From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, James Hogan <james.hogan@imgtec.com>,
Leonid Yegoshin <Leonid.Yegoshin@imgtec.com>,
linux-mips@linux-mips.org, Ralf Baechle <ralf@linux-mips.org>
Subject: [PATCH 4.6 005/121] MIPS: Dont unwind to user mode with EVA
Date: Sun, 5 Jun 2016 14:42:37 -0700 [thread overview]
Message-ID: <20160605214417.875619081@linuxfoundation.org> (raw)
In-Reply-To: <20160605214417.708509043@linuxfoundation.org>
4.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Hogan <james.hogan@imgtec.com>
commit a816b306c62195b7c43c92cb13330821a96bdc27 upstream.
When unwinding through IRQs and exceptions, the unwinding only continues
if the PC is a kernel text address, however since EVA it is possible for
user and kernel address ranges to overlap, potentially allowing
unwinding to continue to user mode if the user PC happens to be in the
kernel text address range.
Adjust the check to also ensure that the register state from before the
exception is actually running in kernel mode, i.e. !user_mode(regs).
I don't believe any harm can come of this problem, since the PC is only
output, the stack pointer is checked to ensure it resides within the
task's stack page before it is dereferenced in search of the return
address, and the return address register is similarly only output (if
the PC is in a leaf function or the beginning of a non-leaf function).
However unwind_stack() is only meant for unwinding kernel code, so to be
correct the unwind should stop there.
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/11700/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
@@ -455,7 +455,7 @@ unsigned long notrace unwind_stack_by_ad
*sp + sizeof(*regs) <= stack_page + THREAD_SIZE - 32) {
regs = (struct pt_regs *)*sp;
pc = regs->cp0_epc;
- if (__kernel_text_address(pc)) {
+ if (!user_mode(regs) && __kernel_text_address(pc)) {
*sp = regs->regs[29];
*ra = regs->regs[31];
return pc;
next prev parent reply other threads:[~2016-06-05 22:14 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-05 21:42 [PATCH 4.6 000/121] 4.6.2-stable review Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 001/121] f2fs: fix deadlock when flush inline data Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 002/121] MIPS64: R6: R2 emulation bugfix Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 003/121] MIPS: math-emu: Fix jalr emulation when rd == $0 Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 004/121] MIPS: MSA: Fix a link error on `_init_msa_upper with older GCC Greg Kroah-Hartman
2016-06-05 21:42 ` Greg Kroah-Hartman [this message]
2016-06-05 21:42 ` [PATCH 4.6 006/121] MIPS: Avoid using unwind_stack() with usermode Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 007/121] MIPS: Fix siginfo.h to use strict posix types Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 008/121] MIPS: Fix uapi include in exported asm/siginfo.h Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 009/121] MIPS: Fix watchpoint restoration Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 010/121] MIPS: Handle highmem pages in __update_cache Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 011/121] MIPS: Sync icache & dcache in set_pte_at Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 012/121] MIPS: Loongson-3: Fix build error after ld-version.sh modification Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 013/121] MIPS: ath79: make bootconsole wait for both THRE and TEMT Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 014/121] MIPS: Reserve nosave data for hibernation Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 015/121] MIPS: Loongson-3: Reserve 32MB for RS780E integrated GPU Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 016/121] MIPS: Use copy_s.fmt rather than copy_u.fmt Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 017/121] MIPS: Fix MSA ld_*/st_* asm macros to use PTR_ADDU Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 018/121] MIPS: Force CPUs to lose FP context during mode switches Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 019/121] MIPS: Prevent "restoration" of MSA context in non-MSA kernels Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 020/121] MIPS: Disable preemption during prctl(PR_SET_FP_MODE, ...) Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 021/121] MIPS: ptrace: Fix FP context restoration FCSR regression Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 022/121] MIPS: ptrace: Prevent writes to read-only FCSR bits Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 023/121] MIPS: Fix sigreturn via VDSO on microMIPS kernel Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 024/121] MIPS: Build microMIPS VDSO for microMIPS kernels Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 025/121] MIPS: lib: Mark intrinsics notrace Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 026/121] MIPS: VDSO: Build with `-fno-strict-aliasing Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.6 027/121] affs: fix remount failure when there are no options changed Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 028/121] ASoC: ak4642: Enable cache usage to fix crashes on resume Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 