powerpcspe: Don't leak kernel registers in SPE dumps

save_vec_int() for SPE saves off only the high word of the register, leaving the low word as "garbage", but really containing whatever was in the kernel register at the time. This leaks into core dumps, and in a near future commit also into ptrace. Instead, save the GPR in the low word in save_vec_nodrop(), which is used only for core dumps and ptrace.
svn path=/head/; revision=354776
2019-11-16 16:36:20 +00:00 · 2019-11-16 16:36:20 +00:00 · 6f83eb8b21 · 2020-12-20 02:59:44 +00:00
commit 6f83eb8b21
parent fe6277692f
1 changed files with 13 additions and 4 deletions
--- a/sys/powerpc/booke/spe.c
+++ b/sys/powerpc/booke/spe.c
@ -176,19 +176,28 @@ save_vec(struct thread *td)

 /*
 * Save SPE state without dropping ownership.  This will only save state if
- * the current vector-thread is `td'.
+ * the current vector-thread is `td'.  This is used for taking core dumps, so
+ * don't leak kernel information; overwrite the low words of each vector with
+ * their real value, taken from the thread's trap frame, unconditionally.
 */
 void
 save_vec_nodrop(struct thread *td)
 {
 	struct thread *vtd;
+	struct pcb *pcb;
+	int i;

 	vtd = PCPU_GET(vecthread);
-	if (td != vtd) {
-		return;
+	if (td == vtd) {
+		save_vec_int(td);
 	}

-	save_vec_int(td);
+	pcb = td->td_pcb;
+
+	for (i = 0; i < 32; i++) {
+		pcb->pcb_vec.vr[i][1] =
+		    td->td_frame ? td->td_frame->fixreg[i] : 0;
+	}
 }