From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4CEC3921ED for ; Wed, 25 Feb 2026 10:11:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772014285; cv=none; b=pj60D5N800ejBn1HfJ9yNUPMSGnReOkKpNFhdKyaNi4IxjGjtD9XB3qOTwtPnWEpsDxyuJT6YGSnegbQPBLgdvnc5rnZKuLNIxSwlCzWN3zMzDZ68vSqkeD1mYH7dqLbsU3raMsf8DHp/ZrB/4LCDBZU2+k2B8R8YyRYFaFvkoQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772014285; c=relaxed/simple; bh=tDMxpmvWd64wiFW5JbTOxxEAgZ1+dPmVrDH1cmiS8Vs=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=d4KRpI9cFViENOAFbKPHnx1JQ6ygucTbfvCIWFgomNzeVrRgJSs7og/TDopd7bwNxDFWmgkYWV6j32T6jNfTFjHpZRETDj7Y5XGa6j8M2IXBF7tUQYAPjuAkCV4Wv2bRLr77FvyPA7HzJr51wGu1zQ+AMfoNOsleRYnn5X6oOic= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Jbo4rFgK; arc=none smtp.client-ip=209.85.221.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Jbo4rFgK" Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-4398f8403edso397466f8f.1 for ; Wed, 25 Feb 2026 02:11:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772014281; x=1772619081; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=1G1yT2ul3Ys8XiUmvDO5GBct2G1otswN0+Cj5PpvnD8=; b=Jbo4rFgKT+myuYJlBAECpNRoJYoRpy3vpgxyjCC5SqMMuJVvQ9uhSbrPgzFF/i9Sff Iziwl97ybXk396gzAkAJFytHh1Dlh9jmWWAbKK81xGivi+EsrZPFycvV0J/OeN1GsOx2 4uZmQEV9DjggiE7AGmb4XqBd8qRyg3HzdbFCvSYPDdNb7P4AHivpmg1FUnYW8ZnMoKkR eChttgfyBmq9kVJ5Q7Jauv0UZlW7dmeIo2SAJvjSFeJTr7Y6JJqKkh//pFyXYxFgxKJ5 IqpzgzMcT9xWUXsLcO0IveXL4QFooOBpiBLJGhcb60CFi7YdR3eqw9Ohe0+FTHE1K5r+ ZvBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772014281; x=1772619081; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=1G1yT2ul3Ys8XiUmvDO5GBct2G1otswN0+Cj5PpvnD8=; b=ifePZJGQbccinSJoMybo0jllcTdkCX2w6hGnuLU97p2Te8TPKFpMObYT84oW17J1TV rdUmPM6JYbGQL0W9T9/gJSyOC64yXSe7zTa+oxj1CEWiB5mRGa8bWgoy21PGYPOrA0bK 0oyBUu9IG9buegYACkGGF9fhYJ+vybBqZxPYWyNYaxgpEaNyab0uRRO/ha1bYJ2CIZv/ qVWj/TRFC7VmPrWvr4XwAmCWylrdmvppWv/kKTL9vlSBc8uiy0axC9ILQVL58C5Nd6zt bEhP4Svqf/2jUJA/41otb2RLfBqjB9lzA4T1auEkWuYvrTGShHMo6Nqsuf2NHwDPH2g8 zg5Q== X-Forwarded-Encrypted: i=1; AJvYcCXpRn6iXy09UXQeHdmFwUvSCZnPmXEWFGMOkm5pTOmShZCMBUiYizw6pU1DyMA7T/U3f5HVmSXGm59KpAM=@vger.kernel.org X-Gm-Message-State: AOJu0YyhNqZnkMKgrGq5XNZ1X+J09+2C0erLl+5Otq0bGEl2/o8QIviM pHCF6sGg3/08pZSTo4VzX5qXM1qO/aZ3zc1gas1Sio/GOm7WoNagWtxq X-Gm-Gg: ATEYQzzDktO6sBqgJHzjznHFP5oXCta2l3s0j8Fg3QPkAxcB97h1zKrqM5F2LSC8+4R gmLM1XFC3ZKPSn2jTNG9TseHbGTvoh1o2Pt7jcEBAFzakPp13DNz5bfTPKqMFUJ+BtBYYIQh6Dy bQDY54DM8V05OOkoLNGYHO0L8PPwDV64Mv32LeOX1EoVcC3akCLXv3UmpkPz5vhwLNXRxuqeCaK m1qeYTMIJ32DQLKyIvVyTpXjbQu7NMr0/7uJJ+5AhBemKv58nolZWH8S/RKhmvZg9a7H6GCeLUQ wKKkSK/YTuxl5T0AoQcIdhPCd/6uDu2TNdxJgdAMgkA24d5ZHuF0jdDDVxYaEODuohDTU/kakF1 ++e4kOfQN9JPkiT8JV+4vIOWUUs1F3UL7PNCJ6+feqDSgsYVSQO48NhpPhF1Gl2O3bu/dXFjNY+ Ikr3iwsH4tc9Knd9hX26kWS37ndFAwcH9d+mCXTjew8KRxHLl2eN3vhaY6dmzcRmaT X-Received: by 2002:a05:6000:40c9:b0:436:3707:2bf0 with SMTP id ffacd0b85a97d-4398faefc72mr2663789f8f.35.1772014280726; Wed, 25 Feb 2026 02:11:20 -0800 (PST) Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43970d4c977sm35315573f8f.32.2026.02.25.02.11.