diff options
| author | Daniel Axtens <[email protected]> | 2017-07-12 14:36:07 -0700 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2017-07-12 16:26:03 -0700 |
| commit | c69a48cdb301a18697bc8c9935baf4f32861cf9e (patch) | |
| tree | 3d680cd46b81c0af90221efe13517e011e8b61d8 /drivers/gpu/drm/amd/amdgpu/amdgpu_queue_mgr.c | |
| parent | 054f367a32381b5640c5d150fe0b7ba285564998 (diff) | |
powerpc: make feature-fixup tests fortify-safe
Testing the fortified string functions[1] would cause a kernel panic on
boot in test_feature_fixups() due to a buffer overflow in memcmp.
This boils down to things like this:
extern unsigned int ftr_fixup_test1;
extern unsigned int ftr_fixup_test1_orig;
check(memcmp(&ftr_fixup_test1, &ftr_fixup_test1_orig, size) == 0);
We know that these are asm labels so it is safe to read up to 'size'
bytes at those addresses.
However, because we have passed the address of a single unsigned int to
memcmp, the compiler believes the underlying object is in fact a single
unsigned int. So if size > sizeof(unsigned int), there will be a panic
at runtime.
We can fix this by changing the types: instead of calling the asm labels
unsigned ints, call them unsigned int[]s. Therefore the size isn't
incorrectly determined at compile time and we get a regular unsafe
memcmp and no panic.
[1] http://openwall.com/lists/kernel-hardening/2017/05/09/2
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Daniel Axtens <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Suggested-by: Michael Ellerman <[email protected]>
Tested-by: Andrew Donnellan <[email protected]>
Reviewed-by: Andrew Donnellan <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Daniel Micay <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_queue_mgr.c')
0 files changed, 0 insertions, 0 deletions