From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Tim Bird <tim.bird@am.sony.com>,
Russell King <rmk+kernel@arm.linux.org.uk>
Subject: [ 15/52] ARM: 7410/1: Add extra clobber registers for assembly in kernel_execve
Date: Thu, 10 May 2012 10:31:47 -0700 [thread overview]
Message-ID: <20120510173134.263078008@linuxfoundation.org> (raw)
In-Reply-To: <20120510173229.GA5678@kroah.com>
3.3-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tim Bird <tim.bird@am.sony.com>
commit e787ec1376e862fcea1bfd523feb7c5fb43ecdb9 upstream.
The inline assembly in kernel_execve() uses r8 and r9. Since this
code sequence does not return, it usually doesn't matter if the
register clobber list is accurate. However, I saw a case where a
particular version of gcc used r8 as an intermediate for the value
eventually passed to r9. Because r8 is used in the inline
assembly, and not mentioned in the clobber list, r9 was set
to an incorrect value.
This resulted in a kernel panic on execution of the first user-space
program in the system. r9 is used in ret_to_user as the thread_info
pointer, and if it's wrong, bad things happen.
Signed-off-by: Tim Bird <tim.bird@am.sony.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/kernel/sys_arm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/kernel/sys_arm.c
+++ b/arch/arm/kernel/sys_arm.c
@@ -115,7 +115,7 @@ int kernel_execve(const char *filename,
"Ir" (THREAD_START_SP - sizeof(regs)),
"r" (®s),
"Ir" (sizeof(regs))
- : "r0", "r1", "r2", "r3", "ip", "lr", "memory");
+ : "r0", "r1", "r2", "r3", "r8", "r9", "ip", "lr", "memory");
out:
return ret;
next prev parent reply other threads:[~2012-05-10 17:47 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-10 17:32 [ 00/52] 3.3.6-stable review Greg KH
2012-05-10 17:31 ` [ 01/52] drm/i915: enable dip before writing data on gen4 Greg KH
2012-05-10 17:31 ` [ 02/52] smsc95xx: mark link down on startup and let PHY interrupt deal with carrier changes Greg KH
2012-05-10 17:31 ` [ 03/52] e1000: fix vlan processing regression Greg KH
2012-05-10 17:31 ` [ 04/52] xen/pte: Fix crashes when trying to see non-existent PGD/PMD/PUD/PTEs Greg KH
2012-05-10 17:31 ` [ 05/52] xen/pci: dont use PCI BIOS service for configuration space accesses Greg KH
2012-05-10 17:31 ` [ 06/52] drm/i915: disable sdvo hotplug on i945g/gm Greg KH
2012-05-10 17:31 ` [ 07/52] drm/i915: Do no set Stencil Cache eviction LRA w/a on gen7+ Greg KH
2012-05-10 17:31 ` [ 08/52] ASoC: core: check of_property_count_strings failure Greg KH
2012-05-10 17:31 ` [ 09/52] ASoC: tlv312aic23: unbreak resume Greg KH
2012-05-10 17:31 ` [ 10/52] fs/cifs: fix parsing of dfs referrals Greg KH
2012-05-10 17:31 ` [ 11/52] x86, relocs: Remove an unused variable Greg KH
2012-05-10 17:31 ` [ 12/52] percpu, x86: dont use PMD_SIZE as embedded atom_size on 32bit Greg KH
2012-05-10 17:31 ` [ 13/52] asm-generic: Use __BITS_PER_LONG in statfs.h Greg KH
2012-05-10 17:31 ` [ 14/52] Fix __read_seqcount_begin() to use ACCESS_ONCE for sequence value read Greg KH
2012-05-10 17:31 ` Greg KH [this message]
2012-05-10 17:31 ` [ 16/52] ARM: 7411/1: audit: fix treatment of saved ip register during syscall tracing Greg KH
2012-05-10 17:31 ` [ 17/52] ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless of endianness Greg KH
2012-05-10 17:31 ` [ 18/52] ARM: 7414/1: SMP: prevent use of the console when using idmap_pgd Greg KH
2012-05-10 17:31 ` [ 19/52] regulator: Fix the logic to ensure new voltage setting in valid range Greg KH
2012-05-10 17:31 ` [ 20/52] ARM: orion5x: Fix GPIO enable bits for MPP9 Greg KH
