lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200710312110.l9VLAQP1026675@tazenda.hos.anvin.org>
Date:	Wed, 31 Oct 2007 14:10:26 -0700
From:	"H. Peter Anvin" <hpa@...or.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Linux Arch Mailing List <linux-arch@...r.kernel.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	"Kirill A. Shutemov" <k.shutemov@...il.com>,
	David Woodhouse <dwmw2@...radead.org>
Subject: [PATCH] Sanitize the type of struct user.u_ar0

struct user.u_ar0 is defined to contain a pointer offset on all
architectures in which it is defined (all architectures which define
an a.out format except SPARC.)  However, it has a pointer type in the
headers, which is pointless -- <asm/user.h> is not exported to
userspace, and it just makes the code messy.

Redefine the field as "unsigned long" (which is the same size as a
pointer on all Linux architectures) and change the setting code to
user offsetof() instead of hand-coded arithmetic.

Cc: Linux Arch Mailing List <linux-arch@...r.kernel.org>
Cc: Bryan Wu <bryan.wu@...log.com>
Cc: Roman Zippel <zippel@...ux-m68k.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: Richard Henderson <rth@...ddle.net>
Cc: Ivan Kokshaysky <ink@...assic.park.msu.ru>
Cc: Russell King <rmk@....linux.org.uk>
Cc: Lennert Buytenhek <kernel@...tstofly.org>
Cc: HÃ¥vard Skinnemoen <hskinnemoen@...el.com>
Cc: Mikael Starvik <starvik@...s.com>
Cc: Yoshinori Sato <ysato@...rs.sourceforge.jp>
Cc: Tony Luck <tony.luck@...el.com>
Cc: Hirokazu Takata <takata@...ux-m32r.org>
Cc: Ralf Baechle <ralf@...ux-mips.org>
Cc: Paul Mackerras <paulus@...ba.org>
Cc: Martin Schwidefsky <schwidefsky@...ibm.com>
Cc: Heiko Carstens <heiko.carstens@...ibm.com>
Cc: Paul Mundt <lethal@...ux-sh.org>
Signed-off-by: H. Peter Anvin <hpa@...or.com>
---
 arch/blackfin/kernel/process.c |    2 +-
 arch/m68k/kernel/process.c     |    2 +-
 arch/x86/ia32/ia32_aout.c      |    2 +-
 fs/binfmt_aout.c               |    2 +-
 include/asm-alpha/user.h       |    2 +-
 include/asm-arm/user.h         |    2 +-
 include/asm-avr32/user.h       |    2 +-
 include/asm-blackfin/user.h    |    2 +-
 include/asm-cris/user.h        |    2 +-
 include/asm-h8300/user.h       |    3 +--
 include/asm-ia64/user.h        |    2 +-
 include/asm-m32r/user.h        |    2 +-
 include/asm-m68k/user.h        |    3 +--
 include/asm-mips/user.h        |    2 +-
 include/asm-powerpc/user.h     |    2 +-
 include/asm-s390/user.h        |    3 +--
 include/asm-sh/user.h          |    2 +-
 include/asm-sh64/user.h        |    2 +-
 include/asm-v850/user.h        |    2 +-
 include/asm-x86/user_32.h      |    2 +-
 include/asm-x86/user_64.h      |    2 +-
 21 files changed, 21 insertions(+), 24 deletions(-)

diff --git a/arch/blackfin/kernel/process.c b/arch/blackfin/kernel/process.c
index 9124467..5c08004 100644
--- a/arch/blackfin/kernel/process.c
+++ b/arch/blackfin/kernel/process.c
@@ -257,7 +257,7 @@ void dump_thread(struct pt_regs *regs, struct user *dump)
 		    ((unsigned long)(TASK_SIZE -
 				     dump->start_stack)) >> PAGE_SHIFT;
 
-	dump->u_ar0 = (struct user_regs_struct *)((int)&dump->regs - (int)dump);
+	dump->u_ar0 = offsetof(struct user, regs);
 
 	dump->regs.r0 = regs->r0;
 	dump->regs.r1 = regs->r1;
diff --git a/arch/m68k/kernel/process.c b/arch/m68k/kernel/process.c
index 3ee9186..f85b928 100644
--- a/arch/m68k/kernel/process.c
+++ b/arch/m68k/kernel/process.c
@@ -335,7 +335,7 @@ void dump_thread(struct pt_regs * regs, struct user * dump)
 	if (dump->start_stack < TASK_SIZE)
 		dump->u_ssize = ((unsigned long) (TASK_SIZE - dump->start_stack)) >> PAGE_SHIFT;
 
