Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4517101ybl; Tue, 21 Jan 2020 22:53:37 -0800 (PST) X-Google-Smtp-Source: APXvYqyeHeBJBbzr2y07aE+v9aSfn0MmNPRAXgYa3lbolsZVBkzjp9bzwkenxaC8up4JdJfV4upy X-Received: by 2002:aca:1b01:: with SMTP id b1mr5559146oib.6.1579676017011; Tue, 21 Jan 2020 22:53:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579676016; cv=none; d=google.com; s=arc-20160816; b=MCADqWLGxv3YourQBcddBpbLTaCQbTc/0RFj4gCfB1urgby2Eww9TVyGLWguiCgO/z 33bZJqvDJjEpLnpWeB/lV31+5yNPRZr5rp7xcqNJ5zvJmk6eRmG86Cen3au6Gfskdtt4 +hj+lIzqVsozcJp5t+OpfqTjJCUPcb/4ctFgIH8ykO/2G0FXRWQTsam0iD5brQnKRGXo 3CX7hvosttvjmNZ0IjmmkWvmJlMBbhMSowCcXWn7iIxbOjv4I+8liVCPc0Y1lXcQKTAF 2Ixy7TU3P57kd+tl/pFbxssugAc/L52qTKolvyqtWi71GzeatBnTGMY6oelwYq/IIsCd OoKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=AYb/CdJwlLdwhR85yWkNEPcYAl+1WHLldoMOxAkLGpM=; b=W3PskA+VJXdskISQv4mLyua9fLV4TP2bNRabuNKTHlfrzV2KPRKwsbSQLBok1OWz5x vy8LEPVWKN+Z6ecH0RVANY49qv2t9OaQWkdV9whuhIq6uvSCtHiP/cU2uWhHMjHmKOvZ QfXOeFk73HxOQsuvgqbCG8XLmOAwKz1gB7qLEB2MCt5F6Ry4yViuV0QCwcT/fM82wIet PwWcs6dVQ8W0TpgsZQn+XUZWlAr6oEmRSeXeFAk7J0Pw989yTKg4AmXS6/7RRtfEGg7/ pRBz/aoqmX93tTtM8asQjb1RX2ZviwaWb9iMzP+bBx8dz/6GOrHQH9kQUeLQ9y7zSa+i u8sg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@c-s.fr header.s=mail header.b=Zey8fdjO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r5si20153573oic.19.2020.01.21.22.53.25; Tue, 21 Jan 2020 22:53:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@c-s.fr header.s=mail header.b=Zey8fdjO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726101AbgAVGwF (ORCPT + 99 others); Wed, 22 Jan 2020 01:52:05 -0500 Received: from pegase1.c-s.fr ([93.17.236.30]:36311 "EHLO pegase1.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725836AbgAVGwF (ORCPT ); Wed, 22 Jan 2020 01:52:05 -0500 Received: from localhost (mailhub1-int [192.168.12.234]) by localhost (Postfix) with ESMTP id 482bg62dYRz9v1G1; Wed, 22 Jan 2020 07:52:02 +0100 (CET) Authentication-Results: localhost; dkim=pass reason="1024-bit key; insecure key" header.d=c-s.fr header.i=@c-s.fr header.b=Zey8fdjO; dkim-adsp=pass; dkim-atps=neutral X-Virus-Scanned: Debian amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024) with ESMTP id oG7b4NC5O0Sq; Wed, 22 Jan 2020 07:52:02 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 482bg619Vtz9v1G0; Wed, 22 Jan 2020 07:52:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail; t=1579675922; bh=AYb/CdJwlLdwhR85yWkNEPcYAl+1WHLldoMOxAkLGpM=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Zey8fdjOenKuqzua5w7ccePCzStkQRBuJaWxnsJVniBNEICcjqz/Qq/mZfkoDcKWj m7jTcAVVcCwoLKA8mePd5gFGZTjv/4HtUxHQIysp9aTF3f5X20ObtxEcM/gKav5zr+ TtH/cAfLoGS2ZgGfk8V5vjYRKFaDLsXnVLmJ2Heg= Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id E56D58B7EC; Wed, 22 Jan 2020 07:52:02 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id T8XazIT7FdGs; Wed, 22 Jan 2020 07:52:02 +0100 (CET) Received: from [172.25.230.100] (po15451.idsi0.si.c-s.fr [172.25.230.100]) by messagerie.si.c-s.fr (Postfix) with ESMTP id BF7998B776; Wed, 22 Jan 2020 07:52:02 +0100 (CET) Subject: Re: GCC bug ? Re: [PATCH v2 10/10] powerpc/32s: Implement Kernel Userspace Access Protection To: Segher Boessenkool , Michael Ellerman Cc: Benjamin Herrenschmidt , Paul Mackerras , ruscur@russell.cc, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org References: <87ftqfu7j1.fsf@concordia.ellerman.id.au> <20200121195501.GJ3191@gate.crashing.org> From: Christophe Leroy Message-ID: Date: Wed, 22 Jan 2020 07:52:02 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <20200121195501.GJ3191@gate.crashing.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: fr Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 21/01/2020 à 20:55, Segher Boessenkool a écrit : > On Tue, Jan 21, 2020 at 05:22:32PM +0000, Christophe Leroy wrote: >> g1() should return 3, not 5. > > What makes you say that? What makes me say that is that NULL is obviously a constant pointer and I think we are all expecting gcc to see it as a constant during kernel build, ie at -O2 > > "A return of 0 does not indicate that the > value is _not_ a constant, but merely that GCC cannot prove it is a > constant with the specified value of the '-O' option." > > (And the rules it uses for this are *not* the same as C "constant > expressions" or C "integer constant expression" or C "arithmetic > constant expression" or anything like that -- which should be already > obvious from that it changes with different -Ox). > > You can use builtin_constant_p to have the compiler do something better > if the compiler feels like it, but not anything more. Often people > want stronger guarantees, but when they see how much less often it then > returns "true", they do not want that either. > in asm/book3s/64/kup-radix.h we have: static inline void allow_user_access(void __user *to, const void __user *from, unsigned long size) { // This is written so we can resolve to a single case at build time if (__builtin_constant_p(to) && to == NULL) set_kuap(AMR_KUAP_BLOCK_WRITE); else if (__builtin_constant_p(from) && from == NULL) set_kuap(AMR_KUAP_BLOCK_READ); else set_kuap(0); } and in asm/kup.h we have: static inline void allow_read_from_user(const void __user *from, unsigned long size) { allow_user_access(NULL, from, size); } static inline void allow_write_to_user(void __user *to, unsigned long size) { allow_user_access(to, NULL, size); } If GCC doesn't see NULL as a constant, then the above doesn't work as expected. What's surprising and frustrating is that if you remove the __builtin_constant_p() and only leave the NULL check, then GCC sees it as a constant and drops the other leg. So if we remove the __builtin_constant_p(to) and leave only the (to == NULL), it will work as expected for allow_read_from_user(). But for the others where (to) is not a constant, the NULL test will remain together with the associated leg. Christophe