Opened 15 years ago
Closed 15 years ago
#148 closed defect (fixed)
__hypercall_fast_ret1 trusts the contents of %o1 (too much)
| Reported by: | Jakub Jermář | Owned by: | Pavel Rimsky |
|---|---|---|---|
| Priority: | major | Milestone: | 0.4.2 |
| Component: | helenos/kernel/sparc64 | Version: | mainline |
| Keywords: | Cc: | ||
| Blocker for: | Depends on: | ||
| See also: |
Description
In the sun4v branch, there is:
static inline uint64_t
__hypercall_fast_ret1(const uint64_t p1, const uint64_t p2, const uint64_t p3,
const uint64_t p4, const uint64_t p5, const uint64_t function_number,
uint64_t * const ret1)
{
uint64_t errno = __hypercall_fast(p1, p2, p3, p4, p5, function_number);
if (ret1 != NULL) {
asm volatile ("mov %%o1, %0\n" : "=r" (*ret1));
}
return errno;
}
It seems like the asm statement is making unjustified assumptions about the register %o1. %o1 is a scratch register and the function can do pretty much anything with it between the call to __hypercall_fast() and the asm statement.
Noticed by Petr Tuma.
Note:
See TracTickets
for help on using tickets.
Fixed in changeset:head,303.