From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Suzuki K Poulose <suzuki.poulose@arm.com>,
Fredrik Strupe <fredrik@strupe.net>,
Catalin Marinas <catalin.marinas@arm.com>
Subject: [PATCH 4.9 048/125] arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
Date: Wed, 22 Apr 2020 11:56:05 +0200 [thread overview]
Message-ID: <20200422095041.292862000@linuxfoundation.org> (raw)
In-Reply-To: <20200422095032.909124119@linuxfoundation.org>
From: Fredrik Strupe <fredrik@strupe.net>
commit fc2266011accd5aeb8ebc335c381991f20e26e33 upstream.
For thumb instructions, call_undef_hook() in traps.c first reads a u16,
and if the u16 indicates a T32 instruction (u16 >= 0xe800), a second
u16 is read, which then makes up the the lower half-word of a T32
instruction. For T16 instructions, the second u16 is not read,
which makes the resulting u32 opcode always have the upper half set to
0.
However, having the upper half of instr_mask in the undef_hook set to 0
masks out the upper half of all thumb instructions - both T16 and T32.
This results in trapped T32 instructions with the lower half-word equal
to the T16 encoding of setend (b650) being matched, even though the upper
half-word is not 0000 and thus indicates a T32 opcode.
An example of such a T32 instruction is eaa0b650, which should raise a
SIGILL since T32 instructions with an eaa prefix are unallocated as per
Arm ARM, but instead works as a SETEND because the second half-word is set
to b650.
This patch fixes the issue by extending instr_mask to include the
upper u32 half, which will still match T16 instructions where the upper
half is 0, but not T32 instructions.
Fixes: 2d888f48e056 ("arm64: Emulate SETEND for AArch32 tasks")
Cc: <stable@vger.kernel.org> # 4.0.x-
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Fredrik Strupe <fredrik@strupe.net>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/armv8_deprecated.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -604,7 +604,7 @@ static struct undef_hook setend_hooks[]
},
{
/* Thumb mode */
- .instr_mask = 0x0000fff7,
+ .instr_mask = 0xfffffff7,
.instr_val = 0x0000b650,
.pstate_mask = (COMPAT_PSR_T_BIT | COMPAT_PSR_MODE_MASK),
.pstate_val = (COMPAT_PSR_T_BIT | COMPAT_PSR_MODE_USR),
next prev parent reply other threads:[~2020-04-22 10:05 UTC|newest]
Thread overview: 132+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-22 9:55 [PATCH 4.9 000/125] 4.9.220-rc1 review Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 001/125] bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 002/125] net: vxge: fix wrong __VA_ARGS__ usage Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 003/125] qlcnic: Fix bad kzalloc null test Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 004/125] i2c: st: fix missing struct parameter description Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 005/125] irqchip/versatile-fpga: Handle chained IRQs properly Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 006/125] sched: Avoid scale real weight down to zero Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 007/125] selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 008/125] libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 009/125] gfs2: Dont demote a glock until its revokes are written Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 010/125] x86/boot: Use unsigned comparison for addresses Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 011/125] locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps() Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 012/125] btrfs: remove a BUG_ON() from merge_reloc_roots() Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 013/125] btrfs: track reloc roots based on their commit root bytenr Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 014/125] misc: rtsx: set correct pcr_ops for rts522A Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 015/125] ASoC: fix regwmask Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 016/125] ASoC: dapm: connect virtual mux with default value Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 017/125] ASoC: dpcm: allow start or stop during pause for backend Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 018/125] ASoC: topology: use name_prefix for new kcontrol Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 019/125] usb: gadget: f_fs: Fix use after free issue as part of queue failure Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 020/125] usb: gadget: composite: Inform controller driver of self-powered Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 021/125] ALSA: usb-audio: Add mixer workaround for TRX40 and co Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 022/125] ALSA: hda: Add driver blacklist Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 023/125] ALSA: hda: Fix potential access overflow in beep helper Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 024/125] ALSA: ice1724: Fix invalid access for enumerated ctl items Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 025/125] ALSA: pcm: oss: Fix regression by buffer overflow fix Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 026/125] media: ti-vpe: cal: fix disable_irqs to only the intended target Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 027/125] acpi/x86: ignore unspecified bit positions in the ACPI global lock field Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 028/125] thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 029/125] KEYS: reaching the keys quotas correctly Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 030/125] irqchip/versatile-fpga: Apply clear-mask earlier Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 031/125] MIPS: OCTEON: irq: Fix potential NULL pointer dereference Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 032/125] ath9k: Handle txpower changes even when TPC is disabled Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 033/125] signal: Extend exec_id to 64bits Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 034/125] x86/entry/32: Add missing ASM_CLAC to general_protection entry Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 035/125] KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 036/125] KVM: s390: vsie: Fix delivery of addressing exceptions Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 037/125] KVM: x86: Allocate new rmap and large page tracking when moving memslot Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 038/125] KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 039/125] KVM: VMX: fix crash cleanup when KVM wasnt used Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 040/125] btrfs: drop block from cache on error in relocation Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 041/125] crypto: mxs-dcp - fix scatterlist linearization for hash Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.9 042/125] ALSA: hda: Initialize power_state field properly Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 043/125] x86/speculation: Remove redundant arch_smt_update() invocation Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 044/125] tools: gpio: Fix out-of-tree build regression Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 045/125] mm: Use fixed constant in page_frag_alloc instead of size + 1 Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 046/125] dm verity fec: fix memory leak in verity_fec_dtr Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 047/125] scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point Greg Kroah-Hartman
2020-04-22 9:56 ` Greg Kroah-Hartman [this message]
