Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp2569531rdh; Wed, 27 Sep 2023 06:40:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGcc9yuLGKCgS/OrjcCqpItvU3E9i3KjPIyz/Ho465AqOd6PH1lC0URXPFjKkakbrvjyOoG X-Received: by 2002:a25:ad48:0:b0:d0a:da40:638e with SMTP id l8-20020a25ad48000000b00d0ada40638emr2073151ybe.12.1695822002878; Wed, 27 Sep 2023 06:40:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695822002; cv=none; d=google.com; s=arc-20160816; b=KMCnMWdCr6FHBKZJyInRyjcSmKt+amdQkDqb3U90aM33u+OlhZoL3yUf16I49xR22d m8KFeRzSVI49lkgrWFRdBBRG7JwOnX0yphRflaY0rxKF1ds3pLakguqZH5gfABSEqgMM NW0MvOFgVrXUxzRw1Xvpm/xz3IpwIGbh/+c82/Ug8tb+gO+yJpB4JwkdfNQg5svMsZnB oIAJ1qT2ozAaQwmTRZ0ZSGNcalvzaoHPIoaS06EdXenEw8M27YeOVxZdiPjQFBtpNatR X8HntT/py9eDxaPd7IxrEAG26JteHX7N62gA7QXXH0DC3xJqOroHldddhtyrElqHUagM CmiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:to:subject:message-id :date:from:in-reply-to:references:mime-version:dkim-signature; bh=/u3Zrh4RI0xKeh+3e3TWulmTeI9dbJqmlyHM38HtCjc=; fh=+x2z9i++GeF+WxT7efUqQJNR4Kde35UJGDioy/8n2Ys=; b=EmYFP5QpZ2ZwNSVJcalZvtWS4DCagQDMsaw4q/Fvqs1ziEXWG5LkSURq3SfdfrmIx2 EFiTrKdgNOlD5XzRPQP2qCaib4quDPjdfy46oH7dAbwzEyi1guLsQ/UNdwO9y89Htn2l U+LeIf1yHdShqxrtqbtvWkebZddX1b02s5bqWi1KqYK03j+hYf4kmZdoklRQsd/iyB2r wPCbKKJW4LSxKLwktHiYlnzL4A5lTcS5c/BdSzljPOmJJfjbdDDdRriuLs9OPe45EQdo nXQy5Wjl5s2fMnK1Cynko8ff1fDHupkbV18sRbojNkB/Jbmba+jD3k6IXZTHJJ8oQEFJ S8Qw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="kPjw/pnT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id b132-20020a63348a000000b005787de7abd4si15663819pga.12.2023.09.27.06.40.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Sep 2023 06:40:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="kPjw/pnT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id B5C67813EAB2; Wed, 27 Sep 2023 03:23:07 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231289AbjI0KXD (ORCPT + 99 others); Wed, 27 Sep 2023 06:23:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231403AbjI0KWi (ORCPT ); Wed, 27 Sep 2023 06:22:38 -0400 Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ABA16558A for ; Wed, 27 Sep 2023 03:13:48 -0700 (PDT) Received: by mail-lj1-x235.google.com with SMTP id 38308e7fff4ca-2c1886777d9so2388771fa.0 for ; Wed, 27 Sep 2023 03:13:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695809626; x=1696414426; darn=vger.kernel.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=/u3Zrh4RI0xKeh+3e3TWulmTeI9dbJqmlyHM38HtCjc=; b=kPjw/pnTY56mbYe8FV+CIj5xckiD4pSs/Zw6slGXSzNb8XpMJMiVojFSaqmQFKIgN9 VWcWav70Fk/azaaMEM+Elf36kjDpc7JmUvzUa35eSB+5Ddy9pXFp656hmtjbsRyOyi2a lxQHGpUocJqW+C7wWebLuNHHcidekTK2fMP6ATmRsiMO2D7ONXXNd9Io9t3dTTmpg7u5 b60Pnb46tO3qvfMxTJN0qZraTCyGWMIf7Rtfz427HS1ByMynRUG4NqDuY5DEyoeWA0yV Lrf3lv5EHANBARpyY92+lMzU8bWvhb2P40C500Xg3nwaGwdpGzhKPrbeRYkm4WFmRD/4 DP2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695809626; x=1696414426; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/u3Zrh4RI0xKeh+3e3TWulmTeI9dbJqmlyHM38HtCjc=; b=MV3TrHAkPaxVTcsALJP9oJ7WDIDKt9EK7vb24v8x366tisXeBEu6dbbKCYNnT5sQj7 V2b1VPoJ5H/U87VsfaDyI/0t083IxWXP39ZyJ4kDrGc0Z0ghJJkZMT0Q6a+NVhsaZhpp Z25Hm/36igSeOP9Q9eY+9L9cB2g8bzMSsldTC7Jkb8qG4CgdM/dtlWwGbc3vjft5uOoD 