linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Heiko Carstens <hca@linux.ibm.com>,
	stable@kernel.org, Vasily Gorbik <gor@linux.ibm.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [PATCH 5.12 070/110] s390/stack: fix possible register corruption with stack switch helper
Date: Mon, 28 Jun 2021 10:17:48 -0400	[thread overview]
Message-ID: <20210628141828.31757-71-sashal@kernel.org> (raw)
In-Reply-To: <20210628141828.31757-1-sashal@kernel.org>

From: Heiko Carstens <hca@linux.ibm.com>

commit 67147e96a332b56c7206238162771d82467f86c0 upstream.

The CALL_ON_STACK macro is used to call a C function from inline
assembly, and therefore must consider the C ABI, which says that only
registers 6-13, and 15 are non-volatile (restored by the called
function).

The inline assembly incorrectly marks all registers used to pass
parameters to the called function as read-only input operands, instead
of operands that are read and written to. This might result in
register corruption depending on usage, compiler, and compile options.

Fix this by marking all operands used to pass parameters as read/write
operands. To keep the code simple even register 6, if used, is marked
as read-write operand.

Fixes: ff340d2472ec ("s390: add stack switch helper")
Cc: <stable@kernel.org> # 4.20
Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/s390/include/asm/stacktrace.h | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/arch/s390/include/asm/stacktrace.h b/arch/s390/include/asm/stacktrace.h
index 2b543163d90a..76c6034428be 100644
--- a/arch/s390/include/asm/stacktrace.h
+++ b/arch/s390/include/asm/stacktrace.h
@@ -91,12 +91,16 @@ struct stack_frame {
 	CALL_ARGS_4(arg1, arg2, arg3, arg4);				\
 	register unsigned long r4 asm("6") = (unsigned long)(arg5)
 
-#define CALL_FMT_0 "=&d" (r2) :
-#define CALL_FMT_1 "+&d" (r2) :
-#define CALL_FMT_2 CALL_FMT_1 "d" (r3),
-#define CALL_FMT_3 CALL_FMT_2 "d" (r4),
-#define CALL_FMT_4 CALL_FMT_3 "d" (r5),
-#define CALL_FMT_5 CALL_FMT_4 "d" (r6),
+/*
+ * To keep this simple mark register 2-6 as being changed (volatile)
+ * by the called function, even though register 6 is saved/nonvolatile.
+ */
+#define CALL_FMT_0 "=&d" (r2)
+#define CALL_FMT_1 "+&d" (r2)
+#define CALL_FMT_2 CALL_FMT_1, "+&d" (r3)
+#define CALL_FMT_3 CALL_FMT_2, "+&d" (r4)
+#define CALL_FMT_4 CALL_FMT_3, "+&d" (r5)
+#define CALL_FMT_5 CALL_FMT_4, "+&d" (r6)
 
 #define CALL_CLOBBER_5 "0", "1", "14", "cc", "memory"
 #define CALL_CLOBBER_4 CALL_CLOBBER_5
@@ -118,7 +122,7 @@ struct stack_frame {
 		"	brasl	14,%[_fn]\n"				\
 		"	la	15,0(%[_prev])\n"			\
 		: [_prev] "=&a" (prev), CALL_FMT_##nr			\
-		  [_stack] "R" (stack),					\
+		: [_stack] "R" (stack),					\
 		  [_bc] "i" (offsetof(struct stack_frame, back_chain)),	\
 		  [_frame] "d" (frame),					\
 		  [_fn] "X" (fn) : CALL_CLOBBER_##nr);			\
-- 
2.30.2


  parent reply	other threads:[~2021-06-28 14:24 UTC|newest]

