From: Max Filippov <jcmvbkbc@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] package/binutils: fix crash caused by buggy xtensa overlay
Date: Wed, 2 Aug 2017 11:40:20 -0700 [thread overview]
Message-ID: <1501699220-3055-1-git-send-email-jcmvbkbc@gmail.com> (raw)
In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
...a-fix-memory-corruption-by-broken-sysregs.patch | 42 ++++++++++++++++++++++
...a-fix-memory-corruption-by-broken-sysregs.patch | 42 ++++++++++++++++++++++
...a-fix-memory-corruption-by-broken-sysregs.patch | 42 ++++++++++++++++++++++
3 files changed, 126 insertions(+)
create mode 100644 package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
create mode 100644 package/binutils/2.28.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
create mode 100644 package/binutils/2.29/0008-xtensa-fix-memory-corruption-by-broken-sysregs.patch
diff --git a/package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch b/package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
new file mode 100644
index 000000000000..30103ee05eca
--- /dev/null
+++ b/package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
+
+ * xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+ entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+ xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+ is_user = sreg->is_user;
+
+- isa->sysreg_table[is_user][sreg->number] = n;
++ if (sreg->number >= 0)
++ isa->sysreg_table[is_user][sreg->number] = n;
+ }
+
+ /* Set up the interface lookup table. */
+--
+2.1.4
+
diff --git a/package/binutils/2.28.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch b/package/binutils/2.28.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
new file mode 100644
index 000000000000..30103ee05eca
--- /dev/null
+++ b/package/binutils/2.28.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
+
+ * xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+ entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+ xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+ is_user = sreg->is_user;
+
+- isa->sysreg_table[is_user][sreg->number] = n;
++ if (sreg->number >= 0)
++ isa->sysreg_table[is_user][sreg->number] = n;
+ }
+
+ /* Set up the interface lookup table. */
+--
+2.1.4
+
diff --git a/package/binutils/2.29/0008-xtensa-fix-memory-corruption-by-broken-sysregs.patch b/package/binutils/2.29/0008-xtensa-fix-memory-corruption-by-broken-sysregs.patch
new file mode 100644
index 000000000000..30103ee05eca
--- /dev/null
+++ b/package/binutils/2.29/0008-xtensa-fix-memory-corruption-by-broken-sysregs.patch
@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02 Max Filippov <jcmvbkbc@gmail.com>
+
+ * xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+ entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+ xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+ is_user = sreg->is_user;
+
+- isa->sysreg_table[is_user][sreg->number] = n;
++ if (sreg->number >= 0)
++ isa->sysreg_table[is_user][sreg->number] = n;
+ }
+
+ /* Set up the interface lookup table. */
+--
+2.1.4
+
--
2.1.4
next reply other threads:[~2017-08-02 18:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-02 18:40 Max Filippov [this message]
2017-08-02 19:42 ` [Buildroot] [PATCH] package/binutils: fix crash caused by buggy xtensa overlay Thomas Petazzoni
2017-09-05 21:04 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1501699220-3055-1-git-send-email-jcmvbkbc@gmail.com \
--to=jcmvbkbc@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox