Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1493862pxj; Wed, 19 May 2021 07:13:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxy9ptjAk6e2pRiLufpLT/2csSc8uutU04tM8OYLMr84X1faW7zTUNoSfJmRs5N3HwCZLQZ X-Received: by 2002:a17:906:1185:: with SMTP id n5mr12940394eja.342.1621433612691; Wed, 19 May 2021 07:13:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621433612; cv=none; d=google.com; s=arc-20160816; b=d7FpPM2Ioaghqr6U5n+oKVW25Pl+1yh2GWiCrbgLiCJky9MvPi9w4mM3fW4WNaejXt TZRGchvLUXexxqK/L2XV9r/Na+Pyd1nXsNWc6rGXehSs8jFZ8g0dhJu10HtBAsaisr9V 4sQpB0BivCSjSEQwpDWVWvP5ChqfrnOQWrUqtFZ+jhqQDdmvcAe5ODVGZZAF9mDUWCQ/ Xh277oFB5V4byAOYxmezXaPT2cT4rTb1wPL/v/S5HHj9//6Jny8fHn7mtAk/bffVOPhe bWkmGl8PvLQ4SwqPD4kvWHm7EIUKJ0zm5a6V6rxUOpP3GjeOwusVJo5MSfox8qaVdHre W6Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=H0i3SWGnawRMKq25hTfzvacmGF8ldJ2SVMOa5hP71Gw=; b=0baLn2g3YQdZ4tVcZOv3QmSGB0pWoDw7waKJWuoiclLxoDnWCIetVeoqbuYUCvAJ6l QVkKYtbFaOJR81JKibpEpywmzNeH1t8wkvGysVNVTnFOkONNk95GC3NkFx1o1emHq1Vd KXh3QNqVa44fqMAx0ow3ckdpNegxAUOHfMwlk5ZAhg6ZWzIklpeCSY+qy6VX94Sfx/mC p/cGHK/hlnAO2/NcGyYvySk7+6GWZd/+9LENvI2oyUKEU7IzQJWWTkNI6PoBApRjpOvN vcND5VMnfpQ2x8CUJq3V/VXAhXkyiJ95TJTsszFZw4XoQeRCu/wwEQzm0cSTzXc9MmPh TJ+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vFuTpSZl; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id kj17si12889884ejc.587.2021.05.19.07.12.50; Wed, 19 May 2021 07:13:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vFuTpSZl; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240600AbhERH20 (ORCPT + 99 others); Tue, 18 May 2021 03:28:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:56646 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240235AbhERH2X (ORCPT ); Tue, 18 May 2021 03:28:23 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id EE75161353; Tue, 18 May 2021 07:27:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1621322826; bh=tr42CgFCvzDLTaED1GLg2sfLJpu7z95Hx0uB17IraIA=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=vFuTpSZlyekcp66+1xXP7UZO1BN2bgkvFtUPcj1zJCS149c+Zvi5hPquocBVIojB2 Z7exeBYrhumkzjJUSvEpKFGW4FaqBqZSq7xU7M8ZbBXk0ZQ5jVfmLPFTh3D4RbZM9j lrUhs82y4HlTvmFkV/mBBanL9tIfDdHW4GCSJAjCwx8xBjvD/9MzWbWnE1oIuT7iX5 gYhCI1yVOzSCg5K38ilmDg450rgYNeNMsjsLC6gOgw0amIXTpygFFnPllY+Yc4M1UR B2od90rmhi/bP2cvywv26nLYI1niEqFU+sMFU1it04NiboiejydzFTKGEQcZqqBYpS U/cWQ9vRIoLtg== Received: by mail-wr1-f49.google.com with SMTP id a4so9011174wrr.2; Tue, 18 May 2021 00:27:05 -0700 (PDT) X-Gm-Message-State: AOAM533uYGieda+TwW6tF4wz8TdYChzHQDjVJR2354nb6NmMyl4ketaJ 8Bg2PHoUUjerVtW3qhap3NailXosaBVZsQYTYjQ= X-Received: by 2002:a5d:6dc4:: with SMTP id d4mr5094533wrz.105.1621322824578; Tue, 18 May 2021 00:27:04 -0700 (PDT) MIME-Version: 1.0 References: <20210514100106.3404011-1-arnd@kernel.org> <20210514100106.3404011-8-arnd@kernel.org> In-Reply-To: From: Arnd Bergmann Date: Tue, 18 May 2021 09:25:54 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 07/13] asm-generic: unaligned always use struct helpers To: Eric Biggers Cc: linux-arch , Linus Torvalds , Vineet Gupta , Russell King , Herbert Xu , "David S. Miller" , Thomas Bogendoerfer , Linux ARM , Linux Kernel Mailing List , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , "open list:BROADCOM NVRAM DRIVER" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, May 17, 2021 at 11:53 PM Eric Biggers wrote: > On Fri, May 14, 2021 at 12:00:55PM +0200, Arnd Bergmann wrote: > > From: Arnd Bergmann > > > > As found by Vineet Gupta and Linus Torvalds, gcc has somewhat unexpected > > behavior when faced with overlapping unaligned pointers. The kernel's > > unaligned/access-ok.h header technically invokes undefined behavior > > that happens to usually work on the architectures using it, but if the > > compiler optimizes code based on the assumption that undefined behavior > > doesn't happen, it can create output that actually causes data corruption. > > > > A related problem was previously found on 32-bit ARMv7, where most > > instructions can be used on unaligned data, but 64-bit ldrd/strd causes > > an exception. The workaround was to always use the unaligned/le_struct.h > > helper instead of unaligned/access-ok.h, in commit 1cce91dfc8f7 ("ARM: > > 8715/1: add a private asm/unaligned.h"). > > > > The same solution should work on all other architectures as well, so > > remove the access-ok.h variant and use the other one unconditionally on > > all architectures, picking either the big-endian or little-endian version. > > FYI, gcc 10 had a bug where it miscompiled code that uses "packed structs" to > copy between overlapping unaligned pointers > (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94994). Thank you for pointing this out > I'm not sure whether the kernel will run into that or not, and gcc has since > fixed it. But it's worth mentioning, especially since the issue mentioned in > this commit sounds very similar (overlapping unaligned pointers), and both > involved implementations of DEFLATE decompression. I tried reproducing this on the kernel deflate code with the kernel.org gcc-10.1 and gcc-10.3 crosstool versions but couldn't quite get there with Vineet's preprocessed source https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100363 Trying with both the original get_unaligned() version in there and the packed-struct variant, I get the same output from gcc-10.1 and gcc-10.3 when I compile those myself for arc hs4x , but it's rather different from the output that Vineet got and I don't know how to spot whether the problem exists in any of those versions. > Anyway, partly due to the above, in userspace I now only use memcpy() to > implement {get,put}_unaligned_*, since these days it seems to be compiled > optimally and have the least amount of problems. > > I wonder if the kernel should do the same, or whether there are still cases > where memcpy() isn't compiled optimally. armv6/7 used to be one such case, but > it was fixed in gcc 6. It would have to be memmove(), not memcpy() in this case, right? My feeling is that if gcc-4.9 and gcc-5 produce correct but slightly slower code, we can live with that, unlike the possibility of gcc-10.{1,2} producing incorrect code. Since the new asm/unaligned.h has a single implementation across all architectures, we could probably fall back to a memmove based version for the compilers affected by the 94994 bug, but I'd first need to have a better way to test regarding whether given combination of asm/unaligned.h and compiler version runs into this bug. I have checked your reproducer and confirmed that it does affect x86_64 gcc-10.1 -O3 with my proposed version of asm-generic/unaligned.h, but does not trigger on any other version (4.9 though 9.3, 10.3 or 11.1), and not on -O2 or "-O3 -mno-sse" builds or on arm64, but that doesn't necessarily mean it's safe on these. Arnd