| Message ID | 20230517181353.381073-1-kursad.oney@broadcom.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1337148vqo;
Wed, 17 May 2023 11:25:22 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ7qcvlNyqSLCAnytRGnfMtGEfEvjadT3uDyovNjsdlss+h4L7RYMiNB/q3ablju594NbvTj
X-Received: by 2002:a17:902:ce87:b0:1ae:55c8:6b60 with SMTP id
f7-20020a170902ce8700b001ae55c86b60mr3172635plg.1.1684347921512;
Wed, 17 May 2023 11:25:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1684347921; cv=none;
d=google.com; s=arc-20160816;
b=CDLbXhQUI3uQSFGxVG8kpMd6PwEh36FwKrKN2ZJtDQ2Is4Q60iA0ZFA6hSzG8gSWe9
UU5U4B26YlY/oPINxL4BDS1R5ykWD2hud06XLKA3yOGqZJTLweQP/MBftNcjFC9jWG0Z
1EZtYJq2JYGhEEiNixASf0ycuq/jQfAHCe8gq58tE4DhAcsk9pMlS6FngfWk6zGzlGdr
4AlZXNZKJtvJwxqZkk9xIkB/8QV6bka57yYLzg5aaoZ7Sd+ONFctK+69RAPyTf+EGqCR
hhY/lHBqNeBQsQJwF4UBTQ2icsa1sLJxingFObQ3c4p6y63VFEslpoG6m9kP+6MGtsZi
9UZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from
:dkim-signature;
bh=L4QygZnsbOUPK7E7vLPerRHsg5Kt1xx+cSpKL8h6YOg=;
b=HK4TGnsp3w3T0oZrnqHkipNnvfUbD+TAVMR3c13lZy/XVOQVQBDgT4bQ7lgg9I3g5Y
p9dSitmsa6kmjoQBgI79PLVusbRsUceXxnubcdPVB6n28vt0tsJ6YePY/CsU7I+QMMDd
FGPtDycc0SqILx88UbZOAjsf0TyKUAmdgjAy59RobTpKRXhoN0XyyeaXZ8AvA1w3zQMc
NTGZwf6FqQeYAtb9Tc+8/nsAR/1mxGThMFOAvzDfWWcGrZ/w3dETVFqS/NyBiQ4FEb6a
kQHBZRSEvaJB701cSld8vF6Fg4qqrCVd5OHI2+lSnSbUykc4y2pUl3bbJFkmrIOMG7Wl
3Eww==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@broadcom.com header.s=google header.b=VWiA9Y60;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=broadcom.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
t3-20020a170902bc4300b001ae21cd0fafsi6797729plz.38.2023.05.17.11.25.05;
Wed, 17 May 2023 11:25:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@broadcom.com header.s=google header.b=VWiA9Y60;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=broadcom.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230060AbjEQSO1 (ORCPT <rfc822;abdi.embedded@gmail.com>
+ 99 others); Wed, 17 May 2023 14:14:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46682 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229720AbjEQSOY (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 17 May 2023 14:14:24 -0400
Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com
[IPv6:2607:f8b0:4864:20::62e])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F31567D9C
for <linux-kernel@vger.kernel.org>;
Wed, 17 May 2023 11:14:12 -0700 (PDT)
Received: by mail-pl1-x62e.google.com with SMTP id
d9443c01a7336-1ae52ce3205so7468045ad.3
for <linux-kernel@vger.kernel.org>;
Wed, 17 May 2023 11:14:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=broadcom.com; s=google; t=1684347252; x=1686939252;
h=mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject
:date:message-id:reply-to;
bh=L4QygZnsbOUPK7E7vLPerRHsg5Kt1xx+cSpKL8h6YOg=;
b=VWiA9Y60DudNFO0jMJul+tY+Y1RXISdEN+2jdhYZxquBjnPI4GbrE880tZlu7kSiB3
xCnIgZTFZHqLFMC+GLgdqCMXUdRc3tFTmos8q0Xj7zInJjpNqENTChqoeaDAaXDhDEhF
QqZ/a2FRJ+XvVtcDfWpE4nTi4zk+/JuW3UqUI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1684347252; x=1686939252;
h=mime-version:message-id:date:subject:cc:to:from:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=L4QygZnsbOUPK7E7vLPerRHsg5Kt1xx+cSpKL8h6YOg=;
b=Wu63Eh3AXRPSCiAb+kMShW2cqEA69ixtU5MypkjFm6swdJf269SmSrr6+ZJCBfQ+qr
i/gotf4Syce12aCx2GgCVG4zvcjWO4GuTb8ntq5cD1w8gGNBZ+IYGkeyTvGAQJ/MMfr+
+iXCmU/vaPgjAqpgFBnwYX6vSH7HG1p/wOufvbh/BOPiYmozIs47YC7LWoa8TsnvcMtm
fHR7kHNoac/UzeWQszA5etDTLtlhLrFFf5XacpyZlckhRZyUMXVFL3b0GEtWtCwpRWrd
J6rAuCBuQDm7F204YI9IK+6yB9nN+V2bqpMIdbs7S4tq/nCuKDxui1A48jmo95QqLPcU
dzQQ==
X-Gm-Message-State: AC+VfDwjao+NmZcGb4PByHq+L2UoIq5FqYRYIhTguG1D5OEg/HIHjVX2
whgf2e2dfmUMuvHAdF/6iu3huw==
X-Received: by 2002:a17:903:234f:b0:1ae:bf5:7b5 with SMTP id
