| Message ID | 1668606771-5382-1-git-send-email-khoroshilov@ispras.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp157295wru;
Wed, 16 Nov 2022 06:07:02 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf4icKYc+Qh9YXK4TPTXEDnSfT2nKtfJC/uymADFMKA5k1tuvXCOvowiylMmk4y29ficowBZ
X-Received: by 2002:a17:902:f803:b0:188:602b:8259 with SMTP id
ix3-20020a170902f80300b00188602b8259mr8998303plb.139.1668607622309;
Wed, 16 Nov 2022 06:07:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668607622; cv=none;
d=google.com; s=arc-20160816;
b=gyHynjC5+C1c2g6jLbW5cT8YpuIPscq0QYpI+qFXA77GU96v9SjTdeTM+PWY9+W40q
Ar2D8yPzjfMOT7jsPEwL4oQMPjnDXF3wSnsL6T+lJjMajSzDVKtthdtkxGAVsRG9gxNT
Qe8dig3szCwTEVQhdqpZdRn1a9AAl7pl3uA6lg2sTLzmwe+j4ZEKs3waoTfESWUzbsv8
ZoYCtlRO0HvyZUlFm4yFLnzLNm0Xs0x1+EyAiIs140uR7PrHWVkqReXsGjqmaQ0OQ8T0
Q/l0TvZXiqpTC+PZl89CXCfegPBsckk5pa44z6R0k0xDDv6pEW5ZL02r1c2CoQZ6yi0E
xFaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:message-id:date:subject:cc:to:from
:dkim-signature:dkim-filter;
bh=JxEVrn+CoDPfLQqba4pxYEzAJIOuMvgQmIttHtvn1nE=;
b=wA38igJwG5Jt8ePMnTac4G1Xoqo69bJOXGbwPlZbt7Dj1V+g2LGh+AnCv8ZZ063R17
qIxNASUGwBdDwp3Elm+fro6IQ2LF3bme2ozuj0ob3GxGMsKNSRBfSTUg7/oov4I+WP4e
1qJg9xuJwbFj48VRLtlCRV6a4+8JymVIJPl2DtupKN17SANDDOVWfYeaHaHf+x4HLRzf
0exeyLYt9GjBCESCqjp2V+DFZ6kdTzOfqPC/Ns1MwOUc+FdE6byEeE5sLKajr4ivqgNe
Pp1VrRe5if0Eb54ZFYNFhkRVFtJq0D4lPhLDyqOr/nx50e3tEz+sifYIkETZ6/VDbe0Q
j3IQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=GxRIBPHd;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
a10-20020a17090ae20a00b002008d0b0838si1738156pjz.178.2022.11.16.06.06.43;
Wed, 16 Nov 2022 06:07:02 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=GxRIBPHd;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233490AbiKPN60 (ORCPT <rfc822;just.gull.subs@gmail.com>
+ 99 others); Wed, 16 Nov 2022 08:58:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37848 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233441AbiKPN4a (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 16 Nov 2022 08:56:30 -0500
Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E754347312;
Wed, 16 Nov 2022 05:53:14 -0800 (PST)
Received: from hednb3.intra.ispras.ru (unknown [10.10.2.52])
by mail.ispras.ru (Postfix) with ESMTPSA id 8001040737B7;
Wed, 16 Nov 2022 13:53:10 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 8001040737B7
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru;
s=default; t=1668606790;
bh=JxEVrn+CoDPfLQqba4pxYEzAJIOuMvgQmIttHtvn1nE=;
h=From:To:Cc:Subject:Date:From;
b=GxRIBPHdwORe3YfuO45TguEuwZDn1SBQbbYIORdScBHlLqWH2KaPNlS6IXwA2t33G
Suk07DbARRW/aQ1wVSMB0pJ3Wijv6GtYZ3pZ0dS1qL+gnwmVpZ3wOyoiL+08/WMrO8
c+GhvrD/Jcnb2lBAil85JrLR1GRpCgAwhgqFb9J8=
From: Alexey Khoroshilov <khoroshilov@ispras.ru>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: Alexey Khoroshilov <khoroshilov@ispras.ru>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
lvc-project@linuxtesting.org
Subject: [PATCH] crypto: algapi - fix be32_to_cpu macro call in crypto_inc()
Date: Wed, 16 Nov 2022 16:52:51 +0300
Message-Id: <1668606771-5382-1-git-send-email-khoroshilov@ispras.ru>
X-Mailer: git-send-email 2.7.4
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749661906098470186?=
X-GMAIL-MSGID: =?utf-8?q?1749661906098470186?=
|
| Series |
crypto: algapi - fix be32_to_cpu macro call in crypto_inc()
|
|
Commit Message
Alexey Khoroshilov
Nov. 16, 2022, 1:52 p.m. UTC
be32_to_cpu() macro in some cases may be expanded to an expression
that evaluates its arguments multiple times. Because of the decrement
in argument it has unexpected result in such cases.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Fixes: 7613636def82 ("[CRYPTO] api: Add crypto_inc and crypto_xor")
---
crypto/algapi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
On Wed, Nov 16, 2022 at 04:52:51PM +0300, Alexey Khoroshilov wrote: > be32_to_cpu() macro in some cases may be expanded to an expression > that evaluates its arguments multiple times. When is that, exactly? If that's true, then lots of other places in the kernel would need to be fixed too. Try running: git grep -E '[bl]e(16|32|64)_to_cpu\([^)]+\+\+\)' If true, then it would be much better to fix the macros. But more likely is that there isn't actually any problem. - Eric
On 16.11.2022 20:39, Eric Biggers wrote: > On Wed, Nov 16, 2022 at 04:52:51PM +0300, Alexey Khoroshilov wrote: >> be32_to_cpu() macro in some cases may be expanded to an expression >> that evaluates its arguments multiple times. > > When is that, exactly? I considered the path #define be32_to_cpu __be32_to_cpu #define __be32_to_cpu(x) __swab32((__force __u32)(__be32)(x)) #define __swab32(x) \ (__builtin_constant_p((__u32)(x)) ? \ ___constant_swab32(x) : \ __fswab32(x)) #define ___constant_swab32(x) ((__u32)( \ (((__u32)(x) & (__u32)0x000000ffUL) << 24) | \ (((__u32)(x) & (__u32)0x0000ff00UL) << 8) | \ (((__u32)(x) & (__u32)0x00ff0000UL) >> 8) | \ (((__u32)(x) & (__u32)0xff000000UL) >> 24))) But you are right, it is protected by __builtin_constant_p() that prevents that for memory access. > If that's true, then lots of other places in the kernel would need to be fixed > too. Try running: > > git grep -E '[bl]e(16|32|64)_to_cpu\([^)]+\+\+\)' > > If true, then it would be much better to fix the macros. And yes, anyway it makes sense to keep for be32_to_cpu()-like function macro a contract to handle its arguments as a plain function. Thanks, Alexey
diff --git a/crypto/algapi.c b/crypto/algapi.c index 5c69ff8e8fa5..18f14aed1658 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -987,7 +987,8 @@ void crypto_inc(u8 *a, unsigned int size) if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) || IS_ALIGNED((unsigned long)b, __alignof__(*b))) for (; size >= 4; size -= 4) { - c = be32_to_cpu(*--b) + 1; + b--; + c = be32_to_cpu(*b) + 1; *b = cpu_to_be32(c); if (likely(c)) return;