2012-05-10 17:31 ` [ 21/52] ARM: OMAP: Revert "ARM: OMAP: ctrl: Fix CONTROL_DSIPHY register fields" Greg KH
2012-05-10 17:31 ` [ 22/52] asix: Fix tx transfer padding for full-speed USB Greg KH
2012-05-10 18:25 ` Mark Lord
2012-05-10 18:29 ` Mark Lord
2012-05-10 18:52 ` David Miller
2012-05-10 17:31 ` [ 23/52] netem: fix possible skb leak Greg KH
2012-05-10 17:31 ` [ 24/52] net: In unregister_netdevice_notifier unregister the netdevices Greg KH
2012-05-10 17:31 ` [ 25/52] net: l2tp: unlock socket lock before returning from l2tp_ip_sendmsg Greg KH
2012-05-10 17:31 ` [ 26/52] sky2: propogate rx hash when packet is copied Greg KH
2012-05-10 17:31 ` [ 27/52] sky2: fix receive length error in mixed non-VLAN/VLAN traffic Greg KH
2012-05-10 17:32 ` [ 28/52] sungem: Fix WakeOnLan Greg KH
2012-05-10 17:32 ` [ 29/52] tg3: Avoid panic from reserved statblk field access Greg KH
2012-05-10 17:32 ` [ 30/52] tcp: fix infinite cwnd in tcp_complete_cwr() Greg KH
2012-05-10 17:32 ` [ 31/52] tcp: change tcp_adv_win_scale and tcp_rmem[2] Greg KH
2012-05-10 17:32 ` [ 32/52] net: Add memory barriers to prevent possible race in byte queue limits Greg KH
2012-05-10 17:32 ` [ 33/52] net: Fix issue with netdev_tx_reset_queue not resetting queue from XOFF state Greg KH
2012-05-10 18:53 ` Alexander Duyck
2012-05-10 18:55 ` David Miller
2012-05-10 19:46 ` Jonathan Nieder
2012-05-10 20:35 ` Alexander Duyck
2012-05-10 20:51 ` David Miller
2012-05-10 22:03 ` Greg KH
2012-05-10 17:32 ` [ 34/52] KVM: s390: do store status after handling STOP_ON_STOP bit Greg KH
2012-05-10 17:32 ` [ 35/52] KVM: s390: Sanitize fpc registers for KVM_SET_FPU Greg KH
2012-05-10 17:32 ` [ 36/52] KVM: Fix write protection race during dirty logging Greg KH
2012-05-10 17:32 ` [ 37/52] KVM: mmu_notifier: Flush TLBs before releasing mmu_lock Greg KH
2012-05-10 17:32 ` [ 38/52] KVM: x86 emulator: correctly mask pmc index bits in RDPMC instruction emulation Greg KH
2012-05-10 17:32 ` [ 39/52] KVM: Ensure all vcpus are consistent with in-kernel irqchip settings Greg KH
2012-05-10 17:32 ` [ 40/52] KVM: VMX: Fix delayed load of shared MSRs Greg KH
2012-05-10 17:32 ` [ 41/52] KVM: nVMX: Fix erroneous exception bitmap check Greg KH
2012-05-10 17:32 ` [ 42/52] KVM: VMX: vmx_set_cr0 expects kvm->srcu locked Greg KH
2012-05-10 17:32 ` [ 43/52] KVM: VMX: Fix kvm_set_shared_msr() called in preemptible context Greg KH
2012-05-10 17:32 ` [ 44/52] KVM: lock slots_lock around device assignment Greg KH
2012-05-10 17:32 ` [ 45/52] sony-laptop: Enable keyboard backlight by default Greg KH
2012-05-10 17:32 ` [ 46/52] hugepages: fix use after free bug in "quota" handling Greg KH
2012-05-10 17:32 ` [ 47/52] mtip32xx: fix incorrect value set for drv_cleanup_done, and re-initialize and start port in mtip_restart_port() Greg KH
2012-05-10 17:32 ` [ 48/52] mtip32xx: fix error handling in mtip_init() Greg KH
2012-05-10 17:32 ` [ 49/52] block: mtip32xx: remove HOTPLUG_PCI_PCIE dependancy Greg KH
2012-05-10 17:32 ` [ 50/52] nfsd: dont fail unchecked creates of non-special files Greg KH
2012-05-10 17:32 ` [ 51/52] ARM: 7397/1: l2x0: only apply workaround for erratum #753970 on PL310 Greg KH
2012-05-10 17:32 ` [ 52/52] ARM: 7398/1: l2x0: only write to debug registers " Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120510173134.263078008@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=rmk+kernel@arm.linux.org.uk \
--cc=stable@vger.kernel.org \
--cc=tim.bird@am.sony.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).