c15-20020a170903234f00b001ae0bf507b5mr15915501plh.34.1684347252392;
Wed, 17 May 2023 11:14:12 -0700 (PDT)
Received: from bld-lvn-bcawlan-30.lvn.broadcom.net ([192.19.161.250])
by smtp.gmail.com with ESMTPSA id
w3-20020a1709027b8300b001ae626d051bsm205400pll.70.2023.05.17.11.14.11
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Wed, 17 May 2023 11:14:11 -0700 (PDT)
From: Kursad Oney <kursad.oney@broadcom.com>
To: linux-arm-kernel@lists.infradead.org
Cc: BCM Kernel Feedback <bcm-kernel-feedback-list@broadcom.com>,
Kursad Oney <kursad.oney@broadcom.com>,
Russell King <linux@armlinux.org.uk>,
linux-kernel@vger.kernel.org
Subject: [PATCH] ARM: memset: cast the constant byte to unsigned char
Date: Wed, 17 May 2023 14:13:52 -0400
Message-Id: <20230517181353.381073-1-kursad.oney@broadcom.com>
X-Mailer: git-send-email 2.37.3
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha-256;
boundary="000000000000ad6c6905fbe7a79d"
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MIME_NO_TEXT,
RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,
URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1766166806340663005?=
X-GMAIL-MSGID: =?utf-8?q?1766166806340663005?=
|
| Series |
ARM: memset: cast the constant byte to unsigned char
|
|
Commit Message
Kursad Oney
May 17, 2023, 6:13 p.m. UTC
memset() description in ISO/IEC 9899:1999 (and elsewhere) says:
The memset function copies the value of c (converted to an
unsigned char) into each of the first n characters of the
object pointed to by s.
The kernel's arm32 memset does not cast c to unsigned char. This results
in the following code to produce erroneous output:
char a[128];
memset(a, -128, sizeof(a));
This is because gcc will generally emit the following code before
it calls memset() :
mov r0, r7
mvn r1, #127 ; 0x7f
bl 00000000 <memset>
r1 ends up with 0xffffff80 before being used by memset() and the
'a' array will have -128 once in every four bytes while the other
bytes will be set incorrectly to -1 like this (printing the first
8 bytes) :
test_module: -128 -1 -1 -1
test_module: -1 -1 -1 -128
The change here is to 'and' r1 with 255 before it is used.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kursad Oney <kursad.oney@broadcom.com>
---
arch/arm/lib/memset.S | 1 +
1 file changed, 1 insertion(+)
Comments
Hi Ard, On Wed, May 17, 2023 at 2:14 PM Kursad Oney <kursad.oney@broadcom.com> wrote: > > memset() description in ISO/IEC 9899:1999 (and elsewhere) says: > > The memset function copies the value of c (converted to an > unsigned char) into each of the first n characters of the > object pointed to by s. > > The kernel's arm32 memset does not cast c to unsigned char. This results > in the following code to produce erroneous output: > > char a[128]; > memset(a, -128, sizeof(a)); > > This is because gcc will generally emit the following code before > it calls memset() : > > mov r0, r7 > mvn r1, #127 ; 0x7f > bl 00000000 <memset> > > r1 ends up with 0xffffff80 before being used by memset() and the > 'a' array will have -128 once in every four bytes while the other > bytes will be set incorrectly to -1 like this (printing the first > 8 bytes) : > > test_module: -128 -1 -1 -1 > test_module: -1 -1 -1 -128 > > The change here is to 'and' r1 with 255 before it is used. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Signed-off-by: Kursad Oney <kursad.oney@broadcom.com> > > --- > > arch/arm/lib/memset.S | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/arm/lib/memset.S b/arch/arm/lib/memset.S > index d71ab61430b2..de75ae4d5ab4 100644 > --- a/arch/arm/lib/memset.S > +++ b/arch/arm/lib/memset.S > @@ -17,6 +17,7 @@ ENTRY(__memset) > ENTRY(mmioset) > WEAK(memset) > UNWIND( .fnstart ) > + and r1, r1, #255 @ cast to unsigned char > ands r3, r0, #3 @ 1 unaligned? > mov ip, r0 @ preserve r0 as return value > bne 6f @ 1 > -- > 2.37.3 > I didn't get any reaction to this patch so I added you to see if you could help review it or direct me to the right channel. Thank you! kursad
