From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [patch 13/22] x86: dont allow tail-calls in sys_ftruncate()
Date: Thu, 20 Apr 2006 21:39:13 -0700 [thread overview]
Message-ID: <20060421043913.GN12846@kroah.com> (raw)
In-Reply-To: <20060421043706.GA12846@kroah.com>
[-- Attachment #1: x86-don-t-allow-tail-calls-in-sys_ftruncate.patch --]
[-- Type: text/plain, Size: 1669 bytes --]
From: Linus Torvalds <torvalds@osdl.org>
x86: don't allow tail-calls in sys_ftruncate[64]()
Gcc thinks it owns the incoming argument stack, but that's not true for
"asmlinkage" functions, and it corrupts the caller-set-up argument stack
when it pushes the third argument onto the stack. Which can result in
%ebx getting corrupted in user space.
Now, normally nobody sane would ever notice, since libc will save and
restore %ebx anyway over the system call, but it's still wrong.
I'd much rather have "asmlinkage" tell gcc directly that it doesn't own
the stack, but no such attribute exists, so we're stuck with our hacky
manual "prevent_tail_call()" macro once more (we've had the same issue
before with sys_waitpid() and sys_wait4()).
Thanks to Hans-Werner Hilse <hilse@sub.uni-goettingen.de> for reporting
the issue and testing the fix.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/open.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- linux-2.6.16.9.orig/fs/open.c
+++ linux-2.6.16.9/fs/open.c
@@ -330,7 +330,9 @@ out:
asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length)
{
- return do_sys_ftruncate(fd, length, 1);
+ long ret = do_sys_ftruncate(fd, length, 1);
+ prevent_tail_call(ret);
+ return ret;
}
/* LFS versions of truncate are only needed on 32 bit machines */
@@ -342,7 +344,9 @@ asmlinkage long sys_truncate64(const cha
asmlinkage long sys_ftruncate64(unsigned int fd, loff_t length)
{
- return do_sys_ftruncate(fd, length, 0);
+ long ret = do_sys_ftruncate(fd, length, 0);
+ prevent_tail_call(ret);
+ return ret;
}
#endif
--
next prev parent reply other threads:[~2006-04-21 4:46 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20060421043353.602539000@blue.kroah.org>
2006-04-21 4:37 ` [patch 00/22] 2.6.16-stable review cycle Greg KH
2006-04-21 4:37 ` [patch 01/22] 3ware: kmap_atomic() fix Greg KH
2006-04-21 4:37 ` [patch 02/22] 3ware 9000 disable local irqs during kmap_atomic Greg KH
2006-04-21 4:37 ` [patch 03/22] efficeon-agp: Add missing memory mask Greg KH
2006-04-21 4:37 ` [patch 04/22] : Fix truesize underflow Greg KH
2006-04-21 4:37 ` [patch 05/22] : Fix hotplug race during device registration Greg KH
2006-04-21 4:38 ` [patch 06/22] i2c-i801: Fix resume when PEC is used Greg KH
2006-04-21 4:38 ` [patch 07/22] MTD_NAND_SHARPSL and MTD_NAND_NANDSIM should be tristates Greg KH
2006-04-21 4:38 ` [patch 08/22] PPC: fix oops in alsa powermac driver Greg KH
2006-04-21 4:38 ` [patch 09/22] selinux: Fix MLS compatibility off-by-one bug Greg KH
2006-04-21 4:38 ` [patch 10/22] IPV6: Ensure to have hop-by-hop options in our header of &sk_buff Greg KH
2006-04-21 4:39 ` [patch 11/22] IPV6: XFRM: Dont use old copy of pointer after pskb_may_pull() Greg KH
2006-04-21 4:39 ` [patch 12/22] IPV6: XFRM: Fix decoding session with preceding extension header(s) Greg KH
2006-04-21 4:39 ` Greg KH [this message]
2006-04-21 4:39 ` [patch 18/22] Fix file lookup without ref Greg KH
2006-04-21 4:39 ` [patch 17/22] IPC: access to unmapped vmalloc area in grow_ary() Greg KH
2006-04-21 4:39 ` [patch 16/22] m41t00: fix bitmasks when writing to chip Greg KH
2006-04-21 4:39 ` [patch 15/22] Open IPMI BT overflow Greg KH
2006-04-21 4:39 ` [patch 14/22] x86: be careful about tailcall breakage for sys_opentoo Greg KH
2006-04-21 4:39 ` [patch 22/22] Add more prevent_tail_call() Greg KH
2006-04-21 4:39 ` [patch 21/22] alim15x3: ULI M-1573 south Bridge support Greg KH
2006-04-21 4:40 ` [patch 20/22] apm: fix Armada laptops again Greg KH
2006-04-21 4:40 ` [patch 19/22] fbdev: Fix return error of fb_write Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060421043913.GN12846@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@xenotime.net \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).