy
2023-12-14  5:55 ` [PATCH 02/13] hvc: Fix use of uninitialized array in udbg_hvc_putc Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  8:36   ` Christophe Leroy
2023-12-14  8:36     ` Christophe Leroy
2023-12-21 12:09     ` Michael Ellerman [this message]
2023-12-21 12:09       ` Michael Ellerman
2023-12-14  5:55 ` [PATCH 03/13] powerpc: Disable KMSAN santitization for prom_init, vdso and purgatory Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  5:55 ` [PATCH 04/13] powerpc: Disable CONFIG_DCACHE_WORD_ACCESS when KMSAN is enabled Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  8:42   ` Christophe Leroy
2023-12-14  8:42     ` Christophe Leroy
2023-12-14  5:55 ` [PATCH 05/13] powerpc: Unpoison buffers populated by hcalls Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  5:55 ` [PATCH 06/13] powerpc/pseries/nvram: Unpoison buffer populated by rtas_call Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  5:55 ` [PATCH 07/13] powerpc/kprobes: Unpoison instruction in kprobe struct Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-15  7:51   ` Naveen N Rao
2023-12-15  7:51     ` Naveen N Rao
2023-12-14  5:55 ` [PATCH 08/13] powerpc: Unpoison pt_regs Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  5:55 ` [PATCH 09/13] powerpc: Disable KMSAN checks on functions which walk the stack Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  9:00   ` Christophe Leroy
2023-12-14  9:00     ` Christophe Leroy
2024-01-10  4:16     ` Nicholas Miehlbradt
2024-01-10  4:16       ` Nicholas Miehlbradt
2023-12-15  9:02   ` Aneesh Kumar K.V
2023-12-15  9:02     ` Aneesh Kumar K.V
2023-12-14  5:55 ` [PATCH 10/13] powerpc: Define KMSAN metadata address ranges for vmalloc and ioremap Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  9:17   ` Christophe Leroy
2023-12-14  9:17     ` Christophe Leroy
2024-01-10  3:54     ` Nicholas Miehlbradt
2024-01-10  3:54       ` Nicholas Miehlbradt
2023-12-15  9:27   ` Aneesh Kumar K.V
2023-12-15  9:27     ` Aneesh Kumar K.V
2023-12-14  5:55 ` [PATCH 11/13] powerpc: Implement architecture specific KMSAN interface Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  9:20   ` Christophe Leroy
2023-12-14  9:20     ` Christophe Leroy
2023-12-14  5:55 ` [PATCH 12/13] powerpc/string: Add KMSAN support Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  9:25   ` Christophe Leroy
2023-12-14  9:25     ` Christophe Leroy
2024-01-10  4:09     ` Nicholas Miehlbradt
2024-01-10  4:09       ` Nicholas Miehlbradt
2023-12-14  5:55 ` [PATCH 13/13] powerpc: Enable KMSAN on powerpc Nicholas Miehlbradt
2023-12-14  5:55   ` Nicholas Miehlbradt
2023-12-14  9:27   ` Christophe Leroy
2023-12-14  9:27     ` Christophe Leroy
2024-02-20  6:39 ` [PATCH 00/13] kmsan: Enable " Christophe Leroy
2024-02-20  6:39   ` Christophe Leroy

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ccb2034506f dfblob:0ee7ed019e2 dfblob:1ac52963e08
dfblob:c40a82e49d5 dfblob:736b230f5ec dfblob:011b239a7e5
dfblob:ccb2034506f dfblob:0ee7ed019e2 dfblob:1ac52963e08
dfblob:c40a82e49d5 dfblob:736b230f5ec dfblob:011b239a7e5 )
 OR (
bs:"Re: [PATCH 02/13] hvc: Fix use of uninitialized array in udbg_hvc_putc" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87frzvlpte.fsf@mail.lhotse \
    --to=mpe@ellerman.id.au \
    --cc=akpm@linux-foundation.org \
    --cc=christophe.leroy@csgroup.eu \
    --cc=dvyukov@google.com \
    --cc=elver@google.com \
    --cc=glider@google.com \
    --cc=iii@linux.ibm.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=nicholas@linux.ibm.com \
    --cc=npiggin@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.