From patchwork Tue Sep  5 22:41:29 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Max Filippov <jcmvbkbc@gmail.com>
X-Patchwork-Id: 810314
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=busybox.net
	(client-ip=140.211.166.136; helo=silver.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="lmrmNMQ9"; dkim-atps=neutral
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3xn1v82MXtz9sR9
	for <incoming@patchwork.ozlabs.org>;
	Wed,  6 Sep 2017 08:42:44 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id ADDCA30A6A;
	Tue,  5 Sep 2017 22:42:41 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id jt4xZVMRbjiD; Tue,  5 Sep 2017 22:42:40 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id 5B5A930A67;
	Tue,  5 Sep 2017 22:42:40 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	by ash.osuosl.org (Postfix) with ESMTP id DBC3E1C3F91
	for <buildroot@lists.busybox.net>;
	Tue,  5 Sep 2017 22:42:38 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id D53DE30A67
	for <buildroot@lists.busybox.net>;
	Tue,  5 Sep 2017 22:42:38 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yrSCbzi1Ixk1 for <buildroot@lists.busybox.net>;
	Tue,  5 Sep 2017 22:42:38 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com
	[209.85.215.68])
	by silver.osuosl.org (Postfix) with ESMTPS id EBCCA30A62
	for <buildroot@uclibc.org>; Tue,  5 Sep 2017 22:42:37 +0000 (UTC)
Received: by mail-lf0-f68.google.com with SMTP id c8so2340903lfe.2
	for <buildroot@uclibc.org>; Tue, 05 Sep 2017 15:42:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=goRhO+XvZ3SZTHGwV72Y/bKHysaVEDwpq3cF0Gbexm8=;
	b=lmrmNMQ9nqC0UpcRpk00xtglH6we8nUH/FBQu6+h6pPsNW1SdPEfiNxwUaks71q5z6
	nx3Mo9qU/xJIvoTRic1L8Z975u2p9rKEVmQPr0NZEhkj0X5P8iKbOVtxqPkgYMPfWgGk
	6viTl2v6oW0z+n8hkbg9yTSgyjC1TX0lgVFlJk/Y46DqJn66mErolZYxRvnkuH6b88bp
	QevS+QV+iyALi13fYy8eBQb5cBFB5lsVBhfHnbfcZo9+ACCDqeIi2bH4ZGnLT3lVMDGO
	NVd2FkyPpP7Tstb+1DJnREBC/6kGI04PanEzezaU+zKhsssbTPLVwwcQz5MOIRS9vkhZ
	8NgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=goRhO+XvZ3SZTHGwV72Y/bKHysaVEDwpq3cF0Gbexm8=;
	b=cNEG8GeTxHkTsv25x+NSV3JeePuo8i0sZB0xtTnUG5CA6JnHbHwXAzUhe0xF7YIRzy
	3zj4z+7aNz+ArRFQecL6AOjzoF0RIi0phg9K3vX4Rv/y85JVHU32n4lx/44eKh13GRld
	VkBSMwD6lCNL5G8uIuAwlwmi6QUa2pYNtWO+Z3jPXejB/E+cDncFrvb9z7Xn5xBaEf1H
	TV9h0ykFtUyFYgtyO6VMFdIfBFQhR3zRAZA2UaYwyR3IS2CDgVza87aFqkQB4xq1ZZxz
	6wt66NMVCGsC0fgm2FvxhCw/6vguX8IHJRvb6sVrG+wp579aEVPQ7ZzLAZA/f40kbF7D
	bAGw==
X-Gm-Message-State: AHPjjUjJ1WdIge92KrHiRqd3svbBfshRhLgZNw8JV1CVmv6EWfm/Ebcg
	kDcyeSPir4QDciDV9Q97ig==
X-Google-Smtp-Source: 
 ADKCNb7MvH9t18IjbyPzlfdvPVuJJfL+yvn1NbJraY0CGo/cEoxu8qP523tLl0JUejPNI8/N/q4Hgg==
X-Received: by 10.25.211.205 with SMTP id k196mr159730lfg.210.1504651355673;
	Tue, 05 Sep 2017 15:42:35 -0700 (PDT)
Received: from octofox.metropolis
	(jcmvbkbc-1-pt.tunnel.tserv24.sto1.ipv6.he.net. [2001:470:27:1fa::2])
	by smtp.gmail.com with ESMTPSA id
	i137sm162908lfe.43.2017.09.05.15.42.33
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 05 Sep 2017 15:42:35 -0700 (PDT)
From: Max Filippov <jcmvbkbc@gmail.com>
To: buildroot@uclibc.org
Date: Tue,  5 Sep 2017 15:41:29 -0700
Message-Id: <1504651289-10525-1-git-send-email-jcmvbkbc@gmail.com>
X-Mailer: git-send-email 2.1.4
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Subject: [Buildroot] [PATCH for 2017.02.x] package/binutils: fix crash
	caused by buggy xtensa overlay
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

In some xtensa configurations there may be system/user registers in
xtensa-modules with negative index. ISA initialization for such config
may clobber heap and result in program termination.
Don't update lookup table entries for register with negative indices.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
 ...a-fix-memory-corruption-by-broken-sysregs.patch | 42 ++++++++++++++++++++++
 ...a-fix-memory-corruption-by-broken-sysregs.patch | 42 ++++++++++++++++++++++
 2 files changed, 84 insertions(+)
 create mode 100644 package/binutils/2.25.1/131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
 create mode 100644 package/binutils/2.26.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch

diff --git a/package/binutils/2.25.1/131-xtensa-fix-memory-corruption-by-broken-sysregs.patch b/package/binutils/2.25.1/131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
new file mode 100644
index 000000000000..30103ee05eca
--- /dev/null
+++ b/package/binutils/2.25.1/131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+	entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+       xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+       is_user = sreg->is_user;
+ 
+-      isa->sysreg_table[is_user][sreg->number] = n;
++      if (sreg->number >= 0)
++	isa->sysreg_table[is_user][sreg->number] = n;
+     }
+ 
+   /* Set up the interface lookup table.  */
+-- 
+2.1.4
+
diff --git a/package/binutils/2.26.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch b/package/binutils/2.26.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
new file mode 100644
index 000000000000..30103ee05eca
--- /dev/null
+++ b/package/binutils/2.26.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch
@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+	entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+       xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+       is_user = sreg->is_user;
+ 
+-      isa->sysreg_table[is_user][sreg->number] = n;
++      if (sreg->number >= 0)
++	isa->sysreg_table[is_user][sreg->number] = n;
+     }
+ 
+   /* Set up the interface lookup table.  */
+-- 
+2.1.4
+