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Feb 2026 02:11:20 -0800 (PST) Date: Wed, 25 Feb 2026 10:11:19 +0000 From: David Laight To: Fuad Tabba Cc: Andy Shevchenko , Kees Cook , Andy Shevchenko , Andrew Morton , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, will@kernel.org Subject: Re: [PATCH] lib/string: Fix UBSAN misaligned access in sized_strscpy Message-ID: <20260225101119.0481a005@pumpkin> In-Reply-To: References: <20260224170427.2296592-1-tabba@google.com> <20260224230637.38f93836@pumpkin> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 25 Feb 2026 08:33:01 +0000 Fuad Tabba wrote: > Hi David, > > On Tue, 24 Feb 2026 at 23:06, David Laight wrote: > > > > On Tue, 24 Feb 2026 17:54:07 +0000 > > Fuad Tabba wrote: > > > > > Hi Andy, > > > > > > On Tue, 24 Feb 2026 at 17:21, Andy Shevchenko > > > wrote: > > > > > > > > On Tue, Feb 24, 2026 at 05:04:27PM +0000, Fuad Tabba wrote: > > > > > sized_strscpy() performs word-at-a-time writes to the destination > > > > > buffer. If the destination buffer is not aligned to unsigned long, > > > > > direct assignment causes UBSAN misaligned-access errors. > > > > > > > > > > Use put_unaligned() to safely write the words to the destination. > > > > > > > > Have you measured the performance impact? > > > > > > Not directly. I verified the disassembly for both x86_64 and aarch64. > > > On x86_64, both the raw pointer cast and put_unaligned() compile down > > > to mov %rdi,(%rsi). On aarch64, both compile to str x0, [x1]. > > > > What happens on cpu that trap misaligned accesses (eg sparc64)? > > put_unaligned() exists because it can be horrid. > > To be honest, I hadn't considered this until now. But looking at it, I > believe that the existing guards in sized_strscpy() already protect > architectures like sparc from the unaligned paths you are concerned > about. Looking at the code and configs, these do not select > CONFIG_DCACHE_WORD_ACCESS nor CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS. > Because of this, they fall into the #else block early in > sized_strscpy(): > > #ifndef CONFIG_DCACHE_WORD_ACCESS > #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS > ... > #else > /* If src or dest is unaligned, don't do word-at-a-time. */ > if (((long) dest | (long) src) & (sizeof(long) - 1)) > max = 0; > #endif > #endif > > If either dest or src is unaligned, max is set to 0. This bypasses the > loop with put_unaligned(). I checked by compiling this for sparc: if > aligned, the compiler sees that, and optimizes it into an 8-byte store > (stx %i0, [%i1]), identical to the raw pointer cast. That very much depends on the exactly how get/put_unaligned are implemented (and the behaviour of the compiler). ISTR something about not using 'casts to packed types' for the them, which might cause the compiler to generate other code. (Brain can't quite remember...) David > > So this patch shouldn't introduce memcpy fallback penalties on sparc, > but it still fixes the UB on architectures like x86 and arm64. > > Cheers, > /fuad > > > David > > > > > > > > > Have you read the comment near to > > > > > > > > if (IS_ENABLED(CONFIG_KMSAN)) > > > > > > Not until now to be honest. However, are you asking whether > > > put_unaligned() breaks KMSAN? I don't think it does, max is set to 0 > > > when KMSAN is enabled, this entire while loop is bypassed. > > > > > > Thanks, > > > /fuad > > > > > > > ? > > > > > > > > -- > > > > With Best Regards, > > > > Andy Shevchenko > > > > > > > > > > > > > >