7AvepvGeEW1ojfGmyW1edoswhMEKpYpnWVVxHeYOWWY3+Kl2wo50jWQFU5XASfPOPf3j Oxe9GUllG32VSae8vxF1ORldYOkP8R0EahYDffSclZg+c5cCFN5YzHMp9/x92Gy+RMKS iPNQ== X-Gm-Message-State: AOJu0YyBqDDpQhnG+ZUv/gBlxcRO9hwE9Gnz00momQ0Vmd6UDXBoxd0V OQvZoCrb84RM2pU5gLoJSHH68sRxI89L/kU11jWlVvWtZmKoNQ== X-Received: by 2002:a05:651c:c1:b0:2bf:b133:dd65 with SMTP id 1-20020a05651c00c100b002bfb133dd65mr1570766ljr.38.1695809626199; Wed, 27 Sep 2023 03:13:46 -0700 (PDT) MIME-Version: 1.0 References: <20220601155702.176588-1-ariel.miculas@gmail.com> In-Reply-To: From: Ariel Miculas Date: Wed, 27 Sep 2023 13:13:34 +0300 Message-ID: Subject: Fwd: [PATCH] powerpc/ptrace: Fix buffer overflow when handling PTRACE_PEEKUSER and PTRACE_POKEUSER To: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 27 Sep 2023 03:23:08 -0700 (PDT) ---------- Forwarded message --------- From: Ariel Miculas Date: Thu, Jun 9, 2022 at 1:31=E2=80=AFPM Subject: Fwd: [PATCH] powerpc/ptrace: Fix buffer overflow when handling PTRACE_PEEKUSER and PTRACE_POKEUSER To: Forwarded Conversation Subject: [PATCH] powerpc/ptrace: Fix buffer overflow when handling PTRACE_PEEKUSER and PTRACE_POKEUSER ------------------------ From: Ariel Miculas Date: Wed, Jun 1, 2022 at 12:36 PM To: Cc: Ariel Miculas This fixes the gdbserver issue on PPC32 described here: Link: https://linuxppc-dev.ozlabs.narkive.com/C46DRek4/debug-problems-on-pp= c-83xx-target-due-to-changed-struct-task-struct On PPC32, the user space code considers the floating point to be an array of unsigned int (32 bits) - the index passed in is based on this assumption. fp_state is a matrix consisting of 32 lines /* FP and VSX 0-31 register set / struct thread_fp_state { u64 fpr[32][TS_FPRWIDTH] attribute((aligned(16))); u64 fpscr; / Floating point status */ }; On PPC32, PT_FPSCR is defined as: (PT_FPR0 + 2*32 + 1) This means the fpr index validation allows a range from 0 to 65, leading to out-of-bounds array access. This ends up corrupting threads_struct->state, which holds the state of the task. Thus, threads incorrectly transition from a running state to a traced state and get stuck in that state. On PPC32 it's ok to assume that TS_FPRWIDTH is 1 because CONFIG_VSX is PPC64 specific. TS_FPROFFSET can be safely ignored, thus the assumption that fpr is an array of 32 elements of type u64 holds true. Solution taken from arch/powerpc/kernel/ptrace32.c --- arch/powerpc/kernel/ptrace/ptrace-fpu.c | 31 +++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/ptrace/ptrace-fpu.c b/arch/powerpc/kernel/ptrace/ptrace-fpu.c index 5dca19361316..4351f2bcd12d 100644 --- a/arch/powerpc/kernel/ptrace/ptrace-fpu.c +++ b/arch/powerpc/kernel/ptrace/ptrace-fpu.c @@ -6,9 +6,16 @@ #include "ptrace-decl.h" +#ifdef CONFIG_PPC32 +/* Macros to workout the correct index for the FPR in the thread struct */ +#define FPRNUMBER(i) (((i) - PT_FPR0) >> 1) +#define FPRHALF(i) (((i) - PT_FPR0) & 1) +#define FPRINDEX(i) TS_FPRWIDTH * FPRNUMBER(i) * 2 + FPRHALF(i) +#endif + int ptrace_get_fpr(struct task_struct *child, int index, unsigned long *da= ta) { -#ifdef CONFIG_PPC_FPU_REGS +#if defined(CONFIG_PPC_FPU_REGS) && !defined(CONFIG_PPC32) unsigned int