Re: [parisc-linux] -pie is broken on hppa
On Sun, Jun 03, 2007 at 03:28:29PM -0400, Kyle McMartin wrote:
> On Sun, Jun 03, 2007 at 02:28:17PM -0400, John David Anglin wrote:
> > I believe that we aren't allowed to fault on the gateway page.
> > If we have holes in the syscall table, I think we need a check
> > for this since the following code will fault if r19 is zero:
> >
> > .Lin_syscall:
> > ldil L%syscall_exit,%r2
> > be 0(%sr7,%r19)
> > ldo R%syscall_exit(%r2),%r2
> >
>
> This is bad. Your kernel is too old, and glibc didn't take this into
> account. I'll hack something up to return -ENOSYS.
>
Er, we already have code to do this:
#ifdef CONFIG_64BIT
ldil L%sys_call_table, %r1
or,= %r2,%r2,%r2
addil L%(sys_call_table64-sys_call_table), %r1
ldo R%sys_call_table(%r1), %r19
or,= %r2,%r2,%r2
ldo R%sys_call_table64(%r1), %r19
#else
ldil L%sys_call_table, %r1
ldo R%sys_call_table(%r1), %r19
#endif
comiclr,>>= __NR_Linux_syscalls, %r20, %r0
b,n .Lsyscall_nosys
[...]
The bug is that comiclr, the logic is messed.
If __NR_Linux_syscalls is greater than or equal to the syscall number,
nullify the next instruction (skip the branch) and process the syscall.
The problem with this is that when they are equal, it means we're
off-by-one past the end of the syscall table.
comiclr,>>= should be comiclr,>>
This has been broken for a very long time. :/
Cheers,
Kyle
Reply to: