diff options
| author | David Mosberger <davidm@hpl.hp.com> | 2001-02-21 21:50:16 +0000 |
|---|---|---|
| committer | Jim Wilson <wilson@gcc.gnu.org> | 2001-02-21 13:50:16 -0800 |
| commit | 3f67ac08f30956150de56bd6fdc08420923a6d8b (patch) | |
| tree | 9d4abd9abae90c200111a7a400c61eefa4a2afde | |
| parent | e9ece3bcbc168cf102d3c7bd73c4d60b63d1d56c (diff) | |
| download | gcc-3f67ac08f30956150de56bd6fdc08420923a6d8b.zip gcc-3f67ac08f30956150de56bd6fdc08420923a6d8b.tar.gz gcc-3f67ac08f30956150de56bd6fdc08420923a6d8b.tar.bz2 | |
Refine syscall_linkage attribute semantics to fix security hole.
* config/ia64/ia64.c (ia64_epilogue_uses): For syscall_linkage
functions, drop current_function_args_info.words test.
(ia64_compute_frame_size): Mark syscall_linkage functions as
using eight input registers.
From-SVN: r39965
| -rw-r--r-- | gcc/ChangeLog | 7 | ||||
| -rw-r--r-- | gcc/config/ia64/ia64.c | 12 |
2 files changed, 16 insertions, 3 deletions
diff --git a/gcc/ChangeLog b/gcc/ChangeLog index d7a3a36..ec803b8 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,10 @@ +2001-02-21 David Mosberger <davidm@hpl.hp.com> + + * config/ia64/ia64.c (ia64_epilogue_uses): For syscall_linkage + functions, drop current_function_args_info.words test. + (ia64_compute_frame_size): Mark syscall_linkage functions as + using eight input registers. + 2001-02-21 Loren J. Rittle <ljrittle@acm.org> Bruce Korb <bkorb@gnu.org> diff --git a/gcc/config/ia64/ia64.c b/gcc/config/ia64/ia64.c index fbbec96..1a4baa0 100644 --- a/gcc/config/ia64/ia64.c +++ b/gcc/config/ia64/ia64.c @@ -1317,7 +1317,13 @@ ia64_compute_frame_size (size) break; current_frame_info.n_local_regs = regno - LOC_REG (0) + 1; - if (cfun->machine->n_varargs > 0) + /* For functions marked with the syscall_linkage attribute, we must mark + all eight input registers as in use, so that locals aren't visible to + the caller. */ + + if (cfun->machine->n_varargs > 0 + || lookup_attribute ("syscall_linkage", + TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl)))) current_frame_info.n_input_regs = 8; else { @@ -6040,10 +6046,10 @@ ia64_epilogue_uses (regno) registers are marked as live at all function exits. This prevents the register allocator from using the input registers, which in turn makes it possible to restart a system call after an interrupt without having to - save/restore the input registers. */ + save/restore the input registers. This also prevents kernel data from + leaking to application code. */ if (IN_REGNO_P (regno) - && (regno < IN_REG (current_function_args_info.words)) && lookup_attribute ("syscall_linkage", TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl)))) return 1; |