[gentoo-commits] proj/linux-patches:4.14 commit in: / - gentoo-commits

From:	Mike Pagano <mpagano@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/linux-patches:4.14 commit in: /
Date:	Wed, 06 Mar 2019 19:10:02
Message-Id:	`1551899381.12eddc2b90bad180095a4e8d93bc12a0002413ea.mpagano@gentoo`

1

commit:     12eddc2b90bad180095a4e8d93bc12a0002413ea

2

Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>

3

AuthorDate: Wed Mar  6 19:09:41 2019 +0000

4

Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>

5

CommitDate: Wed Mar  6 19:09:41 2019 +0000

6

URL:        https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=12eddc2b

7

8

proj/linux-patches: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning

9

10

See bug #679430

11

12

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

13

14

 0000_README                                        |   4 +

15

 ...pc-vr-get-set-change-to-avoid-gcc-warning.patch | 115 +++++++++++++++++++++

16

 2 files changed, 119 insertions(+)

17

18

diff --git a/0000_README b/0000_README

19

index 047a68d..2892469 100644

20

--- a/0000_README

21

+++ b/0000_README

22

@@ -475,6 +475,10 @@ Patch:  1700_ia64_fix_ptrace.patch

23

 From:   https://patchwork.kernel.org/patch/10198159/

24

 Desc:   ia64: fix ptrace(PTRACE_GETREGS) (unbreaks strace, gdb).

25

26

+Patch:  1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch

27

+From:   https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0

28

+Desc:   powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning

29

+

30

 Patch: 	2100_bcache-data-corruption-fix-for-bi-partno.patch

31

 From:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62530ed8b1d07a45dec94d46e521c0c6c2d476e6

32

 Desc:   bio: ensure __bio_clone_fast copies bi_partno. 

33

34

diff --git a/1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch b/1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch

35

new file mode 100644

36

index 0000000..bed4b41

37

--- /dev/null

38

+++ b/1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch

39

@@ -0,0 +1,115 @@

40

+From ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0 Mon Sep 17 00:00:00 2001

41

+From: Michael Ellerman <mpe@×××××××××××.au>

42

+Date: Thu, 14 Feb 2019 11:08:29 +1100

43

+Subject: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning

44

+MIME-Version: 1.0

45

+Content-Type: text/plain; charset=UTF-8

46

+Content-Transfer-Encoding: 8bit

47

+

48

+GCC 8 warns about the logic in vr_get/set(), which with -Werror breaks

49

+the build:

50

+

51

+  In function ‘user_regset_copyin’,

52

+      inlined from ‘vr_set’ at arch/powerpc/kernel/ptrace.c:628:9:

53

+  include/linux/regset.h:295:4: error: ‘memcpy’ offset [-527, -529] is

54

+  out of the bounds [0, 16] of object ‘vrsave’ with type ‘union

55

+  <anonymous>’ [-Werror=array-bounds]

56

+  arch/powerpc/kernel/ptrace.c: In function ‘vr_set’:

57

+  arch/powerpc/kernel/ptrace.c:623:5: note: ‘vrsave’ declared here

58

+     } vrsave;

59

+

60

+This has been identified as a regression in GCC, see GCC bug 88273.

61

+

62

+However we can avoid the warning and also simplify the logic and make

63

+it more robust.

64

+

65

+Currently we pass -1 as end_pos to user_regset_copyout(). This says

66

+"copy up to the end of the regset".

67

+

68

+The definition of the regset is:

69

+	[REGSET_VMX] = {

70

+		.core_note_type = NT_PPC_VMX, .n = 34,

71

+		.size = sizeof(vector128), .align = sizeof(vector128),

72

+		.active = vr_active, .get = vr_get, .set = vr_set

73

+	},

74

+

75

+The end is calculated as (n * size), ie. 34 * sizeof(vector128).

76

+

77

+In vr_get/set() we pass start_pos as 33 * sizeof(vector128), meaning

78

+we can copy up to sizeof(vector128) into/out-of vrsave.

79

+

80

+The on-stack vrsave is defined as:

81

+  union {

82

+	  elf_vrreg_t reg;

83

+	  u32 word;

84

+  } vrsave;

85

+

86

+And elf_vrreg_t is:

87

+  typedef __vector128 elf_vrreg_t;

88

+

89

+So there is no bug, but we rely on all those sizes lining up,

90

+otherwise we would have a kernel stack exposure/overwrite on our

91

+hands.

92

+

93

+Rather than relying on that we can pass an explict end_pos based on

94

+the sizeof(vrsave). The result should be exactly the same but it's

95

+more obviously not over-reading/writing the stack and it avoids the

96

+compiler warning.

