# git rev-parse -q --verify 573ae4f13f630d6660008f1974c0a8a29c30e18a^{commit}
573ae4f13f630d6660008f1974c0a8a29c30e18a
already have revision, skipping fetch
# git checkout -q -f -B kisskb 573ae4f13f630d6660008f1974c0a8a29c30e18a
# git clean -qxdf
# < git log -1
# commit 573ae4f13f630d6660008f1974c0a8a29c30e18a
# Author: Jens Wiklander <jens.wiklander@linaro.org>
# Date:   Thu Aug 18 13:08:59 2022 +0200
# 
#     tee: add overflow check in register_shm_helper()
#     
#     With special lengths supplied by user space, register_shm_helper() has
#     an integer overflow when calculating the number of pages covered by a
#     supplied user space memory region.
#     
#     This causes internal_get_user_pages_fast() a helper function of
#     pin_user_pages_fast() to do a NULL pointer dereference:
#     
#       Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
#       Modules linked in:
#       CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11
#       Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
#       pc : internal_get_user_pages_fast+0x474/0xa80
#       Call trace:
#        internal_get_user_pages_fast+0x474/0xa80
#        pin_user_pages_fast+0x24/0x4c
#        register_shm_helper+0x194/0x330
#        tee_shm_register_user_buf+0x78/0x120
#        tee_ioctl+0xd0/0x11a0
#        __arm64_sys_ioctl+0xa8/0xec
#        invoke_syscall+0x48/0x114
#     
#     Fix this by adding an an explicit call to access_ok() in
#     tee_shm_register_user_buf() to catch an invalid user space address
#     early.
#     
#     Fixes: 033ddf12bcf5 ("tee: add register user memory")
#     Cc: stable@vger.kernel.org
#     Reported-by: Nimish Mishra <neelam.nimish@gmail.com>
#     Reported-by: Anirban Chakraborty <ch.anirban00727@gmail.com>
#     Reported-by: Debdeep Mukhopadhyay <debdeep.mukhopadhyay@gmail.com>
#     Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
#     Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
#     Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
# < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sh4-linux/bin/sh4-linux-gcc --version
# < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sh4-linux/bin/sh4-linux-ld --version
# < git log --format=%s --max-count=1 573ae4f13f630d6660008f1974c0a8a29c30e18a
# < make -s -j 48 ARCH=sh O=/kisskb/build/linus_sh-allyesconfig_sh4-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sh4-linux/bin/sh4-linux-  allyesconfig
# Added to kconfig CONFIG_BUILD_DOCSRC=n
# Added to kconfig CONFIG_MODULE_SIG=n
# < make -s -j 48 ARCH=sh O=/kisskb/build/linus_sh-allyesconfig_sh4-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sh4-linux/bin/sh4-linux-  help
# make -s -j 48 ARCH=sh O=/kisskb/build/linus_sh-allyesconfig_sh4-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sh4-linux/bin/sh4-linux-  olddefconfig
# make -s -j 48 ARCH=sh O=/kisskb/build/linus_sh-allyesconfig_sh4-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sh4-linux/bin/sh4-linux-  
  Generating include/generated/machtypes.h
<stdin>:1517:2: warning: #warning syscall clone3 not implemented [-Wcpp]
/kisskb/src/arch/sh/kernel/cpu/sh2/../../entry-common.S: Assembler messages:
/kisskb/src/arch/sh/kernel/cpu/sh2/../../entry-common.S:85: Warning: overflow in branch to __restore_all; converted into longer instruction sequence
/kisskb/src/arch/sh/kernel/cpu/sh2/../../entry-common.S:357: Warning: overflow in branch to syscall_exit_work; converted into longer instruction sequence
/kisskb/src/arch/sh/kernel/cpu/sh2/../../entry-common.S:360: Warning: overflow in branch to syscall_exit_work; converted into longer instruction sequence
In file included from /kisskb/src/arch/sh/include/asm/hw_irq.h:6,
                 from /kisskb/src/include/linux/irq.h:596,
                 from /kisskb/src/include/asm-generic/hardirq.h:17,
                 from /kisskb/src/arch/sh/include/asm/hardirq.h:9,
                 from /kisskb/src/include/linux/hardirq.h:11,
                 from /kisskb/src/include/linux/interrupt.h:11,
                 from /kisskb/src/include/linux/serial_core.h:13,
                 from /kisskb/src/include/linux/serial_sci.h:6,
                 from /kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:11:
/kisskb/src/include/linux/sh_intc.h:100:63: error: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Werror=sizeof-pointer-div]
  100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a)
      |                                                               ^
/kisskb/src/include/linux/sh_intc.h:105:31: note: in expansion of macro '_INTC_ARRAY'
  105 |         _INTC_ARRAY(vectors), _INTC_ARRAY(groups),      \