-	dump->u_ar0 = (struct user_regs_struct *)((int)&dump->regs - (int)dump);
+	dump->u_ar0 = offsetof(struct user, regs);
 	sw = ((struct switch_stack *)regs) - 1;
 	dump->regs.d1 = regs->d1;
 	dump->regs.d2 = regs->d2;
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
index 731aac1..c489fee 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -162,7 +162,7 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, u
 	has_dumped = 1;
 	current->flags |= PF_DUMPCORE;
        	strncpy(dump.u_comm, current->comm, sizeof(current->comm));
-	dump.u_ar0 = (u32)(((unsigned long)(&dump.regs)) - ((unsigned long)(&dump)));
+	dump.u_ar0 = offsetof(struct user32, regs);
 	dump.signal = signr;
 	dump_thread32(regs, &dump);
 
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index e176d19..9a00063 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -115,7 +115,7 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, u
 	current->flags |= PF_DUMPCORE;
        	strncpy(dump.u_comm, current->comm, sizeof(dump.u_comm));
 #ifndef __sparc__
-	dump.u_ar0 = (void *)(((unsigned long)(&dump.regs)) - ((unsigned long)(&dump)));
+	dump.u_ar0 = offsetof(struct user, regs);
 #endif
 	dump.signal = signr;
 	dump_thread(regs, &dump);
diff --git a/include/asm-alpha/user.h b/include/asm-alpha/user.h
index 7e417fc..a4eb6a4 100644
--- a/include/asm-alpha/user.h
+++ b/include/asm-alpha/user.h
@@ -39,7 +39,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
 };
diff --git a/include/asm-arm/user.h b/include/asm-arm/user.h
index 3e8b0f8..825c1e7 100644
--- a/include/asm-arm/user.h
+++ b/include/asm-arm/user.h
@@ -67,7 +67,7 @@ struct user{
 				   esp register.  */
   long int signal;     		/* Signal that caused the core dump. */
   int reserved;			/* No longer used */
-  struct pt_regs * u_ar0;	/* Used by gdb to help find the values for */
+  unsigned long u_ar0;		/* Used by gdb to help find the values for */
 				/* the registers. */
   unsigned long magic;		/* To uniquely identify a core file */
   char u_comm[32];		/* User command that was responsible */
diff --git a/include/asm-avr32/user.h b/include/asm-avr32/user.h
index 060fb3a..7e9152f 100644
--- a/include/asm-avr32/user.h
+++ b/include/asm-avr32/user.h
@@ -51,7 +51,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
 };
diff --git a/include/asm-blackfin/user.h b/include/asm-blackfin/user.h
index abc3462..afe6a0e 100644
--- a/include/asm-blackfin/user.h
+++ b/include/asm-blackfin/user.h
@@ -75,7 +75,7 @@ struct user {
 					   esp register.  */
 	long int signal;	/* Signal that caused the core dump. */
 	int reserved;		/* No longer used */
-	struct user_regs_struct *u_ar0;
+	unsigned long u_ar0;
 	/* Used by gdb to help find the values for */
 	/* the registers. */
 	unsigned long magic;	/* To uniquely identify a core file */
diff --git a/include/asm-cris/user.h b/include/asm-cris/user.h
index 2538e2a..73e60fc 100644
--- a/include/asm-cris/user.h
+++ b/include/asm-cris/user.h
@@ -38,7 +38,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
 };
diff --git a/include/asm-h8300/user.h b/include/asm-h8300/user.h
index 6c64f99..14a9e18 100644
--- a/include/asm-h8300/user.h
+++ b/include/asm-h8300/user.h
@@ -62,8 +62,7 @@ struct user{
 				   esp register.  */
   long int signal;     		/* Signal that caused the core dump. */
   int reserved;			/* No longer used */
-  struct user_regs_struct *u_ar0;
-				/* Used by gdb to help find the values for */
+  unsigned long u_ar0;		/* Used by gdb to help find the values for */
 				/* the registers. */
   unsigned long magic;		/* To uniquely identify a core file */
   char u_comm[32];		/* User command that was responsible */
diff --git a/include/asm-ia64/user.h b/include/asm-ia64/user.h
index 78e5a20..8b98211 100644
--- a/include/asm-ia64/user.h
+++ b/include/asm-ia64/user.h
@@ -44,7 +44,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
 };
diff --git a/include/asm-m32r/user.h b/include/asm-m32r/user.h
index 035258d..03b3c11 100644
--- a/include/asm-m32r/user.h
+++ b/include/asm-m32r/user.h
@@ -38,7 +38,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
 };
diff --git a/include/asm-m68k/user.h b/include/asm-m68k/user.h
index 8c56cca..f1f478d 100644
