From patchwork Tue Jan 5 09:18:52 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 59173 Delivered-To: patch@linaro.org Received: by 10.112.130.2 with SMTP id oa2csp5855430lbb; Tue, 5 Jan 2016 01:20:44 -0800 (PST) X-Received: by 10.98.17.147 with SMTP id 19mr133687819pfr.66.1451985644207; Tue, 05 Jan 2016 01:20:44 -0800 (PST) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id 21si66071747pfj.91.2016.01.05.01.20.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Jan 2016 01:20:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dkim=neutral (body hash did not verify) header.i=@linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1aGNmF-0002aL-Cx; Tue, 05 Jan 2016 09:19:39 +0000 Received: from mail-wm0-x233.google.com ([2a00:1450:400c:c09::233]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1aGNm3-0002Um-Fk for linux-arm-kernel@lists.infradead.org; Tue, 05 Jan 2016 09:19:28 +0000 Received: by mail-wm0-x233.google.com with SMTP id f206so19213535wmf.0 for ; Tue, 05 Jan 2016 01:19:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bkEV/R0iHvq5lFMSJ0MaWblDQJgkiWxr0morDv+5Vvk=; b=KWfcvXDT02r9zgvfcK5yR3VNVyKDtZA4gVsLrThQqVCJDRoO+oY2I1B8GKWtZkd/vM 7VfAXzgJmYE2pcpC0fE5xDcrPih/QhyUPltZguGPRZeAa794swmY2bDVwdTfVkGk6bOO 37ROwoihVxPpjKZljpXBhYQip3uJpdZb1Rlvg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bkEV/R0iHvq5lFMSJ0MaWblDQJgkiWxr0morDv+5Vvk=; b=dUuHbQMKpkPyebKF+4PMcxVEgBWHJnqOU0WSzmfBFyn2oa2S91IPJTaXv+AZ1Jks7y 3fly/oj+tT4Mh4x9MRO4cCxLv5YQc24KrsmiRKQUuA6Hnb7tpkGtmQiKnVFSySMEqlqP y4J01BvpcD6ALhrg+Z2A+NyA8+LK4qyTpuR3yegSXDb6xmc742zyJu7ftqfP4onj9mx9 MTqFbte4DQzbIEKVlOYSivxQwmT/rWZ+UZemO/huTopV2BelWOlA7hD/cDOhMEngSycm xO2QJylyWAqavvMJOtqfRRWIKofcGvrcjLO4tqTO+XUtC/O6tX9TnUstsDWIX8nQfnXU F5AA== X-Gm-Message-State: ALoCoQm/JpSjaw4OapHkSow+v5r8ZYTxjbI5/XyGeB7WcjpgjlcFjPGzjxsAd2Fu2GvZQWVwjrQGAaMtdi3YK9H4Ts23PLPr+A== X-Received: by 10.28.16.78 with SMTP id 75mr3034917wmq.82.1451985545833; Tue, 05 Jan 2016 01:19:05 -0800 (PST) Received: from localhost.localdomain (cag06-7-83-153-85-71.fbx.proxad.net. [83.153.85.71]) by smtp.gmail.com with ESMTPSA id c203sm2550612wmd.5.2016.01.05.01.19.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 05 Jan 2016 01:19:05 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, will.deacon@arm.com, Dave.Martin@arm.com Subject: [PATCH v2 2/2] arm64/module: avoid undefines shift behavior in reloc_data() Date: Tue, 5 Jan 2016 10:18:52 +0100 Message-Id: <1451985532-6487-2-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1451985532-6487-1-git-send-email-ard.biesheuvel@linaro.org> References: <1451985532-6487-1-git-send-email-ard.biesheuvel@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160105_011927_700310_CF7C2B37 X-CRM114-Status: GOOD ( 14.92 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:233 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org Compilers may engage the improbability drive when encountering shifts by a distance that is a multiple of the size of the operand type. Since the required bounds check is very simple here, we can get rid of all the fuzzy masking, shifting and comparing, and use the documented bounds directly. Reported-by: David Binderman Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/module.c | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) -- 2.5.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c index 400141549b28..2c26a2381acc 100644 --- a/arch/arm64/kernel/module.c +++ b/arch/arm64/kernel/module.c @@ -72,15 +72,18 @@ static u64 do_reloc(enum aarch64_reloc_op reloc_op, void *place, u64 val) static int reloc_data(enum aarch64_reloc_op op, void *place, u64 val, int len) { - u64 imm_mask = (1 << len) - 1; s64 sval = do_reloc(op, place, val); switch (len) { case 16: *(s16 *)place = sval; + if (sval < S16_MIN || sval > U16_MAX) + return -ERANGE; break; case 32: *(s32 *)place = sval; + if (sval < S32_MIN || sval > U32_MAX) + return -ERANGE; break; case 64: *(s64 *)place = sval; @@ -89,21 +92,6 @@ static int reloc_data(enum aarch64_reloc_op op, void *place, u64 val, int len) pr_err("Invalid length (%d) for data relocation\n", len); return 0; } - - /* - * Extract the upper value bits (including the sign bit) and - * shift them to bit 0. - */ - sval = (s64)(sval & ~(imm_mask >> 1)) >> (len - 1); - - /* - * Overflow has occurred if the value is not representable in - * len bits (i.e the bottom len bits are not sign-extended and - * the top bits are not all zero). - */ - if ((u64)(sval + 1) > 2) - return -ERANGE; - return 0; }