fpidx =3D index - PT_FPR0; #endif @@ -16,11 +23,21 @@ int ptrace_get_fpr(struct task_struct *child, int index, unsigned long *data) return -EIO; #ifdef CONFIG_PPC_FPU_REGS +#ifdef CONFIG_PPC32 + /* + * the user space code considers the floating point + * to be an array of unsigned int (32 bits) - the + * index passed in is based on this assumption. + */ + *data =3D ((unsigned int *)child->thread.fp_state.fpr) + [FPRINDEX(index)]; +#else flush_fp_to_thread(child); if (fpidx < (PT_FPSCR - PT_FPR0)) memcpy(data, &child->thread.TS_FPR(fpidx), sizeof(long)); else *data =3D child->thread.fp_state.fpscr; +#endif #else *data =3D 0; #endif @@ -30,7 +47,7 @@ int ptrace_get_fpr(struct task_struct *child, int index, unsigned long *data) int ptrace_put_fpr(struct task_struct *child, int index, unsigned long dat= a) { -#ifdef CONFIG_PPC_FPU_REGS +#if defined(CONFIG_PPC_FPU_REGS) && !defined(CONFIG_PPC32) unsigned int fpidx =3D index - PT_FPR0; #endif @@ -38,11 +55,21 @@ int ptrace_put_fpr(struct task_struct *child, int index, unsigned long data) return -EIO; #ifdef CONFIG_PPC_FPU_REGS +#ifdef CONFIG_PPC32 + /* + * the user space code considers the floating point + * to be an array of unsigned int (32 bits) - the + * index passed in is based on this assumption. + */ + ((unsigned int *)child->thread.fp_state.fpr) + [FPRINDEX(index)] =3D data; +#else flush_fp_to_thread(child); if (fpidx < (PT_FPSCR - PT_FPR0)) memcpy(&child->thread.TS_FPR(fpidx), &data, sizeof(long)); else child->thread.fp_state.fpscr =3D data; +#endif #endif return 0; -- 2.36.1 ---------- From: Greg KH Date: Wed, Jun 1, 2022 at 12:44 PM To: Ariel Miculas Cc: On Wed, Jun 01, 2022 at 12:35:09PM +0300, Ariel Miculas wrote: > This fixes the gdbserver issue on PPC32 described here: > Link: https://linuxppc-dev.ozlabs.narkive.com/C46DRek4/debug-problems-on-= ppc-83xx-target-due-to-changed-struct-task-struct If this is a public issue, just post to the public mailing list for the subsystem and the developers and maintainers there can help you get this merged properly. > > On PPC32, the user space code considers the floating point to be an > array of unsigned int (32 bits) - the index passed in is based on > this assumption. > > fp_state is a matrix consisting of 32 lines > /* FP and VSX 0-31 register set / > struct thread_fp_state { > u64 fpr[32][TS_FPRWIDTH] attribute((aligned(16))); > u64 fpscr; / Floating point status */ > }; > > On PPC32, PT_FPSCR is defined as: (PT_FPR0 + 2*32 + 1) > > This means the fpr index validation allows a range from 0 to 65, leading > to out-of-bounds array access. This ends up corrupting > threads_struct->state, which holds the state of the task. Thus, threads > incorrectly transition from a running state to a traced state and get > stuck in that state. > > On PPC32 it's ok to assume that TS_FPRWIDTH is 1 because CONFIG_VSX is > PPC64 specific. TS_FPROFFSET can be safely ignored, thus the assumption > that fpr is an array of 32 elements of type u64 holds true. > > Solution taken from arch/powerpc/kernel/ptrace32.c Note, you did not properly sign-off on this commit, so it couldn't be applied anyway :( thanks, greg k-h ---------- From: Ariel