This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

IA-64 patch for syscall_linkage


This adjusts the semantics of the syscall_linkage attribute to fix a kernel
security leak.  This was tested with an ia64-linux kernel build.  This
patch was added to both the mainline and gcc-3 branch.

2001-02-21  David Mosberger  <davidm@hpl.hp.com>

	* config/ia64/ia64.c (ia64_epilogue_uses): For syscall_linkage
	functions, drop current_function_args_info.words test.
	(ia64_compute_frame_size): Mark syscall_linkage functions as
	using eight input registers.

Index: ia64.c
===================================================================
RCS file: /cvs/gcc/gcc/gcc/config/ia64/ia64.c,v
retrieving revision 1.74
diff -p -r1.74 ia64.c
*** ia64.c	2001/02/16 19:33:52	1.74
--- ia64.c	2001/02/21 21:35:00
*************** ia64_compute_frame_size (size)
*** 1317,1323 ****
        break;
    current_frame_info.n_local_regs = regno - LOC_REG (0) + 1;
  
!   if (cfun->machine->n_varargs > 0)
      current_frame_info.n_input_regs = 8;
    else
      {
--- 1317,1329 ----
        break;
    current_frame_info.n_local_regs = regno - LOC_REG (0) + 1;
  
!   /* For functions marked with the syscall_linkage attribute, we must mark
!      all eight input registers as in use, so that locals aren't visible to
!      the caller.  */
! 
!   if (cfun->machine->n_varargs > 0
!       || lookup_attribute ("syscall_linkage",
! 			   TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl))))
      current_frame_info.n_input_regs = 8;
    else
      {
*************** ia64_epilogue_uses (regno)
*** 6040,6049 ****
       registers are marked as live at all function exits.  This prevents the
       register allocator from using the input registers, which in turn makes it
       possible to restart a system call after an interrupt without having to
!      save/restore the input registers.  */
  
    if (IN_REGNO_P (regno)
-       && (regno < IN_REG (current_function_args_info.words))
        && lookup_attribute ("syscall_linkage",
  			   TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl))))
      return 1;
--- 6046,6055 ----
       registers are marked as live at all function exits.  This prevents the
       register allocator from using the input registers, which in turn makes it
       possible to restart a system call after an interrupt without having to
!      save/restore the input registers.  This also prevents kernel data from
!      leaking to application code.  */
  
    if (IN_REGNO_P (regno)
        && lookup_attribute ("syscall_linkage",
  			   TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl))))
      return 1;


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]