--- a/include/asm-m68k/user.h
+++ b/include/asm-m68k/user.h
@@ -72,8 +72,7 @@ struct user{
 				   esp register.  */
   long int signal;		/* Signal that caused the core dump. */
   int reserved;			/* No longer used */
-  struct user_regs_struct *u_ar0;
-				/* Used by gdb to help find the values for */
+  unsigned long u_ar0;		/* Used by gdb to help find the values for */
 				/* the registers. */
   struct user_m68kfp_struct* u_fpstate;	/* Math Co-processor pointer. */
   unsigned long magic;		/* To uniquely identify a core file */
diff --git a/include/asm-mips/user.h b/include/asm-mips/user.h
index 61f2a09..e8ca4d9 100644
--- a/include/asm-mips/user.h
+++ b/include/asm-mips/user.h
@@ -46,7 +46,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
 };
diff --git a/include/asm-powerpc/user.h b/include/asm-powerpc/user.h
index e59ade4..2f0223c 100644
--- a/include/asm-powerpc/user.h
+++ b/include/asm-powerpc/user.h
@@ -40,7 +40,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
 };
diff --git a/include/asm-s390/user.h b/include/asm-s390/user.h
index 1dc74ba..1b050e3 100644
--- a/include/asm-s390/user.h
+++ b/include/asm-s390/user.h
@@ -63,8 +63,7 @@ struct user {
 				   the top of the stack is always found in the
 				   esp register.  */
   long int signal;     		/* Signal that caused the core dump. */
-  struct user_regs_struct *u_ar0;
-				/* Used by gdb to help find the values for */
+  unsigned long u_ar0;		/* Used by gdb to help find the values for */
 				/* the registers. */
   unsigned long magic;		/* To uniquely identify a core file */
   char u_comm[32];		/* User command that was responsible */
diff --git a/include/asm-sh/user.h b/include/asm-sh/user.h
index d1b8511..a1908c1 100644
--- a/include/asm-sh/user.h
+++ b/include/asm-sh/user.h
@@ -45,7 +45,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	struct user_fpu_struct* u_fpstate;	/* Math Co-processor pointer */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
diff --git a/include/asm-sh64/user.h b/include/asm-sh64/user.h
index eb3b33e..69b6cb6 100644
--- a/include/asm-sh64/user.h
+++ b/include/asm-sh64/user.h
@@ -55,7 +55,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	struct user_fpu_struct* u_fpstate;	/* Math Co-processor pointer */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
diff --git a/include/asm-v850/user.h b/include/asm-v850/user.h
index ccf4cea..a915d29 100644
--- a/include/asm-v850/user.h
+++ b/include/asm-v850/user.h
@@ -40,7 +40,7 @@ struct user {
 	unsigned long	start_data;		/* data starting address */
 	unsigned long	start_stack;		/* stack starting address */
 	long int	signal;			/* signal causing core dump */
-	struct regs *	u_ar0;			/* help gdb find registers */
+	unsigned long	u_ar0;			/* help gdb find registers */
 	unsigned long	magic;			/* identifies a core file */
 	char		u_comm[32];		/* user command name */
 };
diff --git a/include/asm-x86/user_32.h b/include/asm-x86/user_32.h
index 0e85d2a..2373f73 100644
--- a/include/asm-x86/user_32.h
+++ b/include/asm-x86/user_32.h
@@ -106,7 +106,7 @@ struct user{
 				   esp register.  */
   long int signal;     		/* Signal that caused the core dump. */
   int reserved;			/* No longer used */
-  struct user_pt_regs * u_ar0;	/* Used by gdb to help find the values for */
+  unsigned long u_ar0;		/* Used by gdb to help find the values for */
 				/* the registers. */
   struct user_i387_struct* u_fpstate;	/* Math Co-processor pointer. */
   unsigned long magic;		/* To uniquely identify a core file */
diff --git a/include/asm-x86/user_64.h b/include/asm-x86/user_64.h
index 12785c6..d7d0e1d 100644
--- a/include/asm-x86/user_64.h
+++ b/include/asm-x86/user_64.h
@@ -97,7 +97,7 @@ struct user{
   long int signal;     		/* Signal that caused the core dump. */
   int reserved;			/* No longer used */
   int pad1;
-  struct user_pt_regs * u_ar0;	/* Used by gdb to help find the values for */
+  unsigned long u_ar0;		/* Used by gdb to help find the values for */
 				/* the registers. */
   struct user_i387_struct* u_fpstate;	/* Math Co-processor pointer. */
   unsigned long magic;		/* To uniquely identify a core file */
-- 
1.5.3.4

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