Miculas Date: Wed, Jun 1, 2022 at 12:47 PM To: Greg KH I wasn't sure about the security impact of this issue, that's why I sent it to this list. I will go ahead and send it to public lists if it's not a security sensitive issue. ---------- From: Greg KH Date: Wed, Jun 1, 2022 at 1:00 PM To: Ariel Miculas Cc: Please do not drop the list, that's a bit harsh for everyone else on it, now added back. On Wed, Jun 01, 2022 at 12:47:34PM +0300, Ariel Miculas wrote: > I wasn't sure about the security impact of this issue, that's why I sent = it > to this list. > I will go ahead and send it to public lists if it's not a security > sensitive issue. I do not know if this is a security issue, sorry, that wasn't very obvious from your patch submission. And you were pointing at a very very old email thread, so are you sure nothing has happened there since then? thanks, greg k-h ---------- From: Ariel Miculas Date: Wed, Jun 1, 2022 at 2:40 PM To: Greg KH Cc: Sorry for dropping the list. To give a bit of context: I was working on the gdbserver issue (the one described in the link) on PPC32. I was able to find the root cause: a buffer overflow in thread_struct, more specifically in the field fpr in the structure thread_fp_state. I've validated this fix, but for an older kernel version: 4.14. I did not reproduce nor test the issue on the latest kernel version. However, by looking at the code and also the git logs, I've noticed that this is still an issue in the latest kernel version. To be on the safe side, I've emailed this list first because this might also be a security issue, unfortunately I do not have enough expertise to say for sure whether or not it is a security issue. Why I suspected it might be a security issue: this buffer overflow overwrites fields in the task_struct of other threads/processes. In the issue I was facing, a field that was overwritten was the state field, leading to a neighboring thread transitioning from the 'S' state to the 't' state, leading to that specific thread to no longer be scheduled. Maybe this could lead to a DOS since you could stop another process from being scheduled. Overwriting other fields may lead to some privilege escalation issue, but this is just a wild guess. So I need some help on this matter. Thanks, Ariel ---------- From: Eric W. Biederman Date: Wed, Jun 1, 2022 at 6:04 PM To: Ariel Miculas Cc: Ariel Miculas writes: > This fixes the gdbserver issue on PPC32 described here: > Link: https://linuxppc-dev.ozlabs.narkive.com/C46DRek4/debug-problems-on-= ppc-83xx-target-due-to-changed-struct-task-struct > > On PPC32, the user space code considers the floating point to be an > array of unsigned int (32 bits) - the index passed in is based on > this assumption. > > fp_state is a matrix consisting of 32 lines > /* FP and VSX 0-31 register set / > struct thread_fp_state { > u64 fpr[32][TS_FPRWIDTH] attribute((aligned(16))); > u64 fpscr; / Floating point status */ > }; > > On PPC32, PT_FPSCR is defined as: (PT_FPR0 + 2*32 + 1) > > This means the fpr index validation allows a range from 0 to 65, leading > to out-of-bounds array access. This ends up corrupting > threads_struct->state, which holds