From: David Mosberger <davidm@hpl.hp.com>
Date: Wed, 21 Feb 2001 21:50:16 +0000 (+0000)
Subject: Refine syscall_linkage attribute semantics to fix security hole.
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=3f67ac08f30956150de56bd6fdc08420923a6d8b;p=gcc.git

Refine syscall_linkage attribute semantics to fix security hole.

	* config/ia64/ia64.c (ia64_epilogue_uses): For syscall_linkage
	functions, drop current_function_args_info.words test.
	(ia64_compute_frame_size): Mark syscall_linkage functions as
	using eight input registers.

From-SVN: r39965
---

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index d7a3a36b7e5..ec803b8f14c 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,10 @@
+2001-02-21  David Mosberger  <davidm@hpl.hp.com>
+
+	* config/ia64/ia64.c (ia64_epilogue_uses): For syscall_linkage
+	functions, drop current_function_args_info.words test.
+	(ia64_compute_frame_size): Mark syscall_linkage functions as
+	using eight input registers.
+
 2001-02-21  Loren J. Rittle  <ljrittle@acm.org>
 	Bruce Korb  <bkorb@gnu.org>
 
diff --git a/gcc/config/ia64/ia64.c b/gcc/config/ia64/ia64.c
index fbbec966b62..1a4baa02c6c 100644
--- a/gcc/config/ia64/ia64.c
+++ b/gcc/config/ia64/ia64.c
@@ -1317,7 +1317,13 @@ ia64_compute_frame_size (size)
       break;
   current_frame_info.n_local_regs = regno - LOC_REG (0) + 1;
 
-  if (cfun->machine->n_varargs > 0)
+  /* For functions marked with the syscall_linkage attribute, we must mark
+     all eight input registers as in use, so that locals aren't visible to
+     the caller.  */
+
+  if (cfun->machine->n_varargs > 0
+      || lookup_attribute ("syscall_linkage",
+			   TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl))))
     current_frame_info.n_input_regs = 8;
   else
     {
@@ -6040,10 +6046,10 @@ ia64_epilogue_uses (regno)
      registers are marked as live at all function exits.  This prevents the
      register allocator from using the input registers, which in turn makes it
      possible to restart a system call after an interrupt without having to
-     save/restore the input registers.  */
+     save/restore the input registers.  This also prevents kernel data from
+     leaking to application code.  */
 
   if (IN_REGNO_P (regno)
-      && (regno < IN_REG (current_function_args_info.words))
       && lookup_attribute ("syscall_linkage",
 			   TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl))))
     return 1;