| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Nov 2015 21:13:19 +0100
From: Michael Büsch <m@...s.ch>
To: linux-sh@...r.kernel.org, linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>
Cc: Ilia Mirkin <imirkin@...m.mit.edu>
Subject: [PATCH] m32r: Fix clearing of thread info fault code
The expression (~0 >> x) will always yield all-ones, because the right
shift is an arithmetic right shift that will always shift ones in.
Hence the old fault code bits will not be cleared before being ORed
with the new fault code.
Fix this by forcing a logical right shift instead of an arithmetic
right shift by using an unsigned long constant.
Reported-by: Ilia Mirkin <imirkin@...m.mit.edu>
Signed-off-by: Michael Buesch <m@...s.ch>
---
The code also assumes sizeof(ti->flags) == 4. But that probably is ok
for this arch.
This patch is untested, because I do not have the hardware.
Resend: Patch was originally sent on Wed, 18 Jun 2015.
(Sorry, hit the send button early, so here goes the actual patch.)
Index: linux/arch/m32r/include/asm/thread_info.h
===================================================================
--- linux.orig/arch/m32r/include/asm/thread_info.h
+++ linux/arch/m32r/include/asm/thread_info.h
@@ -77,7 +77,7 @@ static inline struct thread_info *curren
static inline void set_thread_fault_code(unsigned int val)
{
struct thread_info *ti = current_thread_info();
- ti->flags = (ti->flags & (~0 >> (32 - TI_FLAG_FAULT_CODE_SHIFT)))
+ ti->flags = (ti->flags & (~0UL >> (32 - TI_FLAG_FAULT_CODE_SHIFT)))
| (val << TI_FLAG_FAULT_CODE_SHIFT);
}
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists