This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] BZ #15754: CVE-2013-4788 (v3)
- From: Adhemerval Zanella <azanella at linux dot vnet dot ibm dot com>
- To: "Carlos O'Donell" <carlos at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 26 Sep 2013 12:07:53 -0300
- Subject: Re: [PATCH] BZ #15754: CVE-2013-4788 (v3)
- Authentication-results: sourceware.org; auth=none
- References: <51E8EDF2 dot 40204 at redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1307191644090 dot 9428 at digraph dot polyomino dot org dot uk> <51EC3044 dot 4080509 at redhat dot com> <mvmeha5ed9r dot fsf at hawking dot suse dot de> <5202AD5B dot 40105 at redhat dot com> <523FC842 dot 7040909 at redhat dot com> <52432FA2 dot 7090306 at linux dot vnet dot ibm dot com> <52444D3E dot 1090503 at redhat dot com>
On 26-09-2013 12:05, Carlos O'Donell wrote:
> On 09/25/2013 02:46 PM, Adhemerval Zanella wrote:
>> On 23-09-2013 01:49, Carlos O'Donell wrote:
>>> diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h
>>> index 9da879c..4620f96 100644
>>> --- a/sysdeps/powerpc/powerpc64/stackguard-macros.h
>>> +++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h
>>> @@ -2,3 +2,13 @@
>>>
>>> #define STACK_CHK_GUARD \
>>> ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; })
>>> +
>>> +#define POINTER_CHK_GUARD \
>>> + ({ \
>>> + uintptr_t x; \
>>> + asm ("ld %0,%1(2)" \
>>> + : "=r" (x) \
>>> + : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \
>>> + ); \
>>> + x; \
>>> + })
>> Thanks for the patch Carlos, I pushed this obvious fix:
>>
>> diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h
>> index 4620f96..e80a683 100644
>> --- a/sysdeps/powerpc/powerpc64/stackguard-macros.h
>> +++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h
>> @@ -6,7 +6,7 @@
>> #define POINTER_CHK_GUARD \
>> ({ \
>> uintptr_t x; \
>> - asm ("ld %0,%1(2)" \
>> + asm ("ld %0,%1(13)" \
>> : "=r" (x) \
>> : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \
>> ); \
>>
> Sorry, I thought I had already fixed that, but perhaps
> this fix didn't make it into my final merged version of
> the patch. It obviously would have failed in my ppc64
> testing, so I must have failed to merge that fix.
>
> Thanks for fixing this! I assume the test passes now?
>
> Cheers,
> Carlos.
>
Yeah, they do.