the state of the task. Thus, threads > incorrectly transition from a running state to a traced state and get > stuck in that state. > > On PPC32 it's ok to assume that TS_FPRWIDTH is 1 because CONFIG_VSX is > PPC64 specific. TS_FPROFFSET can be safely ignored, thus the assumption > that fpr is an array of 32 elements of type u64 holds true. > > Solution taken from arch/powerpc/kernel/ptrace32.c I have a little familiarity with ptrace, so I took a quick look, and I am confused. Doesn't sizeof(long) =3D=3D sizeof(int) =3D=3D 4 on 32bit power pc? I don't understand why you need a big comment about how the index is computed when that isn't changing. Doesn't the 32bit code need flush_fp_to_thread(child)? Don't the overflow checks for an index out of bounds need to be preserved? I am a bit lost about what makes the TS_FPR calculation wrong on 32bit? Eric ---------- From: Ariel Miculas Date: Wed, Jun 1, 2022 at 6:48 PM To: Eric W. Biederman Cc: > Doesn't sizeof(long) =3D=3D sizeof(int) =3D=3D 4 on 32bit power pc? > I don't understand why you need a big comment about how > the index is computed when that isn't changing. I copied the comment from arch/powerpc/kernel/ptrace/ptrace32.c > Doesn't the 32bit code need flush_fp_to_thread(child)? Yes, you are right, this is my mistake. > Don't the overflow checks for an index out of bounds need to be > preserved? There is already a check at the beginning of the function: if (index > PT_FPSCR) return -EIO; The other check was confusing for me also, but basically what happens is th= is: for the last valid index, the field fpscr in the structure thread_fp_state is returned/updated. On PPC32 bit, this check is not needed because the code is functionally equivalent: accessing fpr[32] will lead to accessing the next field in the structure, i.e. the field fpscr (the same thing that if/else condition is accomplishing). This happens because TS_FPRWIDTH is 1 on PPC32. > I am a bit lost about what makes the TS_FPR calculation wrong on 32bit? TS_FPR(i) uses i for indexing fp_state.fpr[i][TS_FPROFFSET] But fpr is defined as follows: u64 fpr[32][TS_FPRWIDTH] __attribute__((aligned(16))); It is an array of size 32. However, fpidx is validated like this: if (fpidx < (PT_FPSCR - PT_FPR0)) And PT_FPSCR is defined as: #define PT_FPSCR (PT_FPR0 + 2*32 + 1) So PT_FPSCR - PT_FPR0 is 2*32+1 =3D 65 Meaning fpidx has a maximum value of 64. fp_state.fpr[64][TS_FPROFFSET] is an out-of-range memory access. ---------- From: Ariel Miculas Date: Wed, Jun 1, 2022 at 6:57 PM To: Cc: Ariel Miculas This fixes the gdbserver issue on PPC32 described here: Link: https://linuxppc-dev.ozlabs.narkive.com/C46DRek4/debug-problems-on-pp= c-83xx-target-due-to-changed-struct-task-struct On PPC32, the user space code considers the floating point to be an array of unsigned int (32 bits) - the index passed in is based on this assumption. fp_state is a matrix consisting of 32 lines /* FP and VSX 0-31 register set / struct thread_fp_state { u64 fpr[32][TS_FPRWIDTH] attribute((aligned(16))); u64 fpscr; / Floating point status */ }; On PPC32, PT_FPSCR is defined as: (PT_FPR0 + 2*32 + 1) This means the fpr index validation allows a