| Revision | e43de1caaa32af8fbdc9714413c6d74476537275 (tree) |
|---|---|
| Zeit | 2006-10-03 05:07:05 |
| Autor | PaX Team <pageexec@free...> |
| Commiter | Willy Tarreau |
[PATCH] MIPS: fix long long cast in pte macro
From PaX Team :
the current idiom used for initializing a structure of two unsigned longs
from unsigned long long is wrong, it effectively loses the upper 32 bits
which in this particular case could turn a non-executable PTE into an
executable one on NX capable i386 (i.e., it's a potential security bug).
fortunately the in-tree users in 2.4 (drivers/char/drm-4.0/ffb_drv.c
and arch/mips/baget/baget.c) are not affected.
From Ralf Baechle :
I need a slight change to get this to build without warning for MIPS.
The argument passed to pte() might be just a 32-bit int, so >> 32 will
upset gcc big time. I believe the same problem exists for i386, so
here's the patch with the necessary cast for both architectures.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
include/asm-mips/page.h (diff)| @@ -77,13 +77,16 @@ static inline void copy_user_page(void * to, void * from, unsigned long vaddr) | ||
| 77 | 77 | #ifdef CONFIG_CPU_MIPS32 |
| 78 | 78 | typedef struct { unsigned long pte_low, pte_high; } pte_t; |
| 79 | 79 | #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) |
| 80 | + #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; }) | |
| 80 | 81 | #else |
| 81 | 82 | typedef struct { unsigned long long pte_low; } pte_t; |
| 82 | 83 | #define pte_val(x) ((x).pte_low) |
| 84 | + #define __pte(x) ((pte_t) { (x) } ) | |
| 83 | 85 | #endif |
| 84 | 86 | #else |
| 85 | 87 | typedef struct { unsigned long pte_low; } pte_t; |
| 86 | 88 | #define pte_val(x) ((x).pte_low) |
| 89 | +#define __pte(x) ((pte_t) { (x) } ) | |
| 87 | 90 | #endif |
| 88 | 91 | |
| 89 | 92 | typedef struct { unsigned long pmd; } pmd_t; |
| @@ -96,7 +99,6 @@ typedef struct { unsigned long pgprot; } pgprot_t; | ||
| 96 | 99 | |
| 97 | 100 | #define ptep_buddy(x) ((pte_t *)((unsigned long)(x) ^ sizeof(pte_t))) |
| 98 | 101 | |
| 99 | -#define __pte(x) ((pte_t) { (x) } ) | |
| 100 | 102 | #define __pmd(x) ((pmd_t) { (x) } ) |
| 101 | 103 | #define __pgd(x) ((pgd_t) { (x) } ) |
| 102 | 104 | #define __pgprot(x) ((pgprot_t) { (x) } ) |
Linux Kernel Documents
Fork