From: Max Filippov <jcmvbkbc@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] package/binutils: fix crash caused by buggy xtensa overlay
Date: Wed, 2 Aug 2017 11:40:20 -0700 [thread overview]
Message-ID: <1501699220-3055-1-git-send-email-jcmvbkbc@gmail.com> (raw)
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
...a-fix-memory-corruption-by-broken-sysregs.patch | 42 ++++++++++++++++++++++
...a-fix-memory-corruption-by-broken-sysregs.patch | 42 ++++++++++++++++++++++
...a-fix-memory-corruption-by-broken-sysregs.patch | 42 ++++++++++++++++++++++
3 files changed, 126 insertions(+)
create mode 100644 package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
create mode 100644 package/binutils/2.28.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
create mode 100644 package/binutils/2.29/0008-xtensa-fix-memory-corruption-by-broken-sysregs.patch
diff --git a/package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch b/package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
new file mode 100644
index 000000000000..30103ee05eca
--- /dev/null
+++ b/package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
+
+ * xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+ entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+ xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+ is_user = sreg->is_user;
+
+- isa->sysreg_table[is_user][sreg->number] = n;
++ if (sreg->number >= 0)
++ isa->sysreg_table[is_user][sreg->number] = n;
+ }
+
+ /* Set up the interface lookup table. */
+--
+2.1.4
+
diff --git a/package/binutils/2.28.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch b/package/binutils/2.28.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
new file mode 100644
index 000000000000..30103ee05eca
--- /dev/null
+++ b/package/binutils/2.28.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
+
+ * xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+ entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+ xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+ is_user = sreg->is_user;
+
+- isa->sysreg_table[is_user][sreg->number] = n;
++ if (sreg->number >= 0)
++ isa->sysreg_table[is_user][sreg->number] = n;
+ }
+
+ /* Set up the interface lookup table. */
+--
+2.1.4
+
diff --git a/package/binutils/2.29/0008-xtensa-fix-memory-corruption-by-broken-sysregs.patch b/package/binutils/2.29/0008-xtensa-fix-memory-corruption-by-broken-sysregs.patch
new file mode 100644
index 000000000000..30103ee05eca
--- /dev/null
+++ b/package/binutils/2.29/0008-xtensa-fix-memory-corruption-by-broken-sysregs.patch
@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
+
+ * xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+ entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+ xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+ is_user = sreg->is_user;
+
+- isa->sysreg_table[is_user][sreg->number] = n;
++ if (sreg->number >= 0)
++ isa->sysreg_table[is_user][sreg->number] = n;
+ }
+
+ /* Set up the interface lookup table. */
+--
+2.1.4
+
--
2.1.4
next reply other threads:[~2017-08-02 18:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-02 18:40 Max Filippov [this message]
2017-08-02 19:42 ` [Buildroot] [PATCH] package/binutils: fix crash caused by buggy xtensa overlay Thomas Petazzoni
2017-09-05 21:04 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1501699220-3055-1-git-send-email-jcmvbkbc@gmail.com \
--to=jcmvbkbc@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.