On Wed, 17 May 2023 at 20:14, Kursad Oney <kursad.oney@broadcom.com> wrote: > > memset() description in ISO/IEC 9899:1999 (and elsewhere) says: > > The memset function copies the value of c (converted to an > unsigned char) into each of the first n characters of the > object pointed to by s. > > The kernel's arm32 memset does not cast c to unsigned char. This results > in the following code to produce erroneous output: > > char a[128]; > memset(a, -128, sizeof(a)); > > This is because gcc will generally emit the following code before > it calls memset() : > > mov r0, r7 > mvn r1, #127 ; 0x7f > bl 00000000 <memset> > > r1 ends up with 0xffffff80 before being used by memset() and the > 'a' array will have -128 once in every four bytes while the other > bytes will be set incorrectly to -1 like this (printing the first > 8 bytes) : > > test_module: -128 -1 -1 -1 > test_module: -1 -1 -1 -128 > > The change here is to 'and' r1 with 255 before it is used. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Signed-off-by: Kursad Oney <kursad.oney@broadcom.com> > > --- > > arch/arm/lib/memset.S | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/arm/lib/memset.S b/arch/arm/lib/memset.S > index d71ab61430b2..de75ae4d5ab4 100644 > --- a/arch/arm/lib/memset.S > +++ b/arch/arm/lib/memset.S > @@ -17,6 +17,7 @@ ENTRY(__memset) > ENTRY(mmioset) > WEAK(memset) > UNWIND( .fnstart ) > + and r1, r1, #255 @ cast to unsigned char > ands r3, r0, #3 @ 1 unaligned? > mov ip, r0 @ preserve r0 as return value > bne 6f @ 1 Yes, this is clearly a bug. The value in R1 is expanded to 32 bits like this 1: orr r1, r1, r1, lsl #8 orr r1, r1, r1, lsl #16 which assumes that the upper bytes are 0x0, which they are not in this case. Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
On Wed, May 17, 2023 at 8:14 PM Kursad Oney <kursad.oney@broadcom.com> wrote: > memset() description in ISO/IEC 9899:1999 (and elsewhere) says: > > The memset function copies the value of c (converted to an > unsigned char) into each of the first n characters of the > object pointed to by s. > > The kernel's arm32 memset does not cast c to unsigned char. This results > in the following code to produce erroneous output: > > char a[128]; > memset(a, -128, sizeof(a)); > > This is because gcc will generally emit the following code before > it calls memset() : > > mov r0, r7 > mvn r1, #127 ; 0x7f > bl 00000000 <memset> > > r1 ends up with 0xffffff80 before being used by memset() and the > 'a' array will have -128 once in every four bytes while the other > bytes will be set incorrectly to -1 like this (printing the first > 8 bytes) : > > test_module: -128 -1 -1 -1 > test_module: -1 -1 -1 -128 > > The change here is to 'and' r1 with 255 before it is used. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Signed-off-by: Kursad Oney <kursad.oney@broadcom.com> Wow you found this old thing! Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Can you please put this into Russell's patch tracker? https://www.arm.linux.org.uk/developer/ Yours, Linus Walleij
diff --git a/arch/arm/lib/memset.S b/arch/arm/lib/memset.S index d71ab61430b2..de75ae4d5ab4 100644 --- a/arch/arm/lib/memset.S +++ b/arch/arm/lib/memset.S @@ -17,6 +17,7 @@ ENTRY(__memset) ENTRY(mmioset) WEAK(memset) UNWIND( .fnstart ) + and r1, r1, #255 @ cast to unsigned char ands r3, r0, #3 @ 1 unaligned? mov ip, r0 @ preserve r0 as return value bne 6f @ 1