From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Mikulas Patocka <mpatocka@redhat.com>,
Matt Turner <mattst88@gmail.com>
Subject: [PATCH 4.9 72/88] alpha: fix crash if pthread_create races with signal delivery
Date: Thu, 15 Feb 2018 16:17:39 +0100 [thread overview]
Message-ID: <20180215151232.467437894@linuxfoundation.org> (raw)
In-Reply-To: <20180215151222.437136975@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 21ffceda1c8b3807615c40d440d7815e0c85d366 upstream.
On alpha, a process will crash if it attempts to start a thread and a
signal is delivered at the same time. The crash can be reproduced with
this program: https://cygwin.com/ml/cygwin/2014-11/msg00473.html
The reason for the crash is this:
* we call the clone syscall
* we go to the function copy_process
* copy process calls copy_thread_tls, it is a wrapper around copy_thread
* copy_thread sets the tls pointer: childti->pcb.unique = regs->r20
* copy_thread sets regs->r20 to zero
* we go back to copy_process
* copy process checks "if (signal_pending(current))" and returns
-ERESTARTNOINTR
* the clone syscall is restarted, but this time, regs->r20 is zero, so
the new thread is created with zero tls pointer
* the new thread crashes in start_thread when attempting to access tls
The comment in the code says that setting the register r20 is some
compatibility with OSF/1. But OSF/1 doesn't use the CLONE_SETTLS flag, so
we don't have to zero r20 if CLONE_SETTLS is set. This patch fixes the bug
by zeroing regs->r20 only if CLONE_SETTLS is not set.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/kernel/process.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/alpha/kernel/process.c
+++ b/arch/alpha/kernel/process.c
@@ -265,12 +265,13 @@ copy_thread(unsigned long clone_flags, u
application calling fork. */
if (clone_flags & CLONE_SETTLS)
childti->pcb.unique = regs->r20;
+ else
+ regs->r20 = 0; /* OSF/1 has some strange fork() semantics. */
childti->pcb.usp = usp ?: rdusp();
*childregs = *regs;
childregs->r0 = 0;
childregs->r19 = 0;
childregs->r20 = 1; /* OSF/1 has some strange fork() semantics. */
- regs->r20 = 0;
stack = ((struct switch_stack *) regs) - 1;
*childstack = *stack;
childstack->r26 = (unsigned long) ret_from_fork;
next prev parent reply other threads:[~2018-02-15 15:17 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-15 15:16 [PATCH 4.9 00/88] 4.9.82-stable review Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 01/88] powerpc/pseries: include linux/types.h in asm/hvcall.h Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 02/88] cifs: Fix missing put_xid in cifs_file_strict_mmap Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 03/88] cifs: Fix autonegotiate security settings mismatch Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 04/88] CIFS: zero sensitive data when freeing Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 05/88] dmaengine: dmatest: fix container_of member in dmatest_callback Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 06/88] kaiser: fix compile error without vsyscall Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 07/88] posix-timer: Properly check sigevent->sigev_notify Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 08/88] usb: gadget: uvc: Missing files for configfs interface Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 09/88] sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 10/88] sched/rt: Up the root domain ref count when passing it around via IPIs Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 11/88] dccp: CVE-2017-8824: use-after-free in DCCP code Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 12/88] media: dvb-usb-v2: lmedm04: Improve logic checking of warm start Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 13/88] media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 14/88] media: hdpvr: Fix an error handling path in hdpvr_probe() Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 15/88] mtd: cfi: convert inline functions to macros Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 16/88] mtd: nand: brcmnand: Disable prefetch by default Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 17/88] mtd: nand: Fix nand_do_read_oob() return value Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 18/88] mtd: nand: sunxi: Fix ECC strength choice Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 19/88] ubi: fastmap: Erase outdated anchor PEBs during attach Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 20/88] ubi: block: Fix locking for idr_alloc/idr_remove Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 21/88] ubifs: Massage assert in ubifs_xattr_set() wrt. init_xattrs Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 22/88] nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 23/88] NFS: Add a cond_resched() to nfs_commit_release_pages() Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 24/88] NFS: commit direct writes even if they fail partially Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 25/88] NFS: reject request for id_legacy key without auxdata Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 26/88] NFS: Fix a race between mmap() and O_DIRECT Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 27/88] kernfs: fix regression in kernfs_fop_write caused by wrong type Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 28/88] ahci: Annotate PCI ids for mobile Intel chipsets as such Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 29/88] ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 30/88] ahci: Add Intel Cannon Lake PCH-H PCI ID Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 31/88] crypto: hash - introduce crypto_hash_alg_has_setkey() Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 32/88] crypto: cryptd - pass through absence of ->setkey() Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 33/88] crypto: mcryptd " Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 