From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Fredrik Strupe <fredrik@strupe.net>, Oleg Nesterov <oleg@redhat.com>, Russell King <rmk+kernel@armlinux.org.uk>, Sasha Levin <sashal@kernel.org>, linux-arm-kernel@lists.infradead.org Subject: [PATCH AUTOSEL 4.19 2/9] ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Date: Fri, 5 Jun 2020 08:25:50 -0400 [thread overview] Message-ID: <20200605122558.2882712-2-sashal@kernel.org> (raw) In-Reply-To: <20200605122558.2882712-1-sashal@kernel.org> From: Fredrik Strupe <fredrik@strupe.net> [ Upstream commit 3866f217aaa81bf7165c7f27362eee5d7919c496 ] call_undef_hook() in traps.c applies the same instr_mask for both 16-bit and 32-bit thumb instructions. If instr_mask then is only 16 bits wide (0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb instructions will be masked out. This makes the function match 32-bit thumb instructions where the second half-word is equal to instr_val, regardless of the first half-word. The result in this case is that all undefined 32-bit thumb instructions with the second half-word equal to 0xde01 (udf #1) work as breakpoints and will raise a SIGTRAP instead of a SIGILL, instead of just the one intended 16-bit instruction. An example of such an instruction is 0xeaa0de01, which is unallocated according to Arm ARM and should raise a SIGILL, but instead raises a SIGTRAP. This patch fixes the issue by setting all the bits in instr_mask, which will still match the intended 16-bit thumb instruction (where the upper half is always 0), but not any 32-bit thumb instructions. Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Fredrik Strupe <fredrik@strupe.net> Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by: Sasha Levin <sashal@kernel.org> --- arch/arm/kernel/ptrace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 36718a424358..492ac74a63f4 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -229,8 +229,8 @@ static struct undef_hook arm_break_hook = { }; static struct undef_hook thumb_break_hook = { - .instr_mask = 0xffff, - .instr_val = 0xde01, + .instr_mask = 0xffffffff, + .instr_val = 0x0000de01, .cpsr_mask = PSR_T_BIT, .cpsr_val = PSR_T_BIT, .fn = break_trap, -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Sasha Levin <sashal@kernel.org>, Russell King <rmk+kernel@armlinux.org.uk>, Fredrik Strupe <fredrik@strupe.net>, Oleg Nesterov <oleg@redhat.com>, linux-arm-kernel@lists.infradead.org Subject: [PATCH AUTOSEL 4.19 2/9] ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Date: Fri, 5 Jun 2020 08:25:50 -0400 [thread overview] Message-ID: <20200605122558.2882712-2-sashal@kernel.org> (raw) In-Reply-To: <20200605122558.2882712-1-sashal@kernel.org> From: Fredrik Strupe <fredrik@strupe.net> [ Upstream commit 3866f217aaa81bf7165c7f27362eee5d7919c496 ] call_undef_hook() in traps.c applies the same instr_mask for both 16-bit and 32-bit thumb instructions. If instr_mask then is only 16 bits wide (0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb instructions will be masked out. This makes the function match 32-bit thumb instructions where the second half-word is equal to instr_val, regardless of the first half-word. The result in this case is that all undefined 32-bit thumb instructions with the second half-word equal to 0xde01 (udf #1) work as breakpoints and will raise a SIGTRAP instead of a SIGILL, instead of just the one intended 16-bit instruction. An example of such an instruction is 0xeaa0de01, which is unallocated according to Arm ARM and should raise a SIGILL, but instead raises a SIGTRAP. This patch fixes the issue by setting all the bits in instr_mask, which will still match the intended 16-bit thumb instruction (where the upper half is always 0), but not any 32-bit thumb instructions. Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Fredrik Strupe <fredrik@strupe.net> Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by: Sasha Levin <sashal@kernel.org> --- arch/arm/kernel/ptrace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 36718a424358..492ac74a63f4 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -229,8 +229,8 @@ static struct undef_hook arm_break_hook = { }; static struct undef_hook thumb_break_hook = { - .instr_mask = 0xffff, - .instr_val = 0xde01, + .instr_mask = 0xffffffff, + .instr_val = 0x0000de01, .cpsr_mask = PSR_T_BIT, .cpsr_val = PSR_T_BIT, .fn = break_trap, -- 2.25.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-06-05 12:28 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-06-05 12:25 [PATCH AUTOSEL 4.19 1/9] Input: mms114 - fix handling of mms345l Sasha Levin 2020-06-05 12:25 ` Sasha Levin [this message] 2020-06-05 12:25 ` [PATCH AUTOSEL 4.19 2/9] ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Sasha Levin 2020-06-05 12:25 ` [PATCH AUTOSEL 4.19 3/9] sched/fair: Don't NUMA balance for kthreads Sasha Levin 2020-06-05 12:25 ` [PATCH AUTOSEL 4.19 4/9] net: check untrusted gso_size at kernel entry Sasha Levin 2020-06-05 12:25 ` Sasha Levin 2020-06-05 12:25 ` [PATCH AUTOSEL 4.19 5/9] net: usb: qmi_wwan: add Telit LE910C1-EUX composition Sasha Levin 2020-06-05 12:25 ` [PATCH AUTOSEL 4.19 6/9] Input: synaptics - add a second working PNP_ID for Lenovo T470s Sasha Levin 2020-06-05 12:25 ` [PATCH AUTOSEL 4.19 7/9] NFC: st21nfca: add missed kfree_skb() in an error path Sasha Levin 2020-06-05 12:25 ` [PATCH AUTOSEL 4.19 8/9] drivers/net/ibmvnic: Update VNIC protocol version reporting Sasha Levin 2020-06-05 12:25 ` Sasha Levin 2020-06-05 12:25 ` [PATCH AUTOSEL 4.19 9/9] l2tp: do not use inet_hash()/inet_unhash() Sasha Levin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200605122558.2882712-2-sashal@kernel.org \ --to=sashal@kernel.org \ --cc=fredrik@strupe.net \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=oleg@redhat.com \ --cc=rmk+kernel@armlinux.org.uk \ --cc=stable@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.