commit: 12eddc2b90bad180095a4e8d93bc12a0002413ea Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Wed Mar 6 19:09:41 2019 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Wed Mar 6 19:09:41 2019 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=12eddc2b
proj/linux-patches: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning See bug #679430 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 + ...pc-vr-get-set-change-to-avoid-gcc-warning.patch | 115 +++++++++++++++++++++ 2 files changed, 119 insertions(+) diff --git a/0000_README b/0000_README index 047a68d..2892469 100644 --- a/0000_README +++ b/0000_README @@ -475,6 +475,10 @@ Patch: 1700_ia64_fix_ptrace.patch From: https://patchwork.kernel.org/patch/10198159/ Desc: ia64: fix ptrace(PTRACE_GETREGS) (unbreaks strace, gdb). +Patch: 1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0 +Desc: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning + Patch: 2100_bcache-data-corruption-fix-for-bi-partno.patch From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62530ed8b1d07a45dec94d46e521c0c6c2d476e6 Desc: bio: ensure __bio_clone_fast copies bi_partno. diff --git a/1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch b/1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch new file mode 100644 index 0000000..bed4b41 --- /dev/null +++ b/1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch @@ -0,0 +1,115 @@ +From ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman <m...@ellerman.id.au> +Date: Thu, 14 Feb 2019 11:08:29 +1100 +Subject: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC 8 warns about the logic in vr_get/set(), which with -Werror breaks +the build: + + In function ‘user_regset_copyin’, + inlined from ‘vr_set’ at arch/powerpc/kernel/ptrace.c:628:9: + include/linux/regset.h:295:4: error: ‘memcpy’ offset [-527, -529] is + out of the bounds [0, 16] of object ‘vrsave’ with type ‘union + <anonymous>’ [-Werror=array-bounds] + arch/powerpc/kernel/ptrace.c: In function ‘vr_set’: + arch/powerpc/kernel/ptrace.c:623:5: note: ‘vrsave’ declared here + } vrsave; + +This has been identified as a regression in GCC, see GCC bug 88273. + +However we can avoid the warning and also simplify the logic and make +it more robust. + +Currently we pass -1 as end_pos to user_regset_copyout(). This says +"copy up to the end of the regset". + +The definition of the regset is: + [REGSET_VMX] = { + .core_note_type = NT_PPC_VMX, .n = 34, + .size = sizeof(vector128), .align = sizeof(vector128), + .active = vr_active, .get = vr_get, .set = vr_set + }, + +The end is calculated as (n * size), ie. 34 * sizeof(vector128). + +In vr_get/set() we pass start_pos as 33 * sizeof(vector128), meaning +we can copy up to sizeof(vector128) into/out-of vrsave. + +The on-stack vrsave is defined as: + union { + elf_vrreg_t reg; + u32 word; + } vrsave; + +And elf_vrreg_t is: + typedef __vector128 elf_vrreg_t; + +So there is no bug, but we rely on all those sizes lining up, +otherwise we would have a kernel stack exposure/overwrite on our +hands. + +Rather than relying on that we can pass an explict end_pos based on +the sizeof(vrsave). The result should be exactly the same but it's +more obviously not over-reading/writing the stack and it avoids the +compiler warning. + +Reported-by: Meelis Roos <mr...@linux.ee> +Reported-by: Mathieu Malaterre <ma...@debian.org> +Cc: sta...@vger.kernel.org +Tested-by: Mathieu Malaterre <ma...@debian.org> +Tested-by: Meelis Roos <mr...@linux.ee> +Signed-off-by: Michael Ellerman <m...@ellerman.id.au> +--- + arch/powerpc/kernel/ptrace.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c +index 7535f89e08cd..d9ac7d94656e 100644 +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -567,6 +567,7 @@ static int vr_get(struct task_struct *target, const struct user_regset *regset, + /* + * Copy out only the low-order word of vrsave. + */ ++ int start, end; + union { + elf_vrreg_t reg; + u32 word; +@@ -575,8 +576,10 @@ static int vr_get(struct task_struct *target, const struct user_regset *regset, + + vrsave.word = target->thread.vrsave; + ++ start = 33 * sizeof(vector128); ++ end = start + sizeof(vrsave); + ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &vrsave, +- 33 * sizeof(vector128), -1); ++ start, end); + } + + return ret; +@@ -614,6 +617,7 @@ static int vr_set(struct task_struct *target, const struct user_regset *regset, + /* + * We use only the first word of vrsave. + */ ++ int start, end; + union { + elf_vrreg_t reg; + u32 word; +@@ -622,8 +626,10 @@ static int vr_set(struct task_struct *target, const struct user_regset *regset, + + vrsave.word = target->thread.vrsave; + ++ start = 33 * sizeof(vector128); ++ end = start + sizeof(vrsave); + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &vrsave, +- 33 * sizeof(vector128), -1); ++ start, end); + if (!ret) + target->thread.vrsave = vrsave.word; + } +-- +cgit 1.2-0.3.lf.el7 +