      |                               ^~~~~~~~~~~
/kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC'
  124 |         .hw = INTC_HW_DESC(vectors, groups, mask_regs,                  \
      |               ^~~~~~~~~~~~
/kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:58:8: note: in expansion of macro 'DECLARE_INTC_DESC'
   58 | static DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL,
      |        ^~~~~~~~~~~~~~~~~
/kisskb/src/include/linux/sh_intc.h:100:63: error: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Werror=sizeof-pointer-div]
  100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a)
      |                                                               ^
/kisskb/src/include/linux/sh_intc.h:106:9: note: in expansion of macro '_INTC_ARRAY'
  106 |         _INTC_ARRAY(mask_regs), _INTC_ARRAY(prio_regs), \
      |         ^~~~~~~~~~~
/kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC'
  124 |         .hw = INTC_HW_DESC(vectors, groups, mask_regs,                  \
      |               ^~~~~~~~~~~~
/kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:58:8: note: in expansion of macro 'DECLARE_INTC_DESC'
   58 | static DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL,
      |        ^~~~~~~~~~~~~~~~~
/kisskb/src/include/linux/sh_intc.h:100:63: error: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Werror=sizeof-pointer-div]
  100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a)
      |                                                               ^
/kisskb/src/include/linux/sh_intc.h:107:9: note: in expansion of macro '_INTC_ARRAY'
  107 |         _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \
      |         ^~~~~~~~~~~
/kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC'
  124 |         .hw = INTC_HW_DESC(vectors, groups, mask_regs,                  \
      |               ^~~~~~~~~~~~
/kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:58:8: note: in expansion of macro 'DECLARE_INTC_DESC'
   58 | static DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL,
      |        ^~~~~~~~~~~~~~~~~
/kisskb/src/include/linux/sh_intc.h:100:63: error: division 'sizeof (void *) / sizeof (void)' does not compute the number of array elements [-Werror=sizeof-pointer-div]
  100 | #define _INTC_ARRAY(a) a, __same_type(a, NULL) ? 0 : sizeof(a)/sizeof(*a)
      |                                                               ^
/kisskb/src/include/linux/sh_intc.h:107:34: note: in expansion of macro '_INTC_ARRAY'
  107 |         _INTC_ARRAY(sense_regs), _INTC_ARRAY(ack_regs), \
      |                                  ^~~~~~~~~~~
/kisskb/src/include/linux/sh_intc.h:124:15: note: in expansion of macro 'INTC_HW_DESC'
  124 |         .hw = INTC_HW_DESC(vectors, groups, mask_regs,                  \
      |               ^~~~~~~~~~~~
/kisskb/src/arch/sh/kernel/cpu/sh2/setup-sh7619.c:58:8: note: in expansion of macro 'DECLARE_INTC_DESC'
   58 | static DECLARE_INTC_DESC(intc_desc, "sh7619", vectors, NULL,
      |        ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[5]: *** [/kisskb/src/scripts/Makefile.build:249: arch/sh/kernel/cpu/sh2/setup-sh7619.o] Error 1
make[4]: *** [/kisskb/src/scripts/Makefile.build:465: arch/sh/kernel/cpu/sh2] Error 2
make[4]: *** Waiting for unfinished jobs....
/kisskb/src/arch/sh/kernel/machvec.c: In function 'sh_mv_setup':
/kisskb/src/arch/sh/kernel/machvec.c:105:33: error: array subscript 'struct sh_machine_vector[0]' is partly outside array bounds of 'long int[1]' [-Werror=array-bounds]
  105 |                         sh_mv = *(struct sh_machine_vector *)&__machvec_start;
      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /kisskb/src/arch/sh/kernel/machvec.c:13:
/kisskb/src/arch/sh/include/asm/sections.h:7:13: note: while referencing '__machvec_start'
    7 | extern long __machvec_start, __machvec_end;
      |             ^~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[3]: *** [/kisskb/src/scripts/Makefile.build:249: arch/sh/kernel/machvec.o] Error 1
make[3]: *** Waiting for unfinished jobs....
make[3]: *** [/kisskb/src/scripts/Makefile.build:465: arch/sh/kernel/cpu] Error 2
make[2]: *** [/kisskb/src/scripts/Makefile.build:465: arch/sh/kernel] Error 2
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [/kisskb/src/Makefile:1855: arch/sh] Error 2
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:222: __sub-make] Error 2
Command 'make -s -j 48 ARCH=sh O=/kisskb/build/linus_sh-allyesconfig_sh4-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sh4-linux/bin/sh4-linux-  ' returned non-zero exit status 2
# rm -rf /kisskb/build/linus_sh-allyesconfig_sh4-gcc11
# Build took: 0:02:44.770014