Thread overview: 123+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-28 14:16 [PATCH 5.12 000/110] 5.12.14-rc1 review Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 001/110] module: limit enabling module.sig_enforce Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 002/110] Revert "drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue." Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 003/110] Revert "drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell." Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 004/110] drm: add a locked version of drm_is_current_master Sasha Levin
2021-06-28 15:01   ` Emil Velikov
2021-06-28 15:07     ` Greg Kroah-Hartman
2021-06-28 14:16 ` [PATCH 5.12 005/110] drm/nouveau: wait for moving fence after pinning v2 Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 006/110] drm/radeon: wait for moving fence after pinning Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 007/110] drm/amdgpu: " Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 008/110] ARM: 9081/1: fix gcc-10 thumb2-kernel regression Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 009/110] mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 010/110] psi: Fix psi state corruption when schedule() races with cgroup move Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 011/110] spi: spi-nxp-fspi: move the register operation after the clock enable Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 012/110] Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 013/110] drm/vc4: hdmi: Move the HSM clock enable to runtime_pm Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 014/110] drm/vc4: hdmi: Make sure the controller is powered in detect Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 015/110] x86/entry: Fix noinstr fail in __do_fast_syscall_32() Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 016/110] x86/xen: Fix noinstr fail in xen_pv_evtchn_do_upcall() Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 017/110] x86/xen: Fix noinstr fail in exc_xen_unknown_trap() Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 018/110] locking/lockdep: Improve noinstr vs errors Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 019/110] drm/kmb: Fix error return code in kmb_hw_init() Sasha Levin
2021-06-28 16:29   ` Chrisanthus, Anitha
2021-06-28 21:17     ` Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 020/110] perf/x86/lbr: Remove cpuc->lbr_xsave allocation from atomic context Sasha Levin
2021-06-28 14:16 ` [PATCH 5.12 021/110] perf/x86/intel/lbr: Zero the xstate buffer on allocation Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 022/110] dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 023/110] dmaengine: stm32-mdma: fix PM reference leak in stm32_mdma_alloc_chan_resourc() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 024/110] dmaengine: xilinx: dpdma: Add missing dependencies to Kconfig Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 025/110] dmaengine: xilinx: dpdma: Limit descriptor IDs to 16 bits Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 026/110] mac80211: remove warning in ieee80211_get_sband() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 027/110] mac80211_hwsim: drop pending frames on stop Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 028/110] cfg80211: call cfg80211_leave_ocb when switching away from OCB Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 029/110] dmaengine: idxd: Fix missing error code in idxd_cdev_open() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 030/110] dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 031/110] dmaengine: mediatek: free the proper desc in desc_free handler Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 032/110] dmaengine: mediatek: do not issue a new desc if one is still current Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 033/110] dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 034/110] net: ipv4: Remove unneed BUG() function Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 035/110] mac80211: drop multicast fragments Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 036/110] net: ethtool: clear heap allocations for ethtool function Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 037/110] inet: annotate data race in inet_send_prepare() and inet_dgram_connect() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 038/110] ping: Check return value of function 'ping_queue_rcv_skb' Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 039/110] net: annotate data race in sock_error() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 040/110] inet: annotate date races around sk->sk_txhash Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 041/110] net/packet: annotate data race in packet_sendmsg() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 042/110] net: phy: dp83867: perform soft reset and retain established link Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 043/110] riscv32: Use medany C model for modules Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 044/110] net: caif: fix memory leak in ldisc_open Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 045/110] bpf, selftests: Adjust few selftest outcomes wrt unreachable code Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 046/110] qmi_wwan: Do not call netif_rx from rx_fixup Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 047/110] net/packet: annotate accesses to po->bind Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 048/110] net/packet: annotate accesses to po->ifindex Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 049/110] r8152: Avoid memcpy() over-reading of ETH_SS_STATS Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 050/110] sh_eth: " Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 051/110] r8169: " Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 052/110] KVM: selftests: Fix kvm_check_cap() assertion Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 053/110] net: qed: Fix memcpy() overflow of qed_dcbx_params() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 054/110] mac80211: reset profile_periodicity/ema_ap Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 055/110] mac80211: handle various extensible elements correctly Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 056/110] recordmcount: Correct st_shndx