97

+

98

+Reported-by: Meelis Roos <mroos@×××××.ee>

99

+Reported-by: Mathieu Malaterre <malat@××××××.org>

100

+Cc: stable@×××××××××××.org

101

+Tested-by: Mathieu Malaterre <malat@××××××.org>

102

+Tested-by: Meelis Roos <mroos@×××××.ee>

103

+Signed-off-by: Michael Ellerman <mpe@×××××××××××.au>

104

+---

105

+ arch/powerpc/kernel/ptrace.c | 10 ++++++++--

106

+ 1 file changed, 8 insertions(+), 2 deletions(-)

107

+

108

+diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c

109

+index 7535f89e08cd..d9ac7d94656e 100644

110

+--- a/arch/powerpc/kernel/ptrace.c

111

++++ b/arch/powerpc/kernel/ptrace.c

112

+@@ -567,6 +567,7 @@ static int vr_get(struct task_struct *target, const struct user_regset *regset,

113

+ 		/*

114

+ 		 * Copy out only the low-order word of vrsave.

115

+ 		 */

116

++		int start, end;

117

+ 		union {

118

+ 			elf_vrreg_t reg;

119

+ 			u32 word;

120

+@@ -575,8 +576,10 @@ static int vr_get(struct task_struct *target, const struct user_regset *regset,

121

+

122

+ 		vrsave.word = target->thread.vrsave;

123

+

124

++		start = 33 * sizeof(vector128);

125

++		end = start + sizeof(vrsave);

126

+ 		ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &vrsave,

127

+-					  33 * sizeof(vector128), -1);

128

++					  start, end);

129

+ 	}

130

+

131

+ 	return ret;

132

+@@ -614,6 +617,7 @@ static int vr_set(struct task_struct *target, const struct user_regset *regset,

133

+ 		/*

134

+ 		 * We use only the first word of vrsave.

135

+ 		 */

136

++		int start, end;

137

+ 		union {

138

+ 			elf_vrreg_t reg;

139

+ 			u32 word;

140

+@@ -622,8 +626,10 @@ static int vr_set(struct task_struct *target, const struct user_regset *regset,

141

+

142

+ 		vrsave.word = target->thread.vrsave;

143

+

144

++		start = 33 * sizeof(vector128);

145

++		end = start + sizeof(vrsave);

146

+ 		ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &vrsave,

147

+-					 33 * sizeof(vector128), -1);

148

++					 start, end);

149

+ 		if (!ret)

150

+ 			target->thread.vrsave = vrsave.word;

