Bugzilla – Attachment 28648 Details for
Bug 65236
VUL-0: kernel: ia64 ptrace local crash
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
CAN-2005-0136_ia64-kernel.diff
CAN-2005-0136_ia64-kernel.diff (text/plain), 3.62 KB, created by
Thomas Biege
on 2005-02-21 15:15:05 UTC
(
hide
)
Description:
CAN-2005-0136_ia64-kernel.diff
Filename:
MIME Type:
Creator:
Thomas Biege
Created:
2005-02-21 15:15:05 UTC
Size:
3.62 KB
patch
obsolete
> >=========================================================================== >linux/arch/ia64/kernel/entry.S >=========================================================================== > >--- a/linux/arch/ia64/kernel/entry.S 2005-02-18 17:14:30 +11:00 >+++ b/linux/arch/ia64/kernel/entry.S 2005-02-17 18:55:35 +11:00 >@@ -46,8 +46,11 @@ > * setup a null register window frame. > */ > ENTRY(ia64_execve) >- .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(3) >- alloc loc1=ar.pfs,3,2,4,0 >+ /* >+ * Allocate 8 input registers since ptrace() may clobber them >+ */ >+ .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(8) >+ alloc loc1=ar.pfs,8,2,4,0 > mov loc0=rp > .body > mov out0=in0 // filename >@@ -93,8 +96,11 @@ > * u64 tls) > */ > GLOBAL_ENTRY(sys_clone2) >- .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(2) >- alloc r16=ar.pfs,6,2,6,0 >+ /* >+ * Allocate 8 input registers since ptrace() may clobber them >+ */ >+ .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(8) >+ alloc r16=ar.pfs,8,2,6,0 > DO_SAVE_SWITCH_STACK > adds r2=PT(R16)+IA64_SWITCH_STACK_SIZE+16,sp > mov loc0=rp >@@ -122,8 +128,11 @@ > * Deprecated. Use sys_clone2() instead. > */ > GLOBAL_ENTRY(sys_clone) >- .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(2) >- alloc r16=ar.pfs,4,2,5,0 >+ /* >+ * Allocate 8 input registers since ptrace() may clobber them >+ */ >+ .prologue ASM_UNW_PRLG_RP|ASM_UNW_PRLG_PFS, ASM_UNW_PRLG_GRSAVE(8) >+ alloc r16=ar.pfs,8,2,5,0 > DO_SAVE_SWITCH_STACK > adds r2=PT(R16)+IA64_SWITCH_STACK_SIZE+16,sp > mov loc0=rp >@@ -917,7 +926,10 @@ > > ENTRY(sys_rt_sigreturn) > PT_REGS_UNWIND_INFO(0) >- alloc r2=ar.pfs,0,0,1,0 >+ /* >+ * Allocate 8 input registers since ptrace() may clobber them >+ */ >+ alloc r2=ar.pfs,8,0,1,0 > .prologue > PT_REGS_SAVES(16) > adds sp=-16,sp > >=========================================================================== >linux/arch/ia64/kernel/ivt.S >=========================================================================== > >--- a/linux/arch/ia64/kernel/ivt.S 2005-02-18 17:14:30 +11:00 >+++ b/linux/arch/ia64/kernel/ivt.S 2005-02-18 16:20:35 +11:00 >@@ -651,6 +651,12 @@ > SAVE_REST > br.call.sptk.many rp=demine_args // clear NaT bits in (potential) syscall args > >+# demine_args exits with r2 containing the frame marker when the syscall was issued. >+ and r18=0x7f,r2 // get sof of issuer's cfm >+ extr.u r17=r2,7,7 // get sol of issuer's cfm >+ ;; >+ add r17=8,r17 // sol + 8 >+ > mov r3=255 > adds r15=-1024,r15 // r15 contains the syscall number---subtract 1024 > adds r2=IA64_TASK_PTRACE_OFFSET,r13 // r2 = ¤t->ptrace >@@ -658,6 +664,8 @@ > cmp.geu p6,p7=r3,r15 // (syscall > 0 && syscall <= 1024+255) ? > movl r16=sys_call_table > ;; >+(p6) cmp.lt p7,p6=r17,r18 // frame size can't be more than local+8 >+ ;; > (p6) shladd r16=r15,3,r16 > movl r15=ia64_ret_from_syscall > (p7) adds r16=(__NR_ni_syscall-1024)*8,r16 // force __NR_ni_syscall >@@ -695,6 +703,8 @@ > // NOT REACHED > END(break_fault) > >+# Ensure that the syscall arguments plus r15 (syscall number) are valid. >+# Exit with r2 containing the frame size when the syscall was issued. > ENTRY(demine_args) > alloc r2=ar.pfs,8,0,0,0 > tnat.nz p8,p0=in0 > >=========================================================================== >linux/arch/ia64/kernel/process.c >=========================================================================== > >--- a/linux/arch/ia64/kernel/process.c 2005-02-18 17:14:30 +11:00 >+++ b/linux/arch/ia64/kernel/process.c 2005-02-18 16:28:12 +11:00 >@@ -496,7 +496,7 @@ > return 1; /* f0-f31 are always valid so we always return 1 */ > } > >-asmlinkage long >+long > sys_execve (char *filename, char **argv, char **envp, struct pt_regs *regs) > { > int error; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=28648">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 65236
:
28493
| 28648 |
31803
|
32130
|
32962
|
32963
|
37157