From ea0d85aea2a0c17cc045847febaee8cac094d6a9 Mon Sep 17 00:00:00 2001
From: wilson <wilson@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Wed, 21 Feb 2001 21:50:16 +0000
Subject: [PATCH] Refine syscall_linkage attribute semantics to fix security
 hole. 	* config/ia64/ia64.c (ia64_epilogue_uses): For syscall_linkage 
 functions, drop current_function_args_info.words test. 
 (ia64_compute_frame_size): Mark syscall_linkage functions as 	using eight
 input registers.

git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@39965 138bc75d-0d04-0410-961f-82ee72b054a4
---
 gcc/ChangeLog          |  7 +++++++
 gcc/config/ia64/ia64.c | 12 +++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index d7a3a36b7e5..ec803b8f14c 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,10 @@
+2001-02-21  David Mosberger  <davidm@hpl.hp.com>
+
+	* config/ia64/ia64.c (ia64_epilogue_uses): For syscall_linkage
+	functions, drop current_function_args_info.words test.
+	(ia64_compute_frame_size): Mark syscall_linkage functions as
+	using eight input registers.
+
 2001-02-21  Loren J. Rittle  <ljrittle@acm.org>
 	Bruce Korb  <bkorb@gnu.org>
 
diff --git a/gcc/config/ia64/ia64.c b/gcc/config/ia64/ia64.c
index fbbec966b62..1a4baa02c6c 100644
--- a/gcc/config/ia64/ia64.c
+++ b/gcc/config/ia64/ia64.c
@@ -1317,7 +1317,13 @@ ia64_compute_frame_size (size)
       break;
   current_frame_info.n_local_regs = regno - LOC_REG (0) + 1;
 
-  if (cfun->machine->n_varargs > 0)
+  /* For functions marked with the syscall_linkage attribute, we must mark
+     all eight input registers as in use, so that locals aren't visible to
+     the caller.  */
+
+  if (cfun->machine->n_varargs > 0
+      || lookup_attribute ("syscall_linkage",
+			   TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl))))
     current_frame_info.n_input_regs = 8;
   else
     {
@@ -6040,10 +6046,10 @@ ia64_epilogue_uses (regno)
      registers are marked as live at all function exits.  This prevents the
      register allocator from using the input registers, which in turn makes it
      possible to restart a system call after an interrupt without having to
-     save/restore the input registers.  */
+     save/restore the input registers.  This also prevents kernel data from
+     leaking to application code.  */
 
   if (IN_REGNO_P (regno)
-      && (regno < IN_REG (current_function_args_info.words))
       && lookup_attribute ("syscall_linkage",
 			   TYPE_ATTRIBUTES (TREE_TYPE (current_function_decl))))
     return 1;
-- 
2.11.0