Re: Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c"

From: Al Viro
Date: Thu Oct 22 2020 - 16:06:47 EST

Next message: pr-tracker-bot: "Re: [GIT PULL] VFIO updates for v5.10-rc1"
Previous message: pr-tracker-bot: "Re: [GIT PULL] PCI changes for v5.10"
In reply to: Al Viro: "Re: Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c""
Next in thread: Al Viro: "Re: Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 22, 2020 at 08:24:58PM +0100, Al Viro wrote:

> Depending upon the calling conventions, compiler might do truncation in caller or
> in a callee, but it must be done _somewhere_.

Unless I'm misreading AAPCS64,
"Unlike in the 32-bit AAPCS, named integral values must be narrowed by the callee
rather than the caller"
in 6.4.2 means that callee must not _not_ expect the upper 32 bits of %x0..%x7 to contain
anything valid for 32bit arguments and it must zero-extend %w0..%w7 when passing that to
something that expects a 64bit argument. On inlining it should be the same situation as
storing unsigned int argument into unsigned long local variable and working with that - if

void f(unsigned int w)
{
unsigned long x = w;
printf("%lx\n", x);
}

ends up passing %x0 to printf, it's an obvious bug - it must do something like
uxtw x0, w0
first.

What am I missing here?

Next message: pr-tracker-bot: "Re: [GIT PULL] VFIO updates for v5.10-rc1"
Previous message: pr-tracker-bot: "Re: [GIT PULL] PCI changes for v5.10"
In reply to: Al Viro: "Re: Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c""
Next in thread: Al Viro: "Re: Buggy commit tracked to: "Re: [PATCH 2/9] iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]