Hi! > > So this explains "mov32 w0, w0" is problematic, and fixes the bug by > > replacing it with jmp32. Unfortunately, I can't do that in 4.19; plus > > I don't really see how the bug is solved -- we avoided adding mov32 > > sequence that triggers the problem, but the problematic sequence could > > still be produced by the userspace, no? > > > > Does adjust_scalar_min_max_vals still need fixing? > > > > Do you have any hints how to solve this in 4.19? > I have just sent the fixes for 4.14. I sent fixes for 4.19 last Friday. > > The problem here is that the verifier assumes the source register has a given > value, but the fixups change that value to something else when it is truncated. > > The fixups run after the verifier, so a similar sequence produced by userspace > will be correctly verified, so no fixes are necessary on adjust_scalar_min_max > for this specific issue. The fixed-up code is not verified again. Thanks, understood. > The challenge in providing those fixes to 4.14 and 4.19 is the absence of JMP32 > in those kernels. So, AX was taken as a temporary, so it would still work on > JITs. Yes, I got that far. I have seen the patches for 4.19 and 4.14, and they should fix my problems. Thanks a lot for them. Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Attachment:
signature.asc
Description: PGP signature