2020-04-22 9:56 ` [PATCH 4.9 049/125] rtc: omap: Use define directive for PIN_CONFIG_ACTIVE_HIGH Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 050/125] ext4: fix a data race at inode->i_blocks Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 051/125] ocfs2: no need try to truncate file beyond i_size Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 052/125] s390/diag: fix display of diagnose call statistics Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 053/125] Input: i8042 - add Acer Aspire 5738z to nomux list Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 054/125] kmod: make request_module() return an error when autoloading is disabled Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 055/125] cpufreq: powernv: Fix use-after-free Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 056/125] hfsplus: fix crash and filesystem corruption when deleting files Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 057/125] libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 058/125] powerpc/64/tm: Dont let userspace set regs->trap via sigreturn Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 059/125] Btrfs: fix crash during unmount due to race with delayed inode workers Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 060/125] drm/dp_mst: Fix clearing payload state on topology disable Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 061/125] drm: Remove PageReserved manipulation from drm_pci_alloc Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 062/125] ipmi: fix hung processes in __get_guid() Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 063/125] powerpc/fsl_booke: Avoid creating duplicate tlb1 entry Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 064/125] misc: echo: Remove unnecessary parentheses and simplify check for zero Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 065/125] mfd: dln2: Fix sanity checking for endpoints Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 066/125] hsr: check protocol version in hsr_newlink() Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 067/125] net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 068/125] net: qrtr: send msgs from local of same id as broadcast Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 069/125] net: ipv6: do not consider routes via gateways for anycast address check Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 070/125] scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 071/125] jbd2: improve comments about freeing data buffers whose page mapping is NULL Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 072/125] ext4: fix incorrect group count in ext4_fill_super error message Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 073/125] ext4: fix incorrect inodes per group in " Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 074/125] ASoC: Intel: mrfld: fix incorrect check on p->sink Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 075/125] ASoC: Intel: mrfld: return error codes when an error occurs Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 076/125] ALSA: usb-audio: Dont override ignore_ctl_error value from the map Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 077/125] btrfs: check commit root generation in should_ignore_root Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 078/125] mac80211_hwsim: Use kstrndup() in place of kasprintf() Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 079/125] ext4: do not zeroout extents beyond i_disksize Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 080/125] dm flakey: check for null arg_name in parse_features() Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 081/125] kvm: x86: Host feature SSBD doesnt imply guest feature SPEC_CTRL_SSBD Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 082/125] scsi: target: remove boilerplate code Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 083/125] scsi: target: fix hang when multiple threads try to destroy the same iscsi session Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 084/125] tracing: Fix the race between registering snapshot event trigger and triggering snapshot operation Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 085/125] objtool: Fix switch table detection in .text.unlikely Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 086/125] scsi: sg: add sg_remove_request in sg_common_write Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 087/125] ALSA: hda: Dont release card at firmware loading error Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 088/125] of: unittest: kmemleak on changeset destroy Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 089/125] video: fbdev: sis: Remove unnecessary parentheses and commented code Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 090/125] drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 091/125] Revert "gpio: set up initial state from .get_direction()" Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 092/125] wil6210: increase firmware ready timeout Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 093/125] wil6210: fix temperature debugfs Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 094/125] scsi: ufs: make sure all interrupts are processed Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 095/125] scsi: ufs: ufs-qcom: remove broken hci version quirk Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 096/125] wil6210: rate limit wil_rx_refill error Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 097/125] rtc: pm8xxx: Fix issue in RTC write path Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 098/125] wil6210: fix length check in __wmi_send Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 099/125] soc: qcom: smem: Use le32_to_cpu for comparison Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 100/125] of: fix missing kobject init for !SYSFS && OF_DYNAMIC config Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 101/125] arm64: cpu_errata: include required headers Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.9 102/125] of: unittest: kmemleak in of_unittest_platform_populate() Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 103/125] clk: at91: usb: continue if clk_hw_round_rate() return zero Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 104/125] power: supply: bq27xxx_battery: Silence deferred-probe error Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 105/125] clk: tegra: Fix Tegra PMC clock out parents Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 106/125] NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 107/125] s390/cpuinfo: fix wrong output when CPU0 is offline Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 108/125] powerpc/maple: Fix declaration made after definition Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 109/125] ext4: do not commit super on read-only bdev Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 110/125] percpu_counter: fix a data race at vm_committed_as Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 111/125] compiler.h: fix error in BUILD_BUG_ON() reporting Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 112/125] KVM: s390: vsie: Fix possible race when shadowing region 3 tables Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 113/125] NFS: Fix memory leaks in nfs_pageio_stop_mirroring() Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 114/125] ext2: fix empty body warnings when -Wextra is used Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 115/125] ext2: fix debug reference to ext2_xattr_cache Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 116/125] libnvdimm: Out of bounds read in __nd_ioctl() Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 117/125] iommu/amd: Fix the configuration of GCR3 table root pointer Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 118/125] fbdev: potential information leak in do_fb_ioctl() Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 119/125] tty: evh_bytechan: Fix out of bounds accesses Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 120/125] locktorture: Print ratio of acquisitions, not failures Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 121/125] mtd: lpddr: Fix a double free in probe() Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 122/125] mtd: phram: fix a double free issue in error path Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 123/125] x86/CPU: Add native CPUID variants returning a single datum Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 124/125] x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax) Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.9 125/125] x86/vdso: Fix lsl operand order Greg Kroah-Hartman
2020-04-22 20:34 ` [PATCH 4.9 000/125] 4.9.220-rc1 review Guenter Roeck
2020-04-22 20:54 ` Guenter Roeck
2020-04-23 8:02 ` Greg Kroah-Hartman
2020-04-23 10:26 ` Guenter Roeck
2020-04-23 10:36 ` Greg Kroah-Hartman
2020-04-23 10:20 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200422095041.292862000@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=catalin.marinas@arm.com \
--cc=fredrik@strupe.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).