handling Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 057/110] PCI: Add AMD RS690 quirk to enable 64-bit DMA Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 058/110] net: ll_temac: Add memory-barriers for TX BD access Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 059/110] net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 060/110] riscv: dts: fu740: fix cache-controller interrupts Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 061/110] perf/x86: Track pmu in per-CPU cpu_hw_events Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 062/110] pinctrl: microchip-sgpio: Put fwnode in error case during ->probe() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 063/110] pinctrl: stm32: fix the reported number of GPIO lines per bank Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 064/110] i2c: i801: Ensure that SMBHSTSTS_INUSE_STS is cleared when leaving i801_access Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 065/110] gpiolib: cdev: zero padding during conversion to gpioline_info_changed Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 066/110] scsi: sd: Call sd_revalidate_disk() for ioctl(BLKRRPART) Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 067/110] software node: Handle software node injection to an existing device properly Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 068/110] nilfs2: fix memory leak in nilfs_sysfs_delete_device_group Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 069/110] s390/topology: clear thread/group maps for offline cpus Sasha Levin
2021-06-28 14:17 ` Sasha Levin [this message]
2021-06-28 14:17 ` [PATCH 5.12 071/110] s390: fix system call restart with multiple signals Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 072/110] s390: clear pt_regs::flags on irq entry Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 073/110] KVM: do not allow mapping valid but non-reference-counted pages Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 074/110] i2c: robotfuzz-osif: fix control-request directions Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 075/110] ceph: must hold snap_rwsem when filling inode for async create Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 076/110] xen/events: reset active flag for lateeoi events later Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 077/110] kthread_worker: split code for canceling the delayed work timer Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 078/110] kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 079/110] x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 080/110] x86/fpu: Make init_fpstate correct with optimized XSAVE Sasha Levin
2021-06-28 14:17 ` [PATCH 5.12 081/110] mm/memory-failure: use a mutex to avoid memory_failure() races Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 082/110] mm, thp: use head page in __migration_entry_wait() Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 083/110] mm/thp: fix __split_huge_pmd_locked() on shmem migration entry Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 084/110] mm/thp: make is_huge_zero_pmd() safe and quicker Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 085/110] mm/thp: try_to_unmap() use TTU_SYNC for safe splitting Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 086/110] mm/thp: fix vma_address() if virtual address below file offset Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 087/110] mm/thp: fix page_address_in_vma() on file THP tails Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 088/110] mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 089/110] mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 090/110] mm: page_vma_mapped_walk(): use page for pvmw->page Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 091/110] mm: page_vma_mapped_walk(): settle PageHuge on entry Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 092/110] mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 093/110] mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 094/110] mm: page_vma_mapped_walk(): crossing page table boundary Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 095/110] mm: page_vma_mapped_walk(): add a level of indentation Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 096/110] mm: page_vma_mapped_walk(): use goto instead of while (1) Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 097/110] mm: page_vma_mapped_walk(): get vma_address_end() earlier Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 098/110] mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 099/110] mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 100/110] mm, futex: fix shared futex pgoff on shmem huge page Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 101/110] KVM: SVM: Call SEV Guest Decommission if ASID binding fails Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 102/110] swiotlb: manipulate orig_addr when tlb_addr has offset Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 103/110] netfs: fix test for whether we can skip read when writing beyond EOF Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 104/110] mm/hwpoison: do not lock page again when me_huge_page() successfully recovers Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 105/110] Revert "drm: add a locked version of drm_is_current_master" Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 106/110] certs: Add EFI_CERT_X509_GUID support for dbx entries Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 107/110] certs: Move load_system_certificate_list to a common function Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 108/110] certs: Add ability to preload revocation certs Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 109/110] integrity: Load mokx variables into the blacklist keyring Sasha Levin
2021-06-28 14:18 ` [PATCH 5.12 110/110] Linux 5.12.14-rc1 Sasha Levin
2021-06-28 18:21 ` [PATCH 5.12 000/110] 5.12.14-rc1 review Fox Chen
2021-06-30 12:43   ` Sasha Levin
2021-06-28 22:53 ` Justin Forbes
2021-06-30 12:43   ` Sasha Levin
2021-06-29  6:10 ` Naresh Kamboju
2021-06-30 12:45   ` Sasha Levin
2021-06-29 18:21 ` Guenter Roeck
2021-06-30 12:45   ` Sasha Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210628141828.31757-71-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=gor@linux.ibm.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hca@linux.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).