rpms / gcc-toolset-11-strace

Clone
Source Code
GIT

Blame SOURCES/0153-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch

c8 c8-beta c8s
  1.   c8-beta
  2.   SOURCES
  3.   0153-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch
Blob History Raw
fffaa6 
From 3a68f90c2a5a208b475cc2014f85ae04541ec5b6 Mon Sep 17 00:00:00 2001
fffaa6 
From: Eugene Syromyatnikov <evgsyr@gmail.com>
fffaa6 
Date: Fri, 20 Aug 2021 21:31:01 +0200
fffaa6 
Subject: [PATCH 150/150] tee: rewrite num_params access in tee_fetch_buf_data
fffaa6
fffaa6 
Pointer to num_params field of the fetched structure is passed in a
fffaa6 
separate function argument which provokes covscan complaints about
fffaa6 
uninitialised accesses and also tingles my aliasing rules senses.
fffaa6 
Rewrite to access it via the arg_struct argument which is fetched
fffaa6 
earlier in the function flow.
fffaa6
fffaa6 
* src/tee.c (TEE_FETCH_BUF_DATA): Change &arg_.num_params
fffaa6 
to offsetof(typeof(arg_), num_params).
fffaa6 
(tee_fetch_buf_data): Accept offset of the num_params field instead
fffaa6 
of pointer to it; reconstruct the num_params pointer using it.
fffaa6 
---
fffaa6 
 src/tee.c | 5 +++--
fffaa6 
 1 file changed, 3 insertions(+), 2 deletions(-)
fffaa6
fffaa6 
diff --git a/src/tee.c b/src/tee.c
fffaa6 
index f9eda52..d7e9b15 100644
fffaa6 
--- a/src/tee.c
fffaa6 
+++ b/src/tee.c
fffaa6 
@@ -33,7 +33,7 @@ struct tee_ioctl_shm_register_fd_data {
fffaa6
fffaa6 
 #define TEE_FETCH_BUF_DATA(buf_, arg_, params_) \
fffaa6 
 	tee_fetch_buf_data(tcp, arg, &buf_, sizeof(arg_), \
fffaa6 
-			   &arg_, &arg_.num_params, \
fffaa6 
+			   &arg_, offsetof(typeof(arg_), num_params), \
fffaa6 
 			   params_)
fffaa6
fffaa6 
 /* session id is printed as 0x%x in libteec */
fffaa6 
@@ -56,7 +56,7 @@ tee_fetch_buf_data(struct tcb *const tcp,
fffaa6 
 		   struct tee_ioctl_buf_data *buf,
fffaa6 
 		   size_t arg_size,
fffaa6 
 		   void *arg_struct,
fffaa6 
-		   unsigned *num_params,
fffaa6 
+		   size_t num_params_offs,
fffaa6 
 		   uint64_t *params)
fffaa6 
 {
fffaa6 
 	if (umove_or_printaddr(tcp, arg, buf))
fffaa6 
@@ -69,6 +69,7 @@ tee_fetch_buf_data(struct tcb *const tcp,
fffaa6 
 		tee_print_buf(buf);
fffaa6 
 		return RVAL_IOCTL_DECODED;
fffaa6 
 	}
fffaa6 
+	uint32_t *num_params = (uint32_t *) (arg_struct + num_params_offs);
fffaa6 
 	if (entering(tcp) &&
fffaa6 
 	    (arg_size + TEE_IOCTL_PARAM_SIZE(*num_params) != buf->buf_len)) {
fffaa6 
 		/*
fffaa6 
--
fffaa6 
2.1.4
fffaa6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation