This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] BZ #15754: CVE-2013-4788 (v3)

From: "Carlos O'Donell" <carlos at redhat dot com>
To: Adhemerval Zanella <azanella at linux dot vnet dot ibm dot com>
Cc: libc-alpha at sourceware dot org
Date: Thu, 26 Sep 2013 11:05:34 -0400
Subject: Re: [PATCH] BZ #15754: CVE-2013-4788 (v3)
Authentication-results: sourceware.org; auth=none
References: <51E8EDF2 dot 40204 at redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1307191644090 dot 9428 at digraph dot polyomino dot org dot uk> <51EC3044 dot 4080509 at redhat dot com> <mvmeha5ed9r dot fsf at hawking dot suse dot de> <5202AD5B dot 40105 at redhat dot com> <523FC842 dot 7040909 at redhat dot com> <52432FA2 dot 7090306 at linux dot vnet dot ibm dot com>

On 09/25/2013 02:46 PM, Adhemerval Zanella wrote:
> On 23-09-2013 01:49, Carlos O'Donell wrote:
>> diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h
>> index 9da879c..4620f96 100644
>> --- a/sysdeps/powerpc/powerpc64/stackguard-macros.h
>> +++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h
>> @@ -2,3 +2,13 @@
>>
>>  #define STACK_CHK_GUARD \
>>    ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; })
>> +
>> +#define POINTER_CHK_GUARD \
>> +  ({												\
>> +     uintptr_t x;										\
>> +     asm ("ld %0,%1(2)"										\
>> +	  : "=r" (x)										\
>> +	  : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t))	\
>> +         );											\
>> +     x;												\
>> +   })
> 
> Thanks for the patch Carlos, I pushed this obvious fix:
> 
> diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h
> index 4620f96..e80a683 100644
> --- a/sysdeps/powerpc/powerpc64/stackguard-macros.h
> +++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h
> @@ -6,7 +6,7 @@
>  #define POINTER_CHK_GUARD \
>    ({                                                                                           \
>       uintptr_t x;                                                                              \
> -     asm ("ld %0,%1(2)"                                                                                \
> +     asm ("ld %0,%1(13)"                                                                               \
>           : "=r" (x)                                                                            \
>           : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t))     \
>           );                                                                                    \
> 

Sorry, I thought I had already fixed that, but perhaps
this fix didn't make it into my final merged version of
the patch. It obviously would have failed in my ppc64
testing, so I must have failed to merge that fix.

Thanks for fixing this! I assume the test passes now?

Cheers,
Carlos.

Follow-Ups:
- Re: [PATCH] BZ #15754: CVE-2013-4788 (v3)
  - From: Adhemerval Zanella

References:
- [PATCH] BZ #15754: CVE-2013-4788 (v3)
  - From: Carlos O'Donell
- Re: [PATCH] BZ #15754: CVE-2013-4788 (v3)
  - From: Adhemerval Zanella

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]