Re: [PATCH] powerpc/uaccess: Fix inline assembly for clang build on PPC32

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Segher Boessenkool <segher@kernel.crashing.org>
To: David Laight <david.laight.linux@gmail.com>
Cc: "Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
	Madhavan Srinivasan <maddy@linux.ibm.com>,
	Michael Ellerman <mpe@ellerman.id.au>,
	Nicholas Piggin <npiggin@gmail.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Nick Desaulniers <nick.desaulniers+lkml@gmail.com>,
	Bill Wendling <morbo@google.com>,
	Justin Stitt <justinstitt@google.com>,
	linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	llvm@lists.linux.dev, kernel test robot <lkp@intel.com>
Subject: Re: [PATCH] powerpc/uaccess: Fix inline assembly for clang build on PPC32
Date: Tue, 3 Feb 2026 18:13:35 -0600	[thread overview]
Message-ID: <aYKPL-KME9KnRoA7@gate> (raw)
In-Reply-To: <20260203221939.059bb903@pumpkin>

Hi!

On Tue, Feb 03, 2026 at 10:19:39PM +0000, David Laight wrote:
> On Tue,  3 Feb 2026 08:30:41 +0100
> "Christophe Leroy (CS GROUP)" <chleroy@kernel.org> wrote:
> 
> > Test robot reports the following error with clang-16.0.6:
> > 
> >    In file included from kernel/rseq.c:75:
> >    include/linux/rseq_entry.h:141:3: error: invalid operand for instruction
> >                    unsafe_get_user(offset, &ucs->post_commit_offset, efault);
> >                    ^
> >    include/linux/uaccess.h:608:2: note: expanded from macro 'unsafe_get_user'
> >            arch_unsafe_get_user(x, ptr, local_label);      \
> >            ^
> >    arch/powerpc/include/asm/uaccess.h:518:2: note: expanded from macro 'arch_unsafe_get_user'
> >            __get_user_size_goto(__gu_val, __gu_addr, sizeof(*(p)), e); \
> >            ^
> >    arch/powerpc/include/asm/uaccess.h:284:2: note: expanded from macro '__get_user_size_goto'
> >            __get_user_size_allowed(x, ptr, size, __gus_retval);    \
> >            ^
> >    arch/powerpc/include/asm/uaccess.h:275:10: note: expanded from macro '__get_user_size_allowed'
> >            case 8: __get_user_asm2(x, (u64 __user *)ptr, retval);  break;  \
> >                    ^
> >    arch/powerpc/include/asm/uaccess.h:258:4: note: expanded from macro '__get_user_asm2'
> >                    "       li %1+1,0\n"                    \
> >                     ^
> >    <inline asm>:7:5: note: instantiated into assembly here
> >            li 31+1,0
> >               ^
> >    1 error generated.
> > 
> > On PPC32, for 64 bits vars a pair of registers is used. Usually the
> > lower register in the pair is the high part and the higher register is
> > the low part. GCC uses r3/r4 ... r11/r12 ... r14/r15 ... r30/r31
> > 
> > In older kernel code inline assembly was using %1 and %1+1 to represent
> > 64 bits values. However here it looks like clang uses r31 as high part,
> > allthough r32 doesn't exist hence the error.
> > 
> > Allthoug %1+1 should work, most places now use %L1 instead of %1+1, so
> > let's do the same here.
> > 
> > With that change, the build doesn't fail anymore and a disassembly shows
> > clang uses r17/r18 and r31/r14 pair when GCC would have used r16/r17 and
> > r30/r31:
> 
> Isn't it all horribly worse than that?
> It only failed because clang picked r31, but if can pick two non-adjacent
> registers might it not pick any pair.
> In which case there could easily be a 64bit get_user() that reads an incorrect
> value and corrupts another register.
> Find one and you might have a privilege escalation.

I don't think LLVM is that broken, it only has problems for some edge
cases.  Yes, I might expect too much.  But without proof to the contrary
let's assume things are okay :-)

And, worrying.  But what can we do against it!  Other than never ever
use LLVM for anything serious, of course.


Segher

next prev parent reply	other threads:[~2026-02-04  0:14 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-03  7:30 [PATCH] powerpc/uaccess: Fix inline assembly for clang build on PPC32 Christophe Leroy (CS GROUP)
2026-02-03 20:55 ` Nathan Chancellor
2026-02-03 22:19 ` David Laight
2026-02-04  0:13   ` Segher Boessenkool [this message]
2026-02-03 22:28 ` Segher Boessenkool
2026-03-11  2:13 ` Madhavan Srinivasan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aYKPL-KME9KnRoA7@gate \
    --to=segher@kernel.crashing.org \
    --cc=chleroy@kernel.org \
    --cc=david.laight.linux@gmail.com \
    --cc=justinstitt@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=lkp@intel.com \
    --cc=llvm@lists.linux.dev \
    --cc=maddy@linux.ibm.com \
    --cc=morbo@google.com \
    --cc=mpe@ellerman.id.au \
    --cc=nathan@kernel.org \
    --cc=nick.desaulniers+lkml@gmail.com \
    --cc=npiggin@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.