Re: [PATCH] powerpc/signal32: Use struct_group() to zero spe regs

From: Michael Ellerman
Date: Mon Nov 22 2021 - 00:43:47 EST

LEROY Christophe <christophe.leroy@xxxxxxxxxx> writes:
> Le 18/11/2021 à 21:36, Kees Cook a écrit :
>> In preparation for FORTIFY_SOURCE performing compile-time and run-time
>> field bounds checking for memset(), avoid intentionally writing across
>> neighboring fields.
>> Add a struct_group() for the spe registers so that memset() can correctly reason
>> about the size:
>> In function 'fortify_memset_chk',
>> inlined from 'restore_user_regs.part.0' at arch/powerpc/kernel/signal_32.c:539:3:
>> >> include/linux/fortify-string.h:195:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
>> 195 | __write_overflow_field();
>> | ^~~~~~~~~~~~~~~~~~~~~~~~
>> Reported-by: kernel test robot <lkp@xxxxxxxxx>
>> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Reviewed-by: Christophe Leroy <christophe.leroy@xxxxxxxxxx>

Acked-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>

> However, is it really worth adding that grouping ? Wouldn't it be
> cleaner to handle evr[] and acc separately ? Now that we are using
> unsafe variants of get/put user performance wouldn't be impacted.

Yeah I agree we should be able to do less of these multi-field copies
now that we have unsafe get/put user.

But I think that's an issue for another patch, Kees' patch is an
improvement, even if the code could be improved further in future.

Though TBH I'm not sure what the future of SPE support is. Both GCC and
glibc have dropped support for it, more than 2 years ago, so it's not
clear to me if we should continue to support it in the kernel much