Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp1035318pxm; Wed, 23 Feb 2022 16:28:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJzBXk2PN5aIPWjKxP//2Xa+wf8OzJuDRVWJiPzM08Yp38AA1J0KOCEd/FcAVVBFbwci2+NH X-Received: by 2002:a17:902:c14d:b0:14f:f1b9:1eab with SMTP id 13-20020a170902c14d00b0014ff1b91eabmr5453plj.129.1645662523060; Wed, 23 Feb 2022 16:28:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645662523; cv=none; d=google.com; s=arc-20160816; b=puotDqdV1bGdX/XegV4mxA6M28matv97eRcsGCB0LA1jvdBel0/+E2oUETVb6qaXkX UoFUmZKeYK4sn4iDAKxad6VaiEQzBIbKyt/S+4PeXzUB5xUUwOlXP0SPVkmDcmgm4LjZ U4vXUJcyhBKxTIzVFUMZogGeJA+xABXZT3sqBAq3DZSTQo4pnmR+nDNAnj51PzUovvd9 GLW8eJ08JH4/kueYgJueZ+cozhOUexwise373wYnKh6B+NOGcxgotPfxEkDtjgFI9bxr 7Y5NX9JGbHIA3A8It59/RLkNmRsQO7pBeIUnOicxT/e5HJfa8i2dHyV1hQGPpNvgAot1 FCxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Ny/Yyfn0acnuJvT2YtBGV0/3IFWA2cjT9fj9k9ksRRI=; b=U8++DT5f/bp3cZ7Yj3rOlcDtKgpneUKxFHKbx+29ytJBG8aSa0842/jvJJ8NwRe8le aDn3ay+lTfphXxYyG8iU4/jpgHrHScJtOtNar2/dWAlaahQSZxVOmp+AmG3HM0vk7NMm u/LDxK8LSK+BkGl1jJiTBpoJP7jcFDFC4jlz37avYLUAIeBGSVDwP1T6knJJfGlabWIP uG/zcVcPpuKGk4cRO+k0hsZ0/vo22u5VSdSTW3u92CSu3J6sH3mdVqezqd8usAtQYliz GuyZ6n5d3KnmZnbarVg4eRZvPW58x2MHT7aF3UBeN6u/z12+X3i6NHcpqYMycB1gt3Bc OhsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=KNfaQOa+; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id y15si957181pji.51.2022.02.23.16.28.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Feb 2022 16:28:42 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=KNfaQOa+; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1DBEB6AA63; Wed, 23 Feb 2022 16:28:41 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244019AbiBWSrx (ORCPT + 99 others); Wed, 23 Feb 2022 13:47:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37194 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235517AbiBWSrv (ORCPT ); Wed, 23 Feb 2022 13:47:51 -0500 Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94B1D1AF0A for ; Wed, 23 Feb 2022 10:47:22 -0800 (PST) Received: by mail-lf1-x134.google.com with SMTP id y24so20404285lfg.1 for ; Wed, 23 Feb 2022 10:47:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ny/Yyfn0acnuJvT2YtBGV0/3IFWA2cjT9fj9k9ksRRI=; b=KNfaQOa+6QSvmFTOGqYpYeRSoiXf9wHxA/iHvB01NoLk3HfON5rfU+N9wZjLNeGR+q 7K5xhIHDS4KQ75tEFTPXV/leGfyTtb7VkA1gOzBPe9d/fOWQz2LiWQTUZgetvkhyDQ9a DSuTvtVZTilVTwEjztPGWE5muzD55Epi6clu4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ny/Yyfn0acnuJvT2YtBGV0/3IFWA2cjT9fj9k9ksRRI=; b=Qz4vXzDef98/oRZmGIZ6lMP6gANOAk4E+a91Ri0vmsU1RzOIECVEj28j67tJ100rZn WgC8dm/F7ZRSs34jmf8i0bb0klNpPuunBucJJrQNWpLs7rOxRjehgTY3VGrpXTyAitnD 4JGgvjbhSNB7hlwJdadEwSc0npLeLZbwmXyE8pmHMp0deXq2mfLGLt+17iRNpKDSQvWA /vxhovCvNDHs4/SxOwBM00pcOLDZGJeJSHNISIm6HXvcunMzCdwDfFIYBUrhROvqDqdt OEwbtOy+Q+jh7xwS50P0OhKjhGkAP3tPGLzLWuAxM8ISODbmhJhqdw12UxWxaqMMM4/h tEYw== X-Gm-Message-State: AOAM532kFsUrqI1quQlvIGrb9KifUB4xbcpiw7HDsStgbmkfgm4HcS6s RV2Xp0sw0q9XV5H22G4QKXv/+8w6aTJ3GC1f X-Received: by 2002:a05:6512:202c:b0:443:3ce0:22a with SMTP id s12-20020a056512202c00b004433ce0022amr664984lfs.74.1645642040662; Wed, 23 Feb 2022 10:47:20 -0800 (PST) Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com. [209.85.167.44]) by smtp.gmail.com with ESMTPSA id q66sm55162ljb.60.2022.02.23.10.47.17 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 23 Feb 2022 10:47:18 -0800 (PST) Received: by mail-lf1-f44.google.com with SMTP id j15so32733679lfe.11 