029/121] Input: uinput - handle compat ioctl for UI_SET_PHYS Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 030/121] Input: xpad - move pending clear to the correct location Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 031/121] Input: xpad - prevent spurious input from wired Xbox 360 controllers Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 032/121] ARM: sun4i: dt: Enable dram gate 5 (tve0 clock) for simplefb TV output Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 033/121] ARM: sun7i: " Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 034/121] ARM: mvebu: fix GPIO config on the Linksys boards Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 035/121] ARM: dts: at91: fix typo in sama5d2 PIN_PD24 description Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 036/121] ARM: dts: exynos: Add interrupt line to MAX8997 PMIC on exynos4210-trats Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 037/121] ARM: dts: imx35: restore existing used clock enumeration Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 038/121] ath9k: Add a module parameter to invert LED polarity Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 039/121] ath9k: Fix LED polarity for some Mini PCI AR9220 MB92 cards Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 040/121] ath10k: fix debugfs pktlog_filter write Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 041/121] ath10k: fix firmware assert in monitor mode Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 042/121] ath10k: fix rx_channel during hw reconfigure Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 043/121] ath10k: fix kernel panic, move arvifs list head init before htt init Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 044/121] ath5k: Change led pin configuration for compaq c700 laptop Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 045/121] hwrng: exynos - Fix unbalanced PM runtime put on timeout error path Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 046/121] rtlwifi: rtl8723be: Add antenna select module parameter Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 047/121] rtlwifi: btcoexist: Implement antenna selection Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 048/121] rtlwifi: Fix logic error in enter/exit power-save mode Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 049/121] rtlwifi: pci: use dev_kfree_skb_irq instead of kfree_skb in rtl_pci_reset_trx_ring Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 050/121] Revert "lpfc: Delete unnecessary checks before the function call mempool_destroy" Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 051/121] aacraid: Start adapter after updating number of MSIX vectors Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 052/121] aacraid: Relinquish CPU during timeout wait Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 053/121] aacraid: Fix for aac_command_thread hang Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 054/121] aacraid: Fix for KDUMP driver hang Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 055/121] regulator: Try to resolve regulators supplies on registration Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 056/121] hwmon: (ads7828) Enable internal reference Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 057/121] mfd: intel_quark_i2c_gpio: Remove clock tree on error path Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 058/121] mfd: intel-lpss: Save register context on suspend Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 060/121] PM / Runtime: Fix error path in pm_runtime_force_resume() Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 061/121] cpuidle: Indicate when a device has been unregistered Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 062/121] cpuidle: Fix cpuidle_state_is_coupled() argument in cpuidle_enter() Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 063/121] clk: bcm2835: Fix PLL poweron Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 064/121] clk: at91: fix check of clk_register() returned value Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 065/121] clk: bcm2835: pll_off should only update CM_PLL_ANARST Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 066/121] clk: bcm2835: divider value has to be 1 or more Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 067/121] clk: bcm2835: correctly enable fractional clock support Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 068/121] pinctrl: exynos5440: Use off-stack memory for pinctrl_gpio_range Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 069/121] PCI: Disable all BAR sizing for devices with non-compliant BARs Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 070/121] [media] media: v4l2-compat-ioctl32: fix missing reserved field copy in put_v4l2_create32 Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 071/121] PKCS#7: fix missing break on OID_sha224 case Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 072/121] mm: use phys_addr_t for reserve_bootmem_region() arguments Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 073/121] mm/compaction.c: fix zoneindex in kcompactd() Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 