Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp2319122rwo; Thu, 3 Aug 2023 07:50:53 -0700 (PDT) X-Google-Smtp-Source: APBJJlGNju/D9gafRnPnHbn9fWwuqJJe1+zWXd252OdBy+fRgHXSnsAJSQ4YEpEvKyW+Wbq7mEh2 X-Received: by 2002:a17:906:2092:b0:99b:c2ce:501c with SMTP id 18-20020a170906209200b0099bc2ce501cmr11103153ejq.19.1691074253470; Thu, 03 Aug 2023 07:50:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691074253; cv=none; d=google.com; s=arc-20160816; b=S9uPJaOj9djWV6mQJab6ZJ3Yq33sOyiOHiVupL8smqG099xrzMZgLN2jgwnOPdMc21 jryjjFcfgYLZft/WqqvBeR3bxsYiB16NusHhtQngR+UrhOHtj2nPMnOjE7RK9EEOLf6q 6QhzogHA/Hwzt3mDEDLxNja3QZg33kfB5DENOuhVghe2sbWea7uLHc4gt38S6WgpQDJn P6bfq626dJ6YIcaMGYmr3kvCWI3yUfAhsgY9s43dJdJa0a9aCH1okepYpg3WKUzApRQ7 fp6xPXWSTsHjDYvvFr9njfCLDgDxYnrRQhTzayfKuvpsXPNl316vwxbRta8Rzd6WAlba mMNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=KR57C5IufeTT2jdTD0mmYmw99iZLvDRU1XIW0qnb3FM=; fh=/XvlCCrxfyrAmdQsGAZzkBT6GedWdH0IZNxGrnomlxo=; b=WWFl3+8h+wjIFQDjb4/DMh9JcTirNVYHB1/+QnDws7W5J+KOOkU1NPfMFnECcs1waN wU/Qs0euvgCwX2GKJQupZyS1erBNTX2Y7Qe0vfBgJxoWslIBANAH4dOpdDAi2/etQ2VH o1mb1FVaqMVZtbrZ1Uk97tTWsk94MvTtDbWA4ybh0oDP+whT2cMr1vLa9Fb6g18E4MZb q2Yuf0FYp9qVVdqE9rbqweN62wzkFC/9C6byntfVcAX+PF6skp0o1ckItoj6r6rgDlT7 Iqmpjecdt8HizoqBwSIeoPdQ2ZVC9qUft1wOS20r0YXcUae2CMypE2aZHQl1ieCdOPxX vaHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=T4EhrlVo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j25-20020a170906255900b0099342fc2a87si3230559ejb.692.2023.08.03.07.50.29; Thu, 03 Aug 2023 07:50:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=T4EhrlVo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232520AbjHCOAh (ORCPT + 99 others); Thu, 3 Aug 2023 10:00:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47120 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234098AbjHCOAf (ORCPT ); Thu, 3 Aug 2023 10:00:35 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3B4501728 for ; Thu, 3 Aug 2023 07:00:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CDE6961DAB for ; Thu, 3 Aug 2023 14:00:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 38DB7C43391 for ; Thu, 3 Aug 2023 14:00:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691071203; bh=nYs7lJDt7N61GA4YVSraqiVO9A9w8LhWnKN4CHuE+Ks=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=T4EhrlVo+8cpRGwPSS4i+pUgUucpreAjy7swOw4/ups59uRxIc2flaF/II102qtHy b02dHM0JxYHldVSVILDkbwCy4D4j2sTxFevOA3nRuXEe3Y/9SneqnHBdttLga4oXZM tQJ1/T72c2yqqf7VMCvrLQJRA75DPEQnnQYN0kd+uG80OoPtchwfd1zE4/cOkiDWmr W2GxmjLRL4SvuugsAgSeEnOBg5KQ/Rzt8W5105ZNx9RE/O8VFvnWk5AAIlDpQQV8DL EzlMiyTo9jhtbTT89Vwk7v0eYBmcB75phhCodRmXrYI+3xk0B2ut2hahA/0rxc7+Mu o/+N1IzfxXdOg== Received: by mail-lf1-f52.google.com with SMTP id 2adb3069b0e04-4fe216edaf7so2660929e87.0 for ; Thu, 03 Aug 2023 07:00:03 -0700 (PDT) X-Gm-Message-State: ABy/qLZlvhqa1rX/mbAYF9SZN61Tc/sqmDWMgdIxoKZ5kJyAfw7KRj41 bbWEXsRDFjztpHDX1albeCaHPtp453CcCGf/54k= X-Received: by 2002:a05:6512:2085:b0:4fb:fb4e:7580 with SMTP id t5-20020a056512208500b004fbfb4e7580mr2826897lfr.8.1691071201190; Thu, 03 Aug 2023 07:00:01 -0700 (PDT) MIME-Version: 1.0 References: <20230517181353.381073-1-kursad.oney@broadcom.com> In-Reply-To: <20230517181353.381073-1-kursad.oney@broadcom.com> From: Ard Biesheuvel Date: Thu, 3 Aug 2023 15:59:50 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] ARM: memset: cast the constant byte to unsigned char To: Kursad Oney , Linus Walleij Cc: linux-arm-kernel@lists.infradead.org, BCM Kernel Feedback , Russell King , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 17 May 2023 at 20:14, Kursad Oney wrote: > > memset() description in ISO/IEC 9899:1999 (and elsewhere) says: > > The memset function copies the value of c (converted to an > unsigned char) into each of the first n characters of the > object pointed to by s. > > The kernel's arm32 memset does not cast c to unsigned char. This results > in the following code to produce erroneous output: > > char a[128]; > memset(a, -128, sizeof(a)); > > This is because gcc will generally emit the following code before > it calls memset() : > > mov r0, r7 > mvn r1, #127 ; 0x7f > bl 00000000 > > r1 ends up with 0xffffff80 before being used by memset() and the > 'a' array will have -128 once in every four bytes while the other > bytes will be set incorrectly to -1 like this (printing the first > 8 bytes) : > > test_module: -128 -1 -1 -1 > test_module: -1 -1 -1 -128 > > The change here is to 'and' r1 with 255 before it is used. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Signed-off-by: Kursad Oney > > --- > > arch/arm/lib/memset.S | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/arm/lib/memset.S b/arch/arm/lib/memset.S > index d71ab61430b2..de75ae4d5ab4 100644 > --- a/arch/arm/lib/memset.S > +++ b/arch/arm/lib/memset.S > @@ -17,6 +17,7 @@ ENTRY(__memset) > ENTRY(mmioset) > WEAK(memset) > UNWIND( .fnstart ) > + and r1, r1, #255 @ cast to unsigned char > ands r3, r0, #3 @ 1 unaligned? > mov ip, r0 @ preserve r0 as return value > bne 6f @ 1 Yes, this is clearly a bug. The value in R1 is expanded to 32 bits like this 1: orr r1, r1, r1, lsl #8 orr r1, r1, r1, lsl #16 which assumes that the upper bytes are 0x0, which they are not in this case. Reviewed-by: Ard Biesheuvel