tree: git://anongit.freedesktop.org/drm-intel drm-intel-next-queued
head: 1abb70f5955d1a9021f96359a2c6502ca569b68d
commit: 84b510e22da7926522a257cfe295d3695346a0bd [1/2] drm/i915/query: Protect
tainted function pointer lookup
config: i386-randconfig-x012-201820 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
git checkout 84b510e22da7926522a257cfe295d3695346a0bd
# save the attached .config to linux build tree
make ARCH=i386
All error/warnings (new ones prefixed by >>):
In file included from include/asm-generic/barrier.h:20:0,
from arch/x86/include/asm/barrier.h:86,
from include/linux/nospec.h:8,
from drivers/gpu/drm/i915/i915_query.c:7:
drivers/gpu/drm/i915/i915_query.c: In function 'i915_query_ioctl':
>> include/linux/compiler.h:339:38: error: call to '__compiletime_assert_119'
>> declared with attribute error: BUILD_BUG_ON failed: sizeof(_s) > sizeof(long)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:319:4: note: in definition of macro
'__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:339:2: note: in expansion of macro
'_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:45:37: note: in expansion of macro
'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:69:2: note: in expansion of macro
'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/nospec.h:53:2: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_i) > sizeof(long)); \
^~~~~~~~~~~~
>> drivers/gpu/drm/i915/i915_query.c:118:15: note: in expansion of macro
>> 'array_index_nospec'
func_idx = array_index_nospec(func_idx,
^~~~~~~~~~~~~~~~~~
--
In file included from include/asm-generic/barrier.h:20:0,
from arch/x86/include/asm/barrier.h:86,
from include/linux/nospec.h:8,
from drivers/gpu//drm/i915/i915_query.c:7:
drivers/gpu//drm/i915/i915_query.c: In function 'i915_query_ioctl':
>> include/linux/compiler.h:339:38: error: call to '__compiletime_assert_119'
>> declared with attribute error: BUILD_BUG_ON failed: sizeof(_s) > sizeof(long)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:319:4: note: in definition of macro
'__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:339:2: note: in expansion of macro
'_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:45:37: note: in expansion of macro
'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:69:2: note: in expansion of macro
'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/nospec.h:53:2: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_i) > sizeof(long)); \
^~~~~~~~~~~~
drivers/gpu//drm/i915/i915_query.c:118:15: note: in expansion of macro
'array_index_nospec'
func_idx = array_index_nospec(func_idx,
^~~~~~~~~~~~~~~~~~
vim +/BUILD_BUG_ON +53 include/linux/nospec.h
8fa80c503 Will Deacon 2018-02-05 32
8fa80c503 Will Deacon 2018-02-05 33 /*
f38042033 Dan Williams 2018-01-29 34 * array_index_nospec - sanitize an
array index after a bounds check
f38042033 Dan Williams 2018-01-29 35 *
f38042033 Dan Williams 2018-01-29 36 * For a code sequence like:
f38042033 Dan Williams 2018-01-29 37 *
f38042033 Dan Williams 2018-01-29 38 * if (index < size) {
f38042033 Dan Williams 2018-01-29 39 * index =
array_index_nospec(index, size);
f38042033 Dan Williams 2018-01-29 40 * val = array[index];
f38042033 Dan Williams 2018-01-29 41 * }
f38042033 Dan Williams 2018-01-29 42 *
f38042033 Dan Williams 2018-01-29 43 * ...if the CPU speculates past the
bounds check then
f38042033 Dan Williams 2018-01-29 44 * array_index_nospec() will clamp the
index within the range of [0,
f38042033 Dan Williams 2018-01-29 45 * size).
f38042033 Dan Williams 2018-01-29 46 */
f38042033 Dan Williams 2018-01-29 47 #define array_index_nospec(index, size)
\
f38042033 Dan Williams 2018-01-29 48 ({
\
f38042033 Dan Williams 2018-01-29 49 typeof(index) _i = (index);
\
f38042033 Dan Williams 2018-01-29 50 typeof(size) _s = (size);
\
1d91c1d2c Dan Williams 2018-02-16 51 unsigned long _mask =
array_index_mask_nospec(_i, _s); \
f38042033 Dan Williams 2018-01-29 52
\
f38042033 Dan Williams 2018-01-29 @53 BUILD_BUG_ON(sizeof(_i) >
sizeof(long)); \
:::::: The code at line 53 was first introduced by commit
:::::: f3804203306e098dae9ca51540fcd5eb700d7f40 array_index_nospec: Sanitize
speculative array de-references
:::::: TO: Dan Williams <[email protected]>
:::::: CC: Thomas Gleixner <[email protected]>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
_______________________________________________ dri-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/dri-devel
