<div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 26, 2018 at 8:27 AM, Michael Ellerman <span dir="ltr"><<a href="mailto:mpe@ellerman.id.au" target="_blank">mpe@ellerman.id.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">Li Wang <<a href="mailto:liwang@redhat.com">liwang@redhat.com</a>> writes:<br>
<br>
> On Big endian powerpc ABI, function ptrs are basically pointers to<br>
> function descriptors. The testcase copies functions which results<br>
> in function descriptors getting copied. So easily the access was<br>
> denied by memory protection key in that address when performing it.<br>
><br>
> 10000000-10020000 r-xp 00000000 fd:00 167223 mprotect04<br>
> 10020000-10030000 r--p 00010000 fd:00 167223 mprotect04<br>
> 10030000-10040000 rw-p 00020000 fd:00 167223 mprotect04<br>
> 1001a380000-1001a3b0000 rw-p 00000000 00:00 0 [heap]<br>
> 7fffa6c60000-7fffa6c80000 --xp 00000000 00:00 0<br>
><br>
> &exec_func = 0x10030170<br>
> &func = 0x7fffa6c60170<br>
><br>
> While perform the (*func)(); we get segmentation fault.<br>
><br>
> strace log:<br>
> -----------<br>
> mprotect(0x7fffaed00000, 131072, PROT_EXEC) = 0<br>
> rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0<br>
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_PKUERR, si_addr=0x7fffaed00170} ---<br>
><br>
> Reported-and-tested-by: Li Wang <<a href="mailto:liwang@redhat.com">liwang@redhat.com</a>><br>
> Signed-off-by: Ram Pai <<a href="mailto:linuxram@us.ibm.com">linuxram@us.ibm.com</a>><br>
> Signed-off-by: Li Wang <<a href="mailto:liwang@redhat.com">liwang@redhat.com</a>><br>
> CC: Michael Ellerman <<a href="mailto:mpe@ellerman.id.au">mpe@ellerman.id.au</a>><br>
<br>
</span>Thanks for fixing this.<br>
<br>
Some comments below ...<br>
<span class="gmail-"><br>
> diff --git a/testcases/kernel/syscalls/<wbr>mprotect/mprotect04.c b/testcases/kernel/syscalls/<wbr>mprotect/mprotect04.c<br>
> index 1173afd..5705cb0 100644<br>
> --- a/testcases/kernel/syscalls/<wbr>mprotect/mprotect04.c<br>
> +++ b/testcases/kernel/syscalls/<wbr>mprotect/mprotect04.c<br>
</span><span class="gmail-">> @@ -189,6 +191,14 @@ static void clear_cache(void *start, int len)<br>
> #endif<br>
> }<br>
><br>
> +#if (defined (__powerpc__) || (__powerpc64__)) && __BYTE_ORDER == __BIG_ENDIAN<br>
<br>
</span>That's not quite the right condition.<br>
<br>
32-bit powerpc big endian doesn't use function descriptors, but your<br>
check for __powerpc__ will match on 32-bit. </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Also the check for __powerpc64__ is missing defined().<br>
<br>
So this would work:<br>
<br>
#if defined(__powerpc64__) && __BYTE_ORDER == __BIG_ENDIAN<br>
<br>
More correct would be to check for the ABI version, because ppc64le can<br>
technically use function descriptors (it just doesn't in any<br>
configuration you're likely to see).<br></blockquote><div><br><div style="font-family:monospace,monospace" class="gmail_default"><div style="font-family:monospace,monospace" class="gmail_default">Thanks for your correction, very detail and clear. I'd like to take use of it in PATCH V2 directly.</div></div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
That would be:<br>
<br>
#if defined(__powerpc64__) && (!defined(_CALL_ELF) || _CALL_ELF < 2)<br>
<br>
Given you need that in a few places you should probably make it a<br>
define, eg:<br>
<br>
#if defined(__powerpc64__) && (!defined(_CALL_ELF) || _CALL_ELF < 2)<br>
#define USE_FUNCTION_DESCRIPTORS<br>
#endif<br>
<br>
#ifdef USE_FUNCTION_DESCRIPTORS<br>
typedef struct {<br>
uintptr_t entry;<br>
uintptr_t toc;<br>
uintptr_t env;<br>
} func_descr_t;<br>
#endif<br>
<br>
<br>
cheers<br>
<br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Li Wang<br><a href="mailto:liwang@redhat.com" target="_blank">liwang@redhat.com</a></div>
</div></div>