Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp1272749rda; Mon, 23 Oct 2023 07:45:54 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHjXVp2ctdDJwtZfxhf/92+Aayfq0e1B0L0yTGRzjSJTS7pReVRdcS4wRcC9D1Pqg9gaQHq X-Received: by 2002:a05:6a00:99e:b0:6be:265:1bf5 with SMTP id u30-20020a056a00099e00b006be02651bf5mr8205074pfg.24.1698072354436; Mon, 23 Oct 2023 07:45:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698072354; cv=none; d=google.com; s=arc-20160816; b=Pg8CsGsTOXfO0Df4mywi4q5gLECgE0J/iZlr2epLFNWD33iaELbXIYkJ6gJFlFFma8 RuyaASoTvqHsTiYPkGteNiLLL1DyypqBRm9J5CRLRYQVdjT1uzkTqykWw7r6kxtCK7Rp OyHNSCbMW4nXFsWzGtEAmjVrJmgqhir/BSsa+teQUsgD5xMOk4HMLyQUYR+RwH2gIgNf t7bKU+yKw8gqM8lWCAt01BS3uFxIDmCGntRAKT14OuqnD1nLZ0iPpKSka53B/QWGt55S kHwyMJ+RapBCzJRbLsO9Y+TDz4SFUz/KsWDPztoxXaf91cajoUDPEN4ZUSTAoCUqKg7q 2CIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from; bh=m8ZbzkhZCXYLDQ25VdDTk5OEZOXcyUiX4Q++S2AS7aM=; fh=ScCjLhg2Mv3okBPRjkPrrsg8OzhvutnYPYwt3WASYdg=; b=ehPUl3v/6QKf//gtsrJkANsmOzrlfwUScvpJt6CnKhiHqklVhJmgrlQY+JrTS2yetx S6q232+Lfj8mboYA8hD/DBgVk5baHWcO0CVfT3Od7vucGQI7mNDNBedH9hAGJMtehhXh ngeLgDlWrNMXozezzo95vpHXSTuR+xIP8T6kihw9tChVvzAw1RCwYeHvGty5w0yxu9TL 8a5an5WWNhZWyptxDaftGTVgEnEt9BpVDuwAb0JuzRkPOdaL7j1jFMXoZ6zq3FPYxMuB g+f7fIV/rHwEp5aiRtPHRPp+wJ5LrlumDNtdw/5Su4iW1vvwU+novnPgEe2HN1009JbW PxsA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id bq2-20020a056a02044200b005aa41728293si6758329pgb.318.2023.10.23.07.45.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Oct 2023 07:45:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 76A02808287C; Mon, 23 Oct 2023 07:45:51 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233962AbjJWOpj convert rfc822-to-8bit (ORCPT + 99 others); Mon, 23 Oct 2023 10:45:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47794 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233967AbjJWOpQ (ORCPT ); Mon, 23 Oct 2023 10:45:16 -0400 Received: from eu-smtp-delivery-151.mimecast.com (eu-smtp-delivery-151.mimecast.com [185.58.85.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 31EAF2716 for ; Mon, 23 Oct 2023 07:44:17 -0700 (PDT) Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with both STARTTLS and AUTH (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mta-258--tpglOZGPGiuWPN3BCowLg-1; Mon, 23 Oct 2023 15:44:14 +0100 X-MC-Unique: -tpglOZGPGiuWPN3BCowLg-1 Received: from AcuMS.Aculab.com (10.202.163.4) by AcuMS.aculab.com (10.202.163.4) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 23 Oct 2023 15:44:13 +0100 Received: from AcuMS.Aculab.com ([::1]) by AcuMS.aculab.com ([::1]) with mapi id 15.00.1497.048; Mon, 23 Oct 2023 15:44:13 +0100 From: David Laight To: 'Al Viro' , "linux-arch@vger.kernel.org" CC: gus Gusenleitner Klaus , Al Viro , Thomas Gleixner , lkml , Ingo Molnar , "bp@alien8.de" , "dave.hansen@linux.intel.com" , "x86@kernel.org" , "David S. Miller" , "dsahern@kernel.org" , "kuba@kernel.org" , Paolo Abeni , Eric Dumazet Subject: RE: [RFC][PATCH] fix csum_and_copy_..._user() idiocy. Re: AW: [PATCH] amd64: Fix csum_partial_copy_generic() Thread-Topic: [RFC][PATCH] fix csum_and_copy_..._user() idiocy. Re: AW: [PATCH] amd64: Fix csum_partial_copy_generic() Thread-Index: AQHaBR+gEduqS7qeiEe28JhvJJTzV7BXcjfw Date: Mon, 23 Oct 2023 14:44:13 +0000 Message-ID: <83a6e7e00f824f1daef01ad599aad663@AcuMS.aculab.com> References: <20231018154205.GT800259@ZenIV> <20231019050250.GV800259@ZenIV> <20231019061427.GW800259@ZenIV> <20231019063925.GX800259@ZenIV> <20231019080615.GY800259@ZenIV> <20231021071525.GA789610@ZenIV> <20231021222203.GA800259@ZenIV> <20231022194020.GA972254@ZenIV> In-Reply-To: <20231022194020.GA972254@ZenIV> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Mon, 23 Oct 2023 07:45:52 -0700 (PDT) From: Al Viro > Sent: 22 October 2023 20:40 .... > We need a way for csum_and_copy_{from,to}_user() to report faults. > The approach taken back in 2020 (avoid 0 as return value by starting > summing from ~0U, use 0 to report faults) had been broken; it does > yield the right value modulo 2^16-1, but the case when data is > entirely zero-filled is not handled right. It almost works, since > for most of the codepaths we have a non-zero value added in > and there 0 is not different from anything divisible by 0xffff. > However, there are cases (ICMPv4 replies, for example) where we > are not guaranteed that. > > In other words, we really need to have those primitives return 0 > on filled-with-zeroes input. So let's make them return a 64bit > value instead; we can do that cheaply (all supported architectures > do that via a couple of registers) and we can use that to report > faults without disturbing the 32bit csum. Does the ICMPv4 sum need to be zero if all zeros but 0xffff if there are non-zero bytes in there? IIRC the original buggy case was fixed by returning 0xffff for the all-zero buffer. Even if it does then it would seem more sensible to have the checksum function never return zero, csum_and_copy() return zero on fault and add extra code to the (unusual) ICMP reply code to detect 0xffff and convert to zero if the buffer is all zeros. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)