151

+ 	}

152

+--

153

+cgit 1.2-0.3.lf.el7

154

+

1	commit: 12eddc2b90bad180095a4e8d93bc12a0002413ea
2	Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3	AuthorDate: Wed Mar 6 19:09:41 2019 +0000
4	Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5	CommitDate: Wed Mar 6 19:09:41 2019 +0000
6	URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=12eddc2b
7
8	proj/linux-patches: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
9
10	See bug #679430
11
12	Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
13
14	0000_README \| 4 +
15	...pc-vr-get-set-change-to-avoid-gcc-warning.patch \| 115 +++++++++++++++++++++
16	2 files changed, 119 insertions(+)
17
18	diff --git a/0000_README b/0000_README
19	index 047a68d..2892469 100644
20	--- a/0000_README
21	+++ b/0000_README
22	@@ -475,6 +475,10 @@ Patch: 1700_ia64_fix_ptrace.patch
23	From: https://patchwork.kernel.org/patch/10198159/
24	Desc: ia64: fix ptrace(PTRACE_GETREGS) (unbreaks strace, gdb).
25
26	+Patch: 1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch
27	+From: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0
28	+Desc: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
29	+
30	Patch: 2100_bcache-data-corruption-fix-for-bi-partno.patch
31	From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62530ed8b1d07a45dec94d46e521c0c6c2d476e6
32	Desc: bio: ensure __bio_clone_fast copies bi_partno.
33
34	diff --git a/1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch b/1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch
35	new file mode 100644
36	index 0000000..bed4b41
37	--- /dev/null
38	+++ b/1710_ppc-vr-get-set-change-to-avoid-gcc-warning.patch
39	@@ -0,0 +1,115 @@
40	+From ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0 Mon Sep 17 00:00:00 2001
41	+From: Michael Ellerman <mpe@×××××××××××.au>
42	+Date: Thu, 14 Feb 2019 11:08:29 +1100
43	+Subject: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
44	+MIME-Version: 1.0
45	+Content-Type: text/plain; charset=UTF-8
46	+Content-Transfer-Encoding: 8bit
47	+
48	+GCC 8 warns about the logic in vr_get/set(), which with -Werror breaks
49	+the build:
50	+
51	+ In function ‘user_regset_copyin’,
52	+ inlined from ‘vr_set’ at arch/powerpc/kernel/ptrace.c:628:9:
53	+ include/linux/regset.h:295:4: error: ‘memcpy’ offset [-527, -529] is
54	+ out of the bounds [0, 16] of object ‘vrsave’ with type ‘union
55	+ <anonymous>’ [-Werror=array-bounds]
56	+ arch/powerpc/kernel/ptrace.c: In function ‘vr_set’:
57	+ arch/powerpc/kernel/ptrace.c:623:5: note: ‘vrsave’ declared here
58	+ } vrsave;
59	+
60	+This has been identified as a regression in GCC, see GCC bug 88273.
61	+
62	+However we can avoid the warning and also simplify the logic and make
63	+it more robust.
64	+
65	+Currently we pass -1 as end_pos to user_regset_copyout(). This says
66	+"copy up to the end of the regset".
67	+
68	+The definition of the regset is:
69	+ [REGSET_VMX] = {
70	+ .core_note_type = NT_PPC_VMX, .n = 34,
71	+ .size = sizeof(vector128), .align = sizeof(vector128),
72	+ .active = vr_active, .get = vr_get, .set = vr_set
73	+ },
74	+
75	+The end is calculated as (n * size), ie. 34 * sizeof(vector128).
76	+
77	+In vr_get/set() we pass start_pos as 33 * sizeof(vector128), meaning
78	+we can copy up to sizeof(vector128) into/out-of vrsave.
79	+
80	+The on-stack vrsave is defined as:
81	+ union {
82	+ elf_vrreg_t reg;
83	+ u32 word;
84	+ } vrsave;
85	+
86	+And elf_vrreg_t is:
87	+ typedef __vector128 elf_vrreg_t;
88	+
89	+So there is no bug, but we rely on all those sizes lining up,
90	+otherwise we would have a kernel stack exposure/overwrite on our
91	+hands.
92	+
93	+Rather than relying on that we can pass an explict end_pos based on
94	+the sizeof(vrsave). The result should be exactly the same but it's
95	+more obviously not over-reading/writing the stack and it avoids the
96	+compiler warning.
97	+
98	+Reported-by: Meelis Roos <mroos@×××××.ee>
99	+Reported-by: Mathieu Malaterre <malat@××××××.org>
100	+Cc: stable@×××××××××××.org
101	+Tested-by: Mathieu Malaterre <malat@××××××.org>
102	+Tested-by: Meelis Roos <mroos@×××××.ee>
103	+Signed-off-by: Michael Ellerman <mpe@×××××××××××.au>
104	+---
105	+ arch/powerpc/kernel/ptrace.c \| 10 ++++++++--
106	+ 1 file changed, 8 insertions(+), 2 deletions(-)
107	+
108	+diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
109	+index 7535f89e08cd..d9ac7d94656e 100644
110	+--- a/arch/powerpc/kernel/ptrace.c
111	++++ b/arch/powerpc/kernel/ptrace.c
112	+@@ -567,6 +567,7 @@ static int vr_get(struct task_struct target, const struct user_regset regset,
113	+ /*
114	+ * Copy out only the low-order word of vrsave.
115	+ */
116	++ int start, end;
117	+ union {
118	+ elf_vrreg_t reg;
119	+ u32 word;
120	+@@ -575,8 +576,10 @@ static int vr_get(struct task_struct target, const struct user_regset regset,
121	+
122	+ vrsave.word = target->thread.vrsave;
123	+
124	++ start = 33 * sizeof(vector128);
125	++ end = start + sizeof(vrsave);
126	+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &vrsave,
127	+- 33 * sizeof(vector128), -1);
128	++ start, end);
129	+ }
130	+
131	+ return ret;
132	+@@ -614,6 +617,7 @@ static int vr_set(struct task_struct target, const struct user_regset regset,
133	+ /*
134	+ * We use only the first word of vrsave.
135	+ */
136	++ int start, end;
137	+ union {
138	+ elf_vrreg_t reg;
139	+ u32 word;
140	+@@ -622,8 +626,10 @@ static int vr_set(struct task_struct target, const struct user_regset regset,
141	+
142	+ vrsave.word = target->thread.vrsave;
143	+
144	++ start = 33 * sizeof(vector128);
145	++ end = start + sizeof(vrsave);
146	+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &vrsave,
147	+- 33 * sizeof(vector128), -1);
148	++ start, end);
149	+ if (!ret)
150	+ target->thread.vrsave = vrsave.word;
151	+ }
152	+--
153	+cgit 1.2-0.3.lf.el7
154	+

Gentoo Archives: gentoo-commits