for ; Wed, 23 Feb 2022 10:47:17 -0800 (PST) X-Received: by 2002:a05:6512:130b:b0:443:c2eb:399d with SMTP id x11-20020a056512130b00b00443c2eb399dmr648396lfu.27.1645642037279; Wed, 23 Feb 2022 10:47:17 -0800 (PST) MIME-Version: 1.0 References: <20220217184829.1991035-1-jakobkoschel@gmail.com> <20220217184829.1991035-4-jakobkoschel@gmail.com> <6DFD3D91-B82C-469C-8771-860C09BD8623@gmail.com> In-Reply-To: <6DFD3D91-B82C-469C-8771-860C09BD8623@gmail.com> From: Linus Torvalds Date: Wed, 23 Feb 2022 10:47:00 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 03/13] usb: remove the usage of the list iterator after the loop To: Jakob , Arnd Bergmann Cc: Linux Kernel Mailing List , linux-arch , Greg Kroah-Hartman , Thomas Gleixner , Andy Shevchenko , Andrew Morton , Kees Cook , Mike Rapoport , "Gustavo A. R. Silva" , Brian Johannesmeyer , Cristiano Giuffrida , "Bos, H.J." Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Arnd was already on the participants, but I moved him from 'Cc:' to 'To:', just because I think this is once again tangentially related to the whole "c99 base" thing ] On Wed, Feb 23, 2022 at 6:13 AM Jakob wrote: > > I'm sorry for having created the confusion. I made this patch to support > the speculative safe list_for_each_entry() version but it is not actually > related to that. I do believe that this an actual bug and *could* > *potentially* be misused. I'll follow up with an example to illustrate that. Ok, so this is just a regular bug, plain and simple. The problem being that the list_for_each_entry() will iterate over each list entry - but at the end of the loop it will not point at any entry at all (it will have a pointer value that is related to the *HEAD* of the list, but that is not necessarily the same kind of entry that the list members are. Honestly, I think this kind of fix should have been done entirely separately. In fact, I think the change to list_for_each_entry() should have been done not as "fix type speculation", but as a much more interesting "fix the list iterators". The whole reason this kind of non-speculative bug can happen is that we historically didn't have C99-style "declare variables in loops". So list_for_each_entry() - and all the other ones - fundamentally always leaks the last HEAD entry out of the loop, simply because we couldn't declare the iterator variable in the loop itself. (And by "couldn't", I mean "without making for special syntax": we do exactly that in "for_each_thread ()" and friends, but they have an "end_for_each_thread()" thing at the end). So what I'd personally *really* like to see would be for us to - once again - look at using "-std=gnu99", and fix the whole "leak final invalid pointer outside the loop". Then the type speculation thing would be an entirely separate patch. Because honestly, I kind of hate the completely random type speculation patch. It fixes one particular type of loop, and not even one that seems all that special. But we still don't do "gnu99", because we had some odd problem with some ancient gcc versions that broke documented initializers. I honestly _thought_ we had gotten over that already. I think the problem cases were gcc-4.9 and older, and now we require gcc-5.1, and we could just use "--std=gnu99" for the kernel, and we could finally start using variable declarations in for-statements. Arnd - remind me, please.. Was there some other problem than just gcc-4.9? Linus