mirror of
git://gcc.gnu.org/git/gcc.git
synced 2024-12-30 10:24:52 +08:00
Refine syscall_linkage attribute semantics to fix security hole.
* config/ia64/ia64.c (ia64_epilogue_uses): For syscall_linkage functions, drop current_function_args_info.words test. (ia64_compute_frame_size): Mark syscall_linkage functions as using eight input registers. From-SVN: r39965
This commit is contained in:
parent
e9ece3bcbc
commit
3f67ac08f3
@ -1,3 +1,10 @@
|
||||
2001-02-21 David Mosberger <davidm@hpl.hp.com>
|
||||
|
||||
* config/ia64/ia64.c (ia64_epilogue_uses): For syscall_linkage
|
||||
functions, drop current_function_args_info.words test.
|
||||
(ia64_compute_frame_size): Mark syscall_linkage functions as
|
||||
using eight input registers.
|
||||
|
||||
2001-02-21 Loren J. Rittle <ljrittle@acm.org>
|
||||
Bruce Korb <bkorb@gnu.org>
|
||||
|
||||
|
@ -1317,7 +1317,13 @@ ia64_compute_frame_size (size)
|
||||
break;
|
||||
current_frame_info.n_local_regs = regno - LOC_REG (0) + 1;
|
||||
|
||||
if (cfun->machine->n_varargs > 0)
|
||||
/* For functions marked with the syscall_linkage attribute, we must mark
|
||||
all eight input registers as in use, so that locals aren't visible to
|
||||
the caller. */
|
||||
|
||||
if (cfun->machine->n_varargs > 0
|
||||
|| lookup_attribute ("syscall_linkage",
|
||||
TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl))))
|
||||
current_frame_info.n_input_regs = 8;
|
||||
else
|
||||
{
|
||||
@ -6040,10 +6046,10 @@ ia64_epilogue_uses (regno)
|
||||
registers are marked as live at all function exits. This prevents the
|
||||
register allocator from using the input registers, which in turn makes it
|
||||
possible to restart a system call after an interrupt without having to
|
||||
save/restore the input registers. */
|
||||
save/restore the input registers. This also prevents kernel data from
|
||||
leaking to application code. */
|
||||
|
||||
if (IN_REGNO_P (regno)
|
||||
&& (regno < IN_REG (current_function_args_info.words))
|
||||
&& lookup_attribute ("syscall_linkage",
|
||||
TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl))))
|
||||
return 1;
|
||||
|
Loading…
Reference in New Issue
Block a user