Google Git
Sign in
chromium / chromiumos / third_party / ltp / 946757d51bb96a280fc4ebe156fa1ad63d9dba13
commit946757d51bb96a280fc4ebe156fa1ad63d9dba13[log] [tgz]
authorGeorge Burgess IV <gbiv@google.com>Wed Aug 24 03:21:11 2016
committerchrome-bot <chrome-bot@chromium.org>Thu Aug 25 08:45:52 2016
tree1ad074f4d65fb12bd9a4c112adc12131793296aa
parent7fea30a4ad5b7b4e99865afcee8b6bfd19ec8b03 [diff]
ltp: don't memcpy into function pointers.

This cherry-picks the following two commits:

commit beea06f31d0fd8c9000768c237a23d4ab3d01456
Author: Cyril Hrubis <chrubis@suse.cz>
Date:   Wed Sep 2 16:43:42 2015 +0200

    syscalls/mprotect04: Fix for ia64

    IA64 ABI calls functions by function descriptors and because of that we
    cannot simply copy function address since the address we get in C is
    addres of the function descriptor and not the function itself.

    Instead of that we copy a code for a minimal function to the mmaped page
    and create a function descriptor for it.

    Signed-off-by: Cyril Hrubis <chrubis@suse.cz>

commit e2b6ca1179cd96b77e32fd0fa281bb0491f7d80d
Author: Jan Stancek <jstancek@redhat.com>
Date:   Wed Sep 9 13:00:01 2015 +0200

    mprotect04: fix powerpc crash when copying exec_func

    Testcase tried to copy page size area starting at &exec_func.
    This results in crash on powerpc, because &exec_func is too close
    to end of page and subsequent page is not mapped:

     10000000-10010000 r-xp 00000000 fd:00 402855 mprotect04
     10010000-10020000 rw-p 00000000 fd:00 402855 mprotect04
     806a410000-806a440000 r-xp 00000000 fd:00 2097827 /lib64/ld-2.12.so
    where &exec_func == 0x100199c0, and page_size == 65536.

    It's also worth noting, that function ptr does not reside in .text,
    but in .opd section. That shouldn't matter for this testcase as long
    as it doesn't try to copy non-existent pages.

    This patch is changing copy function to try copy 2 whole aligned pages.
    Both pages are checked to be present in memory before memcpy is
    attempted. First is the page which contains &exec_func, and 2nd is the
    subsequent page - for the case &exec_func is too close to page boundary.

    Signed-off-by: Jan Stancek <jstancek@redhat.com>
    Acked-by: Cyril Hrubis <chrubis@suse.cz>

BUG=chromium:638456
TEST=emerge-x86-generic with clang-FORTIFY enabled is now happy about memcpy.

Change-Id: I0f77b9c4b5baa8edfbc7062c4fc9fb324aacb20e
Reviewed-on: https://chromium-review.googlesource.com/374860
Commit-Ready: George Burgess <gbiv@google.com>
Tested-by: George Burgess <gbiv@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
1 file changed
tree: 1ad074f4d65fb12bd9a4c112adc12131793296aa
  1. doc/
  2. include/
  3. lib/
  4. m4/
  5. pan/
  6. runtest/
  7. scenario_groups/
  8. scripts/
  9. testcases/
  10. testscripts/
  11. tools/
  12. utils/
  13. .gitignore
  14. .gitmodules
  15. configure.ac
  16. COPYING
  17. execltp.in
  18. IDcheck.sh
  19. INSTALL
  20. ltpmenu
  21. Makefile
  22. Makefile.release
  23. README
  24. README.chromium
  25. README.kernel_config
  26. runalltests.sh
  27. runltp
  28. runltplite.sh
  29. TODO
  30. ver_linux
  31. VERSION