From: "Michael S. Tsirkin" <mst@redhat.com>
To: Chris Metcalf <cmetcalf@ezchip.com>
Cc: linux-kernel@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
linux-arch@vger.kernel.org
Subject: Re: [PATCH v2 23/40] tile: enable sparse checks for get/put_user
Date: Tue, 13 Jan 2015 11:45:54 +0200 [thread overview]
Message-ID: <20150113094554.GB4434@redhat.com> (raw)
In-Reply-To: <54B46204.1010003@ezchip.com>
On Mon, Jan 12, 2015 at 07:08:36PM -0500, Chris Metcalf wrote:
> On 1/6/2015 10:44 AM, Michael S. Tsirkin wrote:
> >Tile currently does not trigger sparse warnings when get_user
> >causes an illegal assignment across bitwise types.
> >
> >For example:
> >
> >__le32 __user *p;
> >__u32 x;
> >put_user(x, p);
> >
> >violates endian-ness rules, but currently does not trigger sparse
> >warning on tile.
> >
> >Fix this by adding some dead code.
> >
> >Signed-off-by: Michael S. Tsirkin<mst@redhat.com>
> >---
> > arch/tile/include/asm/uaccess.h | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> >diff --git a/arch/tile/include/asm/uaccess.h b/arch/tile/include/asm/uaccess.h
> >index 22cffa1..03d905c 100644
> >--- a/arch/tile/include/asm/uaccess.h
> >+++ b/arch/tile/include/asm/uaccess.h
> >@@ -218,6 +218,8 @@ extern int __get_user_bad(void)
> > case 8: __get_user_8(x, ptr, __ret); break; \
> > default: __ret = __get_user_bad(); break; \
> > } \
> >+ if (0) \
> >+ x = *(__force typeof(*ptr) *)(ptr); \
> > __ret; \
> > })
>
> The "if (0)" suggestion is cute, but pretty hacky :-)
>
> Here's a revised change that may fix both of your sparse concerns with
> tile, without having to give up the optimized 64-bit get/put on tilepro.
> Would this fix both the issue discussed in this change, as well as the
> issue in the previous change (where you removed the typeof(x-x) cast)?
The patches look good, thanks! they are almost there, however, they do
not completely resolve the issue that my patch 1 tried (incorrectly) to
fix: namely x being a bitwise type. Comments below.
> The key changes are to copy the x86 definition of __inttype(), and then to
> arrange to use an intermediate integral type that gets assigned to or from
> the actual typed value so as to expose any sparse issues.
>
> If this works for you, I'm happy to queue it in the tile tree, or I can
> provide a proper git commit for you to include in your series, whichever
> works better for you.
Please queue it up for 3.20. Extra __force is needed in a couple of
places - would you like to fix this up yourself, or do you want me to
write a patch on top?
> --- a/arch/tile/include/asm/uaccess.h
> +++ b/arch/tile/include/asm/uaccess.h
> @@ -114,14 +114,14 @@ struct exception_table_entry {
> extern int fixup_exception(struct pt_regs *regs);
>
> /*
> + * This is a type: either unsigned long, if the argument fits into
> + * that type, or otherwise unsigned long long.
> + */
> +#define __inttype(x) \
> + __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
> +
> +/*
> * Support macros for __get_user().
> - *
> - * Implementation note: The "case 8" logic of casting to the type of
> - * the result of subtracting the value from itself is basically a way
> - * of keeping all integer types the same, but casting any pointers to
> - * ptrdiff_t, i.e. also an integer type. This way there are no
> - * questionable casts seen by the compiler on an ILP32 platform.
> - *
> * Note that __get_user() and __put_user() assume proper alignment.
> */
>
> @@ -178,7 +178,7 @@ extern int fixup_exception(struct pt_regs *regs);
> "9:" \
> : "=r" (ret), "=r" (__a), "=&r" (__b) \
> : "r" (ptr), "i" (-EFAULT)); \
> - (x) = (__typeof(x))(__typeof((x)-(x))) \
> + (x) = (__typeof(x))(__inttype(x)) \
> (((u64)__hi32(__a, __b) << 32) | \
> __lo32(__a, __b)); \
> })
This cast to __typeof(x) needs to be done with __force, otherwise
there will be a warning with bitwise types.
