Fork us on GitHub Follow us on Facebook Follow us on Twitter

Opened 10 years ago

Closed 9 years ago

#148 closed defect (fixed)

__hypercall_fast_ret1 trusts the contents of %o1 (too much)

Reported by: Jakub Jermář Owned by: Pavel Rimsky
Priority: major Milestone: 0.4.2
Component: helenos/kernel/sparc64 Version: mainline
Keywords: Cc:
Blocker for: Depends on:
See also:

Description

In the sun4v branch, there is:

  static inline uint64_t
__hypercall_fast_ret1(const uint64_t p1, const uint64_t p2, const uint64_t p3,
    const uint64_t p4, const uint64_t p5, const uint64_t function_number,
    uint64_t * const ret1)
{
	uint64_t errno = __hypercall_fast(p1, p2, p3, p4, p5, function_number);
	if (ret1 != NULL) {
		asm volatile ("mov %%o1, %0\n" : "=r" (*ret1));
	}
	return errno;
}

It seems like the asm statement is making unjustified assumptions about the register %o1. %o1 is a scratch register and the function can do pretty much anything with it between the call to __hypercall_fast() and the asm statement.

Noticed by Petr Tuma.

Change History (1)

comment:1 Changed 9 years ago by Jakub Jermář

Resolution: fixed
Status: newclosed

Fixed in changeset:head,303.

Note: See TracTickets for help on using tickets.