mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-29 01:59:02 +00:00
d71cac96f3
This fixes a kernel panic when validating the arguments of memcpy at runtime, which is enabled by generic's CONFIG_FORTIFY_SOURCE for k4.19 This wasn't triggered on 4.14, as ARCH_HAS_FORTIFY_SOURCE was added on k4.17 for the ARM architecture Signed-off-by: Luis Araneda <luaraneda@gmail.com>
36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From a801d4aa6000f7ba0ffc5ba9d841af62ec7e0bb1 Mon Sep 17 00:00:00 2001
|
|
From: Luis Araneda <luaraneda@gmail.com>
|
|
Date: Tue, 30 Jul 2019 00:29:03 -0400
|
|
Subject: [RFC PATCH] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
|
|
|
|
This fixes a kernel panic (read overflow) on memcpy when
|
|
FORTIFY_SOURCE is enabled.
|
|
|
|
The computed size of memcpy args are:
|
|
- p_size (dst): 4294967295 = (size_t) -1
|
|
- q_size (src): 1
|
|
- size (len): 8
|
|
|
|
Additionally, the memory is marked as __iomem, so one of
|
|
the memcpy_* functions should be used for read/write
|
|
|
|
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
|
|
---
|
|
As of 2019-08-03, this patch is under review and waiting
|
|
comments from the maintainer / author
|
|
--
|
|
arch/arm/mach-zynq/platsmp.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
--- a/arch/arm/mach-zynq/platsmp.c
|
|
+++ b/arch/arm/mach-zynq/platsmp.c
|
|
@@ -65,7 +65,7 @@ int zynq_cpun_start(u32 address, int cpu
|
|
* 0x4: Jump by mov instruction
|
|
* 0x8: Jumping address
|
|
*/
|
|
- memcpy((__force void *)zero, &zynq_secondary_trampoline,
|
|
+ memcpy_toio(zero, &zynq_secondary_trampoline,
|
|
trampoline_size);
|
|
writel(address, zero + trampoline_size);
|
|
|