> @@ -210,14 +210,16 @@ extern int __get_user_bad(void)
> #define __get_user(x, ptr) \
> ({ \
> int __ret; \
> + __inttype(*(ptr)) __x; \
> __chk_user_ptr(ptr); \
> switch (sizeof(*(ptr))) { \
> - case 1: __get_user_1(x, ptr, __ret); break; \
> - case 2: __get_user_2(x, ptr, __ret); break; \
> - case 4: __get_user_4(x, ptr, __ret); break; \
> - case 8: __get_user_8(x, ptr, __ret); break; \
> + case 1: __get_user_1(__x, ptr, __ret); break; \
> + case 2: __get_user_2(__x, ptr, __ret); break; \
> + case 4: __get_user_4(__x, ptr, __ret); break; \
> + case 8: __get_user_8(__x, ptr, __ret); break; \
> default: __ret = __get_user_bad(); break; \
> } \
> + (x) = (typeof(x))__x; \
And this one too.
> __ret; \
> })
>
> @@ -246,7 +248,7 @@ extern int __get_user_bad(void)
> #define __put_user_4(x, ptr, ret) __put_user_asm(sw, x, ptr, ret)
> #define __put_user_8(x, ptr, ret) \
> ({ \
> - u64 __x = (__typeof((x)-(x)))(x); \
> + u64 __x = (__inttype(x))(x); \
And this cast to __inttype too.
> int __lo = (int) __x, __hi = (int) (__x >> 32); \
> asm volatile("1: { sw %1, %2; addi %0, %1, 4 }\n" \
> "2: { sw %0, %3; movei %0, 0 }\n" \
> @@ -289,12 +291,13 @@ extern int __put_user_bad(void)
> #define __put_user(x, ptr) \
> ({ \
> int __ret; \
> + typeof(*(ptr)) __x = (x); \
> __chk_user_ptr(ptr); \
> switch (sizeof(*(ptr))) { \
> - case 1: __put_user_1(x, ptr, __ret); break; \
> - case 2: __put_user_2(x, ptr, __ret); break; \
> - case 4: __put_user_4(x, ptr, __ret); break; \
> - case 8: __put_user_8(x, ptr, __ret); break; \
> + case 1: __put_user_1(__x, ptr, __ret); break; \
> + case 2: __put_user_2(__x, ptr, __ret); break; \
> + case 4: __put_user_4(__x, ptr, __ret); break; \
> + case 8: __put_user_8(__x, ptr, __ret); break; \
> default: __ret = __put_user_bad(); break; \
> } \
> __ret; \
>
> --
> Chris Metcalf, EZChip Semiconductor
> http://www.ezchip.com
next prev parent reply other threads:[~2015-01-13 9:46 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-06 15:43 [PATCH v2 00/40] uaccess: fix sparse warning on get/put_user for bitwise types Michael S. Tsirkin
2015-01-06 15:43 ` [PATCH v2 01/40] x86/uaccess: fix sparse errors Michael S. Tsirkin
2015-01-13 12:33 ` Thomas Gleixner
2015-01-06 15:43 ` [PATCH v2 02/40] alpha/uaccess: " Michael S. Tsirkin
2015-01-06 15:43 ` [PATCH v2 03/40] arm64/uaccess: " Michael S. Tsirkin
2015-01-06 19:14 ` Will Deacon
2015-01-06 21:48 ` Michael S. Tsirkin
2015-01-06 21:51 ` Michael S. Tsirkin
2015-01-07 10:09 ` Will Deacon
2015-01-06 15:43 ` [PATCH v2 04/40] avr32/uaccess: " Michael S. Tsirkin
2015-01-06 15:43 ` [PATCH v2 05/40] blackfin/uaccess: " Michael S. Tsirkin
2015-01-06 15:43 ` [PATCH v2 06/40] cris/uaccess: " Michael S. Tsirkin
2015-01-27 16:27 ` Jesper Nilsson
2015-01-06 15:43 ` [PATCH v2 07/40] ia64/uaccess: " Michael S. Tsirkin
2015-01-06 15:43 ` [PATCH v2 08/40] m32r/uaccess: " Michael S. Tsirkin
2015-01-06 15:43 ` [PATCH v2 09/40] metag/uaccess: " Michael S. Tsirkin
2015-01-07 9:47 ` James Hogan
2015-01-07 9:55 ` Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 10/40] microblaze/uaccess: " Michael S. Tsirkin
2015-01-07 10:14 ` Michal Simek
2015-01-06 15:44 ` [PATCH v2 11/40] openrisc/uaccess: " Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 12/40] parisc/uaccess: " Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 13/40] sh/uaccess: " Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 14/40] sparc32/uaccess: " Michael S. Tsirkin
2015-01-06 18:21 ` David Miller
2015-01-06 15:44 ` [PATCH v2 15/40] sparc64/uaccess: " Michael S. Tsirkin
2015-01-06 18:21 ` David Miller
2015-01-06 15:44 ` [PATCH v2 16/40] m68k/uaccess: " Michael S. Tsirkin
2015-01-07 10:38 ` Geert Uytterhoeven
2015-01-06 15:44 ` [PATCH v2 17/40] arm: fix put_user " Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 18/40] blackfin: " Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 19/40] ia64: " Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 20/40] metag: " Michael S. Tsirkin
2015-01-07 9:55 ` James Hogan
2015-01-06 15:44 ` [PATCH v2 21/40] sh: " Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 22/40] tile: " Michael S. Tsirkin
2015-01-12 21:56 ` Chris Metcalf
2015-01-13 9:35 ` Michael S. Tsirkin
2015-01-13 9:40 ` Michael S. Tsirkin
2015-01-13 13:30 ` Chris Metcalf
2015-01-13 9:50 ` Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 23/40] tile: enable sparse checks for get/put_user Michael S. Tsirkin
2015-01-13 0:08 ` Chris Metcalf
2015-01-13 9:45 ` Michael S. Tsirkin [this message]
2015-01-13 15:55 ` Chris Metcalf
2015-01-13 16:05 ` Michael S. Tsirkin
2015-01-06 15:44 ` [PATCH v2 24/40] avr32: whitespace fix Michael S. Tsirkin
2015-01-07 6:50 ` Hans-Christian Egtvedt
2015-01-06 15:44 ` [PATCH v2 25/40] arch/sparc: uaccess_32 macro whitespace fixes Michael S. Tsirkin
2015-01-06 18:22 ` David Miller
2015-01-06 15:44 ` [PATCH v2 26/40] arch/sparc: uaccess_64 " Michael S. Tsirkin
2015-01-06 16:53 ` Sam Ravnborg
2015-01-06 17:19 ` Michael S. Tsirkin
2015-01-06 18:27 ` Sam Ravnborg
2015-01-06 20:23 ` Michael S. Tsirkin
2015-01-06 20:46 ` Sam Ravnborg
2015-01-06 21:44 ` Michael S. Tsirkin
2015-01-06 18:22 ` David Miller
2015-01-06 15:45 ` [PATCH v2 27/40] blackfin: " Michael S. Tsirkin
2015-01-06 15:45 ` [PATCH v2 28/40] microblaze: whitespace fix Michael S. Tsirkin
2015-01-07 10:14 ` Michal Simek
2015-01-06 15:45 ` [PATCH v2 29/40] alpha: macro whitespace fixes Michael S. Tsirkin
2015-01-06 15:45 ` [PATCH v2 30/40] arm: " Michael S. Tsirkin
2015-01-06 15:45 ` [PATCH v2 31/40] arm64: " Michael S. Tsirkin
2015-01-07 10:10 ` Will Deacon
2015-01-06 15:45 ` [PATCH v2 32/40] avr32: " Michael S. Tsirkin
2015-01-07 6:52 ` Hans-Christian Egtvedt
2015-01-06 15:45 ` [PATCH v2 33/40] cris: " Michael S. Tsirkin
2015-01-27 16:28 ` Jesper Nilsson
2015-01-06 15:45 ` [PATCH v2 34/40] frv: " Michael S. Tsirkin
2015-01-06 15:45 ` [PATCH v2 35/40] m32r: " Michael S. Tsirkin
2015-01-06 15:45 ` [PATCH v2 36/40] m68k: " Michael S. Tsirkin
2015-01-07 9:56 ` Geert Uytterhoeven
2015-01-06 15:45 ` [PATCH v2 37/40] parisc: " Michael S. Tsirkin
2015-01-06 15:45 ` [PATCH v2 38/40] s390: " Michael S. Tsirkin
2015-01-07 8:33 ` Heiko Carstens
2015-01-07 9:07 ` Michael S. Tsirkin
2015-01-06 15:45 ` [PATCH v2 39/40] sh: " Michael S. Tsirkin
2015-01-06 15:45 ` [PATCH v2 40/40] xtensa: " Michael S. Tsirkin
2015-01-06 23:12 ` Max Filippov
2015-01-06 19:08 ` [PATCH v2 00/40] uaccess: fix sparse warning on get/put_user for bitwise types Arnd Bergmann
2015-01-06 21:54 ` Michael S. Tsirkin
2015-01-11 11:55 ` Michael S. Tsirkin
2015-01-13 10:19 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150113094554.GB4434@redhat.com \
--to=mst@redhat.com \
--cc=arnd@arndb.de \
--cc=cmetcalf@ezchip.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).