074/121] wait/ptrace: assume __WALL if the child is traced Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 075/121] QE-UART: add "fsl,t1040-ucc-uart" to of_device_id Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 076/121] batman-adv: Fix double neigh_node_put in batadv_v_ogm_route_update Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 077/121] powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 078/121] powerpc/eeh: Dont report error in eeh_pe_reset_and_recover() Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 079/121] Revert "powerpc/eeh: Fix crash in eeh_add_device_early() on Cell" Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 080/121] powerpc/eeh: Restore initial state in eeh_pe_reset_and_recover() Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 081/121] xen/events: Dont move disabled irqs Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 082/121] xen: use same main loop for counting and remapping pages Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 084/121] drm/gma500: Fix possible out of bounds read Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 085/121] drm/vmwgfx: Kill some lockdep warnings Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 086/121] drm/amdgpu: use drm_mode_vrefresh() rather than mode->vrefresh Greg Kroah-Hartman
2016-06-05 21:43 ` [PATCH 4.6 087/121] drm/amdgpu: Fix hdmi deep color support Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 088/121] drm/i915/fbdev: Fix num_connector references in intel_fb_initial_config() Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 089/121] drm/fb_helper: Fix references to dev->mode_config.num_connector Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 090/121] drm/i915: Discard previous atomic state on resume if connectors change Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 091/121] drm/atomic: Verify connector->funcs != NULL when clearing states Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 092/121] Bluetooth: 6lowpan: Fix memory corruption of ipv6 destination address Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 101/121] ext4: fix data exposure after a crash Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 102/121] ext4: fix hang when processing corrupted orphaned inode list Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 103/121] ext4: clean up error handling when orphan list is corrupted Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 104/121] ext4: fix check of dqget() return value in ext4_ioctl_setproject() Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 105/121] ext4: fix oops on corrupted filesystem Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 106/121] ext4: address UBSAN warning in mb_find_order_for_block() Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 107/121] ext4: silence UBSAN in ext4_mb_init() Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 108/121] nfs: avoid race that crashes nfs_init_commit Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 109/121] PM / sleep: Handle failures in device_suspend_late() consistently Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 111/121] scripts/package/Makefile: rpmbuild add support of RPMOPTS Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 112/121] mm: thp: avoid false positive VM_BUG_ON_PAGE in page_move_anon_rmap() Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 113/121] gcov: disable tree-loop-im to reduce stack usage Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 114/121] xfs: disallow rw remount on fs with unknown ro-compat features Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 115/121] xfs: Dont wrap growfs AGFL indexes Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 116/121] xfs: remove xfs_fs_evict_inode() Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 117/121] xfs: xfs_iflush_cluster fails to abort on error Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 118/121] xfs: fix inode validity check in xfs_iflush_cluster Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 119/121] xfs: skip stale inodes " Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 120/121] drm: msm: remove unused variable Greg Kroah-Hartman
2016-06-05 21:44 ` [PATCH 4.6 121/121] IB/hfi1: Fix hard lockup due to not using save/restore spin lock Greg Kroah-Hartman
2016-06-06 17:27 ` [PATCH 4.6 000/121] 4.6.2-stable review Shuah Khan
[not found] ` <57551989.692dc20a.8974c.7dc4@mx.google.com>
[not found] ` <7ha8iye81z.fsf@baylibre.com>
2016-06-06 16:18 ` Guenter Roeck
2016-06-06 16:34 ` Greg Kroah-Hartman
2016-06-07 20:02 ` Guenter Roeck
2016-06-06 22:32 ` Tyler Baker
2016-06-06 22:43 ` Javier Martinez Canillas
2016-06-06 23:30 ` Mark Brown
2016-06-06 23:33 ` Greg Kroah-Hartman
2016-06-06 23:46 ` Mark Brown
2016-06-08 0:54 ` Greg Kroah-Hartman
2016-06-07 13:40 ` Guenter Roeck
2016-06-08 1:09 ` Greg Kroah-Hartman
2016-06-08 3:09 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160605214417.875619081@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Leonid.Yegoshin@imgtec.com \
--cc=james.hogan@imgtec.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=ralf@linux-mips.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).