34/88] crypto: poly1305 - remove ->setkey() method Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 35/88] nsfs: mark dentry with DCACHE_RCUACCESS Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 36/88] media: v4l2-ioctl.c: dont copy back the result for -ENOTTY Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 37/88] media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 38/88] media: v4l2-compat-ioctl32.c: fix the indentation Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 39/88] media: v4l2-compat-ioctl32.c: move helper functions to __get/put_v4l2_format32 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 40/88] media: v4l2-compat-ioctl32.c: avoid sizeof(type) Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 41/88] media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 42/88] media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 43/88] media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 44/88] media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 45/88] media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 46/88] media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 47/88] media: v4l2-compat-ioctl32.c: dont copy back the result for certain errors Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 48/88] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 49/88] crypto: caam - fix endless loop when DECO acquire fails Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 50/88] crypto: sha512-mb - initialize pending lengths correctly Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 51/88] crypto: talitos - fix Kernel Oops on hashing an empty file Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 52/88] arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 53/88] KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 54/88] KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 55/88] ASoC: rockchip: i2s: fix playback after runtime resume Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 56/88] ASoC: skl: Fix kernel warning due to zero NHTL entry Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 57/88] watchdog: imx2_wdt: restore previous timeout after suspend+resume Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 58/88] media: dvb-frontends: fix i2c access helpers for KASAN Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 59/88] media: ts2020: avoid integer overflows on 32 bit machines Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 60/88] media: cxusb, dib0700: ignore XC2028_I2C_FLUSH Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 61/88] fs/proc/kcore.c: use probe_kernel_read() instead of memcpy() Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 62/88] kernel/async.c: revert "async: simplify lowest_in_progress()" Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 63/88] kernel/relay.c: revert "kernel/relay.c: fix potential memory leak" Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 64/88] pipe: actually allow root to exceed the pipe buffer limits Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 65/88] pipe: fix off-by-one error when checking " Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 66/88] HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 67/88] Bluetooth: btsdio: Do not bind to non-removable BCM43341 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 68/88] Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 69/88] Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 70/88] signal/openrisc: Fix do_unaligned_access to send the proper signal Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 71/88] signal/sh: Ensure si_signo is initialized in do_divide_error Greg Kroah-Hartman
2018-02-15 15:17 ` Greg Kroah-Hartman [this message]
2018-02-15 15:17 ` [PATCH 4.9 73/88] alpha: fix reboot on Avanti platform Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 74/88] alpha: fix formating of stack content Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 75/88] xtensa: fix futex_atomic_cmpxchg_inatomic Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 76/88] EDAC, octeon: Fix an uninitialized variable warning Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 77/88] pinctrl: intel: Initialize GPIO properly when used through irqchip Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 78/88] pktcdvd: Fix pkt_setup_dev() error path Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 79/88] clocksource/drivers/stm32: Fix kernel panic with multiple timers Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 80/88] lib/ubsan.c: s/missaligned/misaligned/ Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 81/88] lib/ubsan: add type mismatch handler for new GCC/Clang Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 82/88] btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 83/88] drm/i915: Avoid PPS HW/SW state mismatch due to rounding Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 84/88] ACPI: sbshc: remove raw pointer from printk() message Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 85/88] acpi, nfit: fix register dimm error handling Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 86/88] ovl: fix failure to fsync lower dir Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 87/88] mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 88/88] ftrace: Remove incorrect setting of glob search field Greg Kroah-Hartman
2018-02-15 22:01 ` [PATCH 4.9 00/88] 4.9.82-stable review Shuah Khan
2018-02-15 22:36 ` kernelci.org bot
2018-02-16 6:00 ` Naresh Kamboju
2018-02-16 14:19 ` Guenter Roeck
2018-02-16 19:21 ` Greg Kroah-Hartman
2018-02-16 19:54 ` Greg Kroah-Hartman
2018-02-16 20:25 ` Greg Kroah-Hartman
2018-02-16 20:39 ` Guenter Roeck
2018-02-16 20:44 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180215151232.467437894@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mattst88@gmail.com \
--cc=mpatocka@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).