From patchwork Mon Feb 5 14:16:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 126896 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp2009180ljc; Mon, 5 Feb 2018 06:16:21 -0800 (PST) X-Google-Smtp-Source: AH8x224ipW3JL4pRbzqWNPCsYR4hYChELbBBh1KJNgDaX+Vx9JqL4Qx432MsIVZ/PfSsVPm8vLu2 X-Received: by 10.98.68.91 with SMTP id r88mr49237888pfa.52.1517840181380; Mon, 05 Feb 2018 06:16:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517840181; cv=none; d=google.com; s=arc-20160816; b=gElAVCBcth9pirKCSr7F2NGC1mPtj08Ca0YhJh2Ymt2GCCBmc9XdR4JPghPGo82D0q da3G2jFsh4OvasLIqwfTEWKxWFKoizT8LWOCnZWUdwPc9QcoVnib6roZVH/shTk3xp7i ptPkMDBaKweIdPKrfWXZGMB8tI/K15a5SebppG7H0AB2ie7utufWJjQbrVURNTu8lXYJ 8LOBbNxrnnI10VXfL4C06/fSeNC2guCgJ+hhhbNV1SGBoDAwVBFvlRiQ4srJJQWn3piD THR5yoMm58k2mEOac/jQRmEFbeT7dsugnxdnsNeGYqO4EgEMoQe1bzFXVIF5h+JZlS3Y jEdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=LAYqfj2FkPLjcQ/MY5u2etnW6g54J3tunoONuxEsl9o=; b=OifIfCJY7S6onTV+lCFWVbOLSFEytuQFycq21Ox+fjxtFw73o7FOMF9DGiYrCHe9i+ EfQoKlldBmnFkWCQNdj+2oKy4xC3cumge3g+HPeoxGG7kW6IR2OcfGshmmf9BY5h+DlZ avI+j99PITO6yeuYYsZmwJbxNu5LKeSeuBQokHsaKXRBjAak/y53hy2D6NmzTJIwmwXY cBpzN6FOQis5au56FKCLWzQhdzMOKbaYQlVyBsbxQUMIHEc/p2VnNe5pRZjB2o+PegWn tnGXzLj62yesQwY+ir5Z6USaNnnkRni+uqh20Ji/E0mMZR+PdLnheRXZ/1WZzhm4QmS8 rkCg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v22si4987128pfd.22.2018.02.05.06.16.21; Mon, 05 Feb 2018 06:16:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753206AbeBEOQS (ORCPT + 28 others); Mon, 5 Feb 2018 09:16:18 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:51108 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752933AbeBEOQE (ORCPT ); Mon, 5 Feb 2018 09:16:04 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 913C515AD; Mon, 5 Feb 2018 06:16:04 -0800 (PST) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 61FE83F53D; Mon, 5 Feb 2018 06:16:04 -0800 (PST) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id ECADC1AE37CA; Mon, 5 Feb 2018 14:16:07 +0000 (GMT) From: Will Deacon To: linux-kernel@vger.kernel.org Cc: Will Deacon , Dan Williams , Ingo Molnar Subject: [PATCH] nospec: Move array_index_nospec parameter checking into separate macro Date: Mon, 5 Feb 2018 14:16:06 +0000 Message-Id: <1517840166-15399-1-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org For architectures providing their own implementation of array_index_mask_nospec in asm/barrier.h, attempting to use WARN_ONCE to complain about out-of-range parameters using WARN_ON results in a mess of mutually-dependent include files. Rather than unpick the dependencies, simply have the core code in nospec.h perform the checking for us. Cc: Dan Williams Cc: Ingo Molnar Signed-off-by: Will Deacon --- include/linux/nospec.h | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) -- 2.1.4 Reviewed-by: Dan Williams diff --git a/include/linux/nospec.h b/include/linux/nospec.h index b99bced39ac2..fbc98e2c8228 100644 --- a/include/linux/nospec.h +++ b/include/linux/nospec.h @@ -20,20 +20,6 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, unsigned long size) { /* - * Warn developers about inappropriate array_index_nospec() usage. - * - * Even if the CPU speculates past the WARN_ONCE branch, the - * sign bit of @index is taken into account when generating the - * mask. - * - * This warning is compiled out when the compiler can infer that - * @index and @size are less than LONG_MAX. - */ - if (WARN_ONCE(index > LONG_MAX || size > LONG_MAX, - "array_index_nospec() limited to range of [0, LONG_MAX]\n")) - return 0; - - /* * Always calculate and emit the mask even if the compiler * thinks the mask is not needed. The compiler does not take * into account the value of @index under speculation. @@ -44,6 +30,26 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, #endif /* + * Warn developers about inappropriate array_index_nospec() usage. + * + * Even if the CPU speculates past the WARN_ONCE branch, the + * sign bit of @index is taken into account when generating the + * mask. + * + * This warning is compiled out when the compiler can infer that + * @index and @size are less than LONG_MAX. + */ +#define array_index_mask_nospec_check(index, size) \ +({ \ + if (WARN_ONCE(index > LONG_MAX || size > LONG_MAX, \ + "array_index_nospec() limited to range of [0, LONG_MAX]\n")) \ + _mask = 0; \ + else \ + _mask = array_index_mask_nospec(index, size); \ + _mask; \ +}) + +/* * array_index_nospec - sanitize an array index after a bounds check * * For a code sequence like: @@ -61,7 +67,7 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, ({ \ typeof(index) _i = (index); \ typeof(size) _s = (size); \ - unsigned long _mask = array_index_mask_nospec(_i, _s); \ + unsigned long _mask = array_index_mask_nospec_check(_i, _s); \ \ BUILD_BUG_ON(sizeof(_i) > sizeof(long)); \ BUILD_BUG_ON(sizeof(_s) > sizeof(long)); \