range from 0 to 65, leading to out-of-bounds array access. This ends up corrupting threads_struct->state, which holds the state of the task. Thus, threads incorrectly transition from a running state to a traced state and get stuck in that state. On PPC32 it's ok to assume that TS_FPRWIDTH is 1 because CONFIG_VSX is PPC64 specific. TS_FPROFFSET can be safely ignored, thus the assumption that fpr is an array of 32 elements of type u64 holds true. Solution taken from arch/powerpc/kernel/ptrace32.c Signed-off-by: Ariel Miculas --- arch/powerpc/kernel/ptrace/ptrace-fpu.c | 31 +++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/ptrace/ptrace-fpu.c b/arch/powerpc/kernel/ptrace/ptrace-fpu.c index 5dca19361316..93695abbbdfb 100644 --- a/arch/powerpc/kernel/ptrace/ptrace-fpu.c +++ b/arch/powerpc/kernel/ptrace/ptrace-fpu.c @@ -6,9 +6,16 @@ #include "ptrace-decl.h" +#ifdef CONFIG_PPC32 +/* Macros to workout the correct index for the FPR in the thread struct */ +#define FPRNUMBER(i) (((i) - PT_FPR0) >> 1) +#define FPRHALF(i) (((i) - PT_FPR0) & 1) +#define FPRINDEX(i) TS_FPRWIDTH * FPRNUMBER(i) * 2 + FPRHALF(i) +#endif + int ptrace_get_fpr(struct task_struct *child, int index, unsigned long *da= ta) { -#ifdef CONFIG_PPC_FPU_REGS +#if defined(CONFIG_PPC_FPU_REGS) && !defined(CONFIG_PPC32) unsigned int fpidx =3D index - PT_FPR0; #endif @@ -17,10 +24,20 @@ int ptrace_get_fpr(struct task_struct *child, int index, unsigned long *data) #ifdef CONFIG_PPC_FPU_REGS flush_fp_to_thread(child); +#ifdef CONFIG_PPC32 + /* + * the user space code considers the floating point + * to be an array of unsigned int (32 bits) - the + * index passed in is based on this assumption. + */ + *data =3D ((unsigned int *)child->thread.fp_state.fpr) + [FPRINDEX(index)]; +#else if (fpidx < (PT_FPSCR - PT_FPR0)) memcpy(data, &child->thread.TS_FPR(fpidx), sizeof(long)); else *data =3D child->thread.fp_state.fpscr; +#endif #else *data =3D 0; #endif @@ -30,7 +47,7 @@ int ptrace_get_fpr(struct task_struct *child, int index, unsigned long *data) int ptrace_put_fpr(struct task_struct *child, int index, unsigned long dat= a) { -#ifdef CONFIG_PPC_FPU_REGS +#if defined(CONFIG_PPC_FPU_REGS) && !defined(CONFIG_PPC32) unsigned int fpidx =3D index - PT_FPR0; #endif @@ -39,10 +56,20 @@ int ptrace_put_fpr(struct task_struct *child, int index, unsigned long data) #ifdef CONFIG_PPC_FPU_REGS flush_fp_to_thread(child); +#ifdef CONFIG_PPC32 + /* + * the user space code considers the floating point + * to be an array of unsigned int (32 bits) - the + * index passed in is based on this assumption. + */ + ((unsigned int *)child->thread.fp_state.fpr) + [FPRINDEX(index)] =3D data; +#else -- 2.36.1 ---------- From: Greg KH Date: Thu, Jun 2, 2022 at 9:27 AM To: Ariel Miculas Cc: THis type of #ifdef in .c code is unmaintainable over time. Can you put it properly in a .h file somehow to make it simpler and easier to understand and support? thanks, greg k-h ---------- From: Ariel Miculas Date: Thu, Jun 2, 2022 at 12:24 PM To: Greg KH Cc: I will send it to you shortly, but I will switch to my corporate email addr= ess. ---------- From: Ariel Miculas Date: Mon, Jun 6, 2022 at 7:45 PM To: ,