From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Alan Modra <amodra@gmail.com>, Reza Arbab <arbab@linux.ibm.com>,
Paul Mackerras <paulus@ozlabs.org>,
Sasha Levin <sashal@kernel.org>,
linuxppc-dev@lists.ozlabs.org
Subject: [PATCH AUTOSEL 4.9 53/64] powerpc/vdso: Correct call frame information
Date: Fri, 8 Nov 2019 06:45:34 -0500 [thread overview]
Message-ID: <20191108114545.15351-53-sashal@kernel.org> (raw)
In-Reply-To: <20191108114545.15351-1-sashal@kernel.org>
From: Alan Modra <amodra@gmail.com>
[ Upstream commit 56d20861c027498b5a1112b4f9f05b56d906fdda ]
Call Frame Information is used by gdb for back-traces and inserting
breakpoints on function return for the "finish" command. This failed
when inside __kernel_clock_gettime. More concerning than difficulty
debugging is that CFI is also used by stack frame unwinding code to
implement exceptions. If you have an app that needs to handle
asynchronous exceptions for some reason, and you are unlucky enough to
get one inside the VDSO time functions, your app will crash.
What's wrong: There is control flow in __kernel_clock_gettime that
reaches label 99 without saving lr in r12. CFI info however is
interpreted by the unwinder without reference to control flow: It's a
simple matter of "Execute all the CFI opcodes up to the current
address". That means the unwinder thinks r12 contains the return
address at label 99. Disabuse it of that notion by resetting CFI for
the return address at label 99.
Note that the ".cfi_restore lr" could have gone anywhere from the
"mtlr r12" a few instructions earlier to the instruction at label 99.
I put the CFI as late as possible, because in general that's best
practice (and if possible grouped with other CFI in order to reduce
the number of CFI opcodes executed when unwinding). Using r12 as the
return address is perfectly fine after the "mtlr r12" since r12 on
that code path still contains the return address.
__get_datapage also has a CFI error. That function temporarily saves
lr in r0, and reflects that fact with ".cfi_register lr,r0". A later
use of r0 means the CFI at that point isn't correct, as r0 no longer
contains the return address. Fix that too.
Signed-off-by: Alan Modra <amodra@gmail.com>
Tested-by: Reza Arbab <arbab@linux.ibm.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/vdso32/datapage.S | 1 +
arch/powerpc/kernel/vdso32/gettimeofday.S | 1 +
arch/powerpc/kernel/vdso64/datapage.S | 1 +
arch/powerpc/kernel/vdso64/gettimeofday.S | 1 +
4 files changed, 4 insertions(+)
diff --git a/arch/powerpc/kernel/vdso32/datapage.S b/arch/powerpc/kernel/vdso32/datapage.S
index 3745113fcc652..2a7eb5452aba7 100644
--- a/arch/powerpc/kernel/vdso32/datapage.S
+++ b/arch/powerpc/kernel/vdso32/datapage.S
@@ -37,6 +37,7 @@ data_page_branch:
mtlr r0
addi r3, r3, __kernel_datapage_offset-data_page_branch
lwz r0,0(r3)
+ .cfi_restore lr
add r3,r0,r3
blr
.cfi_endproc
diff --git a/arch/powerpc/kernel/vdso32/gettimeofday.S b/arch/powerpc/kernel/vdso32/gettimeofday.S
index 6b2b69616e776..7b341b86216c2 100644
--- a/arch/powerpc/kernel/vdso32/gettimeofday.S
+++ b/arch/powerpc/kernel/vdso32/gettimeofday.S
@@ -139,6 +139,7 @@ V_FUNCTION_BEGIN(__kernel_clock_gettime)
*/
99:
li r0,__NR_clock_gettime
+ .cfi_restore lr
sc
blr
.cfi_endproc
diff --git a/arch/powerpc/kernel/vdso64/datapage.S b/arch/powerpc/kernel/vdso64/datapage.S
index abf17feffe404..bf96686915116 100644
--- a/arch/powerpc/kernel/vdso64/datapage.S
+++ b/arch/powerpc/kernel/vdso64/datapage.S
@@ -37,6 +37,7 @@ data_page_branch:
mtlr r0
addi r3, r3, __kernel_datapage_offset-data_page_branch
lwz r0,0(r3)
+ .cfi_restore lr
add r3,r0,r3
blr
.cfi_endproc
diff --git a/arch/powerpc/kernel/vdso64/gettimeofday.S b/arch/powerpc/kernel/vdso64/gettimeofday.S
index 3820213248836..09b2a49f6dd53 100644
--- a/arch/powerpc/kernel/vdso64/gettimeofday.S
+++ b/arch/powerpc/kernel/vdso64/gettimeofday.S
@@ -124,6 +124,7 @@ V_FUNCTION_BEGIN(__kernel_clock_gettime)
*/
99:
li r0,__NR_clock_gettime
+ .cfi_restore lr
sc
blr
.cfi_endproc
--
2.20.1
next prev parent reply other threads:[~2019-11-08 11:52 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-08 11:44 [PATCH AUTOSEL 4.9 01/64] ath10k: fix kernel panic by moving pci flush after napi_disable Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 02/64] iio: dac: mcp4922: fix error handling in mcp4922_write_raw Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 03/64] ALSA: pcm: signedness bug in snd_pcm_plug_alloc() Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 04/64] arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 05/64] ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 06/64] cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 07/64] ALSA: seq: Do error checks at creating system ports Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 08/64] ath9k: fix tx99 with monitor mode interface Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 09/64] gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 10/64] ASoC: dpcm: Properly initialise hw->rate_max Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 11/64] MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 12/64] ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 13/64] ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 14/64] i40e: use correct length for strncpy Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 15/64] i40e: hold the rtnl lock on clearing interrupt scheme Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 16/64] i40e: Prevent deleting MAC address from VF when set by PF Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 17/64] IB/rxe: fixes for rdma read retry Sasha Levin
