Patch "ARM: 9321/1: memset: cast the constant byte to unsigned char" has been added to the 5.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 10 Nov 2023 14:38:13 -0500

This is a note to let you know that I've just added the patch titled

    ARM: 9321/1: memset: cast the constant byte to unsigned char

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     arm-9321-1-memset-cast-the-constant-byte-to-unsigned.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 0b228326e158d0517f99564bc0697698b87ba81c
Author: Kursad Oney <kursad.oney@xxxxxxxxxxxx>
Date:   Tue Aug 22 15:06:06 2023 +0100

    ARM: 9321/1: memset: cast the constant byte to unsigned char
    
    [ Upstream commit c0e824661f443b8cab3897006c1bbc69fd0e7bc4 ]
    
    memset() description in ISO/IEC 9899:1999 (and elsewhere) says:
    
            The memset function copies the value of c (converted to an
            unsigned char) into each of the first n characters of the
            object pointed to by s.
    
    The kernel's arm32 memset does not cast c to unsigned char. This results
    in the following code to produce erroneous output:
    
            char a[128];
            memset(a, -128, sizeof(a));
    
    This is because gcc will generally emit the following code before
    it calls memset() :
    
            mov   r0, r7
            mvn   r1, #127        ; 0x7f
            bl    00000000 <memset>
    
    r1 ends up with 0xffffff80 before being used by memset() and the
    'a' array will have -128 once in every four bytes while the other
    bytes will be set incorrectly to -1 like this (printing the first
    8 bytes) :
    
            test_module: -128 -1 -1 -1
            test_module: -1 -1 -1 -128
    
    The change here is to 'and' r1 with 255 before it is used.
    
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Reviewed-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
    Reviewed-by: Linus Walleij <linus.walleij@xxxxxxxxxx>
    Signed-off-by: Kursad Oney <kursad.oney@xxxxxxxxxxxx>
    Signed-off-by: Russell King (Oracle) <rmk+kernel@xxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/arm/lib/memset.S b/arch/arm/lib/memset.S
index 6ca4535c47fb6..e36d053a8a903 100644
--- a/arch/arm/lib/memset.S
+++ b/arch/arm/lib/memset.S
@@ -16,6 +16,7 @@
 ENTRY(mmioset)
 ENTRY(memset)
 UNWIND( .fnstart         )
+	and	r1, r1, #255		@ cast to unsigned char
 	ands	r3, r0, #3		@ 1 unaligned?
 	mov	ip, r0			@ preserve r0 as return value
 	bne	6f			@ 1






