Commit 62ea67e3 authored by Kees Cook's avatar Kees Cook Committed by Michael Ellerman
Browse files

powerpc/signal32: Use struct_group() to zero spe regs 



In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.

Add a struct_group() for the spe registers so that memset() can correctly reason
about the size:

   In function 'fortify_memset_chk',
       inlined from 'restore_user_regs.part.0' at arch/powerpc/kernel/signal_32.c:539:3:
   >> include/linux/fortify-string.h:195:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
     195 |    __write_overflow_field();
         |    ^~~~~~~~~~~~~~~~~~~~~~~~

Reported-by: default avatarkernel test robot <lkp@intel.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
Acked-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211118203604.1288379-1-keescook@chromium.org
parent af11dee4

arch/powerpc/include/asm/processor.h

+4 −2
Original line number Diff line number Diff line
@@ -191,8 +191,10 @@ struct thread_struct { 
	int		used_vsr;	/* set if process has used VSX */

#endif /* CONFIG_VSX */

#ifdef CONFIG_SPE

	struct_group(spe,

		unsigned long	evr[32];	/* upper 32-bits of SPE regs */

		u64		acc;		/* Accumulator */

	);

	unsigned long	spefscr;	/* SPE & eFP status */

	unsigned long	spefscr_last;	/* SPEFSCR value on last prctl

					   call or trap return */

arch/powerpc/kernel/signal_32.c

+9 −5
Original line number Diff line number Diff line
@@ -527,16 +527,20 @@ static long restore_user_regs(struct pt_regs *regs, 
	regs_set_return_msr(regs, regs->msr & ~(MSR_FP | MSR_FE0 | MSR_FE1));



#ifdef CONFIG_SPE

	/* force the process to reload the spe registers from

	   current->thread when it next does spe instructions */

	/*

	 * Force the process to reload the spe registers from

	 * current->thread when it next does spe instructions.

	 * Since this is user ABI, we must enforce the sizing.

	 */

	BUILD_BUG_ON(sizeof(current->thread.spe) != ELF_NEVRREG * sizeof(u32));

	regs_set_return_msr(regs, regs->msr & ~MSR_SPE);

	if (msr & MSR_SPE) {

		/* restore spe registers from the stack */

		unsafe_copy_from_user(current->thread.evr, &sr->mc_vregs,

				      ELF_NEVRREG * sizeof(u32), failed);

		unsafe_copy_from_user(&current->thread.spe, &sr->mc_vregs,

				      sizeof(current->thread.spe), failed);

		current->thread.used_spe = true;

	} else if (current->thread.used_spe)

		memset(current->thread.evr, 0, ELF_NEVRREG * sizeof(u32));

		memset(&current->thread.spe, 0, sizeof(current->thread.spe));



	/* Always get SPEFSCR back */

	unsafe_get_user(current->thread.spefscr, (u32 __user *)&sr->mc_vregs + ELF_NEVRREG, failed);