2019-11-08 11:44 ` [PATCH AUTOSEL 4.9 18/64] iwlwifi: mvm: avoid sending too many BARs Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 19/64] ARM: dts: pxa: fix power i2c base address Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 20/64] rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 21/64] net: lan78xx: Bail out if lan78xx_get_endpoints fails Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 22/64] ASoC: sgtl5000: avoid division by zero if lo_vag is zero Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 23/64] ARM: dts: exynos: Disable pull control for S5M8767 PMIC Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 24/64] ath10k: wmi: disable softirq's while calling ieee80211_rx Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 25/64] mips: txx9: fix iounmap related issue Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 26/64] ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 27/64] of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 28/64] ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 29/64] ARM: dts: omap3-gta04: fixes for tvout / venc Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 30/64] ARM: dts: omap3-gta04: tvout: enable as display1 alias Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 31/64] ARM: dts: omap3-gta04: fix touchscreen tsc2007 Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 32/64] ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 33/64] ARM: dts: omap3-gta04: keep vpll2 always on Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 34/64] dmaengine: dma-jz4780: Don't depend on MACH_JZ4780 Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 35/64] dmaengine: dma-jz4780: Further residue status fix Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 36/64] ath9k: add back support for using active monitor interfaces for tx99 Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 37/64] signal: Always ignore SIGKILL and SIGSTOP sent to the global init Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 38/64] signal: Properly deliver SIGILL from uprobes Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 39/64] signal: Properly deliver SIGSEGV from x86 uprobes Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 40/64] f2fs: fix memory leak of percpu counter in fill_super() Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 41/64] scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 42/64] ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 43/64] scsi: pm80xx: Corrected dma_unmap_sg() parameter Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 44/64] scsi: pm80xx: Fixed system hang issue during kexec boot Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 45/64] kprobes: Don't call BUG_ON() if there is a kprobe in use on free list Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 46/64] nvmem: core: return error code instead of NULL from nvmem_device_get Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 47/64] media: fix: media: pci: meye: validate offset to avoid arbitrary access Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 48/64] media: dvb: fix compat ioctl translation Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 49/64] ALSA: intel8x0m: Register irq handler after register initializations Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 50/64] pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 51/64] llc: avoid blocking in llc_sap_close() Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 52/64] ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value Sasha Levin
2019-11-08 11:45 ` Sasha Levin [this message]
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 54/64] ARM: dts: socfpga: Fix I2C bus unit-address error Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 55/64] pinctrl: at91: don't use the same irqchip with multiple gpiochips Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 56/64] cxgb4: Fix endianness issue in t4_fwcache() Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 57/64] power: supply: ab8500_fg: silence uninitialized variable warnings Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 58/64] power: reset: at91-poweroff: do not procede if at91_shdwc is allocated Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 59/64] power: supply: max8998-charger: Fix platform data retrieval Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 60/64] component: fix loop condition to call unbind() if bind() fails Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 61/64] kernfs: Fix range checks in kernfs_get_target_path Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 62/64] ip_gre: fix parsing gre header in ipgre_err Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 63/64] ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036 Sasha Levin
2019-11-08 11:45 ` [PATCH AUTOSEL 4.9 64/64] ath9k: Fix a locking bug in ath9k_add_interface() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191108114545.15351-53-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=amodra@gmail.com \
--cc=arbab@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paulus@ozlabs.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).