diff options
| author |   Mike Pagano <mpagano@gentoo.org> | 2019-03-06 14:12:06 -0500 |
|---|---|---|
| committer | Mike Pagano <mpagano@gentoo.org> | 2019-03-06 14:12:06 -0500 |
| commit | 17d0253626e1c0cd444c02a9e5a33b39241177a5 (patch) | |
| tree | 8e8d2c839cf9b3f5688ebca00273391c1ad56b2a | |
| parent | proj/linux-patches: Linux patch 4.9.162 (diff) | |
| download | linux-patches-17d0253626e1c0cd444c02a9e5a33b39241177a5.tar.gz linux-patches-17d0253626e1c0cd444c02a9e5a33b39241177a5.tar.bz2 linux-patches-17d0253626e1c0cd444c02a9e5a33b39241177a5.zip | |
proj/linux-patches: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning4.9-165
See bug #679430
Signed-off-by: Mike Pagano <mpagano@gentoo.org>
| -rw-r--r-- | 0000_README | 4 | ||||
| -rw-r--r-- | 1700_ppc-vr-get-set-change-to-avoid-gcc-warning.patch | 115 |
2 files changed, 119 insertions, 0 deletions
diff --git a/0000_README b/0000_README index b012cfea..44fb51ae 100644 --- a/0000_README +++ b/0000_README @@ -703,6 +703,10 @@ Patch: 1520_security-apparmor-Use-POSIX-compatible-printf.patch From: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/patch/security/apparmor?id=651e54953b5d4ad103f0efa54fc6b380807fca3a Desc: security/apparmor: Use POSIX-compatible "printf '%s'". See bug #622552 +Patch: 1700_ppc-vr-get-set-change-to-avoid-gcc-warning.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0 +Desc: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning + Patch: 1701_ia64_fix_ptrace.patch From: https://patchwork.kernel.org/patch/10198159/ Desc: ia64: fix ptrace(PTRACE_GETREGS) (unbreaks strace, gdb). diff --git a/1700_ppc-vr-get-set-change-to-avoid-gcc-warning.patch b/1700_ppc-vr-get-set-change-to-avoid-gcc-warning.patch new file mode 100644 index 00000000..bed4b416 --- /dev/null +++ b/1700_ppc-vr-get-set-change-to-avoid-gcc-warning.patch @@ -0,0 +1,115 @@ +From ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman <mpe@ellerman.id.au> +Date: Thu, 14 Feb 2019 11:08:29 +1100 +Subject: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC 8 warns about the logic in vr_get/set(), which with -Werror breaks +the build: + + In function ‘user_regset_copyin’, + inlined from ‘vr_set’ at arch/powerpc/kernel/ptrace.c:628:9: + include/linux/regset.h:295:4: error: ‘memcpy’ offset [-527, -529] is + out of the bounds [0, 16] of object ‘vrsave’ with type ‘union + <anonymous>’ [-Werror=array-bounds] + arch/powerpc/kernel/ptrace.c: In function ‘vr_set’: + arch/powerpc/kernel/ptrace.c:623:5: note: ‘vrsave’ declared here + } vrsave; + +This has been identified as a regression in GCC, see GCC bug 88273. + +However we can avoid the warning and also simplify the logic and make +it more robust. + +Currently we pass -1 as end_pos to user_regset_copyout(). This says +"copy up to the end of the regset". + +The definition of the regset is: + [REGSET_VMX] = { + .core_note_type = NT_PPC_VMX, .n = 34, + .size = sizeof(vector128), .align = sizeof(vector128), + .active = vr_active, .get = vr_get, .set = vr_set + }, + +The end is calculated as (n * size), ie. 34 * sizeof(vector128). + +In vr_get/set() we pass start_pos as 33 * sizeof(vector128), meaning +we can copy up to sizeof(vector128) into/out-of vrsave. + +The on-stack vrsave is defined as: + union { + elf_vrreg_t reg; + u32 word; + } vrsave; + +And elf_vrreg_t is: + typedef __vector128 elf_vrreg_t; + +So there is no bug, but we rely on all those sizes lining up, +otherwise we would have a kernel stack exposure/overwrite on our +hands. + +Rather than relying on that we can pass an explict end_pos based on +the sizeof(vrsave). The result should be exactly the same but it's +more obviously not over-reading/writing the stack and it avoids the +compiler warning. + +Reported-by: Meelis Roos <mroos@linux.ee> +Reported-by: Mathieu Malaterre <malat@debian.org> +Cc: stable@vger.kernel.org +Tested-by: Mathieu Malaterre <malat@debian.org> +Tested-by: Meelis Roos <mroos@linux.ee> +Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> +--- + arch/powerpc/kernel/ptrace.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c +index 7535f89e08cd..d9ac7d94656e 100644 +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -567,6 +567,7 @@ static int vr_get(struct task_struct *target, const struct user_regset *regset, + /* + * Copy out only the low-order word of vrsave. + */ ++ int start, end; + union { + elf_vrreg_t reg; + u32 word; +@@ -575,8 +576,10 @@ static int vr_get(struct task_struct *target, const struct user_regset *regset, + + vrsave.word = target->thread.vrsave; + ++ start = 33 * sizeof(vector128); ++ end = start + sizeof(vrsave); + ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &vrsave, +- 33 * sizeof(vector128), -1); ++ start, end); + } + + return ret; +@@ -614,6 +617,7 @@ static int vr_set(struct task_struct *target, const struct user_regset *regset, + /* + * We use only the first word of vrsave. + */ ++ int start, end; + union { + elf_vrreg_t reg; + u32 word; +@@ -622,8 +626,10 @@ static int vr_set(struct task_struct *target, const struct user_regset *regset, + + vrsave.word = target->thread.vrsave; + ++ start = 33 * sizeof(vector128); ++ end = start + sizeof(vrsave); + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &vrsave, +- 33 * sizeof(vector128), -1); ++ start, end); + if (!ret) + target->thread.vrsave = vrsave.word; + } +-- +cgit 1.2-0.3.lf.el7 + |