From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=E1i3=BL=vger.kernel.org=stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 31A14C433E0
	for <stable@archiver.kernel.org>; Sat,  1 Aug 2020 12:52:29 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 076412080C
	for <stable@archiver.kernel.org>; Sat,  1 Aug 2020 12:52:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=default; t=1596286349;
	bh=GqVAAHvUI/YSehKcMNbOnrlbhkAQbFvkuR/D/stbtXA=;
	h=Subject:To:Cc:From:Date:List-ID:From;
	b=jVbKnMVKQb7rw+p1/fXtT5/rr0vw/up5OGyyIEsLtIvW7W2yUDv2xDYJr/0EMCV77
	 VDgUqereCm+rmIsttS9pkxj22tE46Xyv049PdIXwMr1BgCbL0LBjYuj6G7mEbLWJN1
	 qCayScxFQGrcNNwauv+NZIfa6tePVIwE7bEFag2c=
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728743AbgHAMw2 (ORCPT <rfc822;stable@archiver.kernel.org>);
        Sat, 1 Aug 2020 08:52:28 -0400
Received: from forward2-smtp.messagingengine.com ([66.111.4.226]:48467 "EHLO
        forward2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728505AbgHAMw2 (ORCPT
        <rfc822;stable@vger.kernel.org>); Sat, 1 Aug 2020 08:52:28 -0400
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
        by mailforward.nyi.internal (Postfix) with ESMTP id 1DA971940921;
        Sat,  1 Aug 2020 08:52:27 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute1.internal (MEProxy); Sat, 01 Aug 2020 08:52:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
        messagingengine.com; h=cc:content-transfer-encoding:content-type
        :date:from:message-id:mime-version:subject:to:x-me-proxy
        :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=ddDXAF
        dcsb0J2reOj93ZeulxtyCMP3dC1CCMrku1zfo=; b=bBTqyaDC96NbTRkG18vw/5
        YGkks3+duemkkHA9oLrJPG8TGs/MlAUKZKOBKIVGjCb7Uz+PzpEMA6lGpH6Tso41
        QvUm8J9kaasQtTAiAnexFgEWpJu2k/o935xN/H6KWXie8LZP4BcN2oFXUqTi/GYY
        R0kmA2D+GN0Cl0+lkBPgaAC3q748oT2FxPZrMXYJw1eW5HKzDlMHmBPEVjS6ginb
        fxdxKQsaZH2vazKCJJBqASj3KiB9szRp1my8k2nf3FqUCuevRv5STq819KtuRJ2D
        ZtL/uD9T2Hu/UHAVEtoyRtaIt8vkwWnoqbTAtg/buxPKJR3+u5pns2GXVG/bxV3w
        ==
X-ME-Sender: <xms:imUlX1UjAomCWqPrtrYIIJ-e7AaAJXv4CUCuBCgxzDVHElPjjQKCbg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrjedtgdehkecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecunecujfgurhepuffvhfffkfggtgfgsehtkeertddttd
    flnecuhfhrohhmpeeoghhrvghgkhhhsehlihhnuhigfhhouhhnuggrthhiohhnrdhorhhg
    qeenucggtffrrghtthgvrhhnpeeiteevheeuvdfhtdfgvdeiieehheefleevveehjedute
    evueevledujeejgfetheenucfkphepkeefrdekiedrkeelrddutdejnecuvehluhhsthgv
    rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepghhrvghgsehkrhhorghhrd
    gtohhm
X-ME-Proxy: <xmx:imUlX1mF-dFBfAzxXoISsAIaerXzLRCeetvp3qnNQuqfA3CYFbOfwg>
    <xmx:imUlXxYVeKjFHq4cOfsCBgqXFhaFvFzlkHWXhrm55cyrz-x4YSot5A>
    <xmx:imUlX4UqPmev821Y9IuOKzGguMblb0HKa4RppF8sqlgVWWmtSQxh5w>
    <xmx:i2UlX-t-Div4DVJpZjHZMug7AooXoE4eeLIVOkWPHgjhRXok8jPUhg>
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        by mail.messagingengine.com (Postfix) with ESMTPA id 51BB53280063;
        Sat,  1 Aug 2020 08:52:26 -0400 (EDT)
Subject: FAILED: patch "[PATCH] ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on" failed to apply to 4.4-stable tree
To:     will@kernel.org, luis.machado@linaro.org,
        rmk+kernel@armlinux.org.uk, stable@vger.kernel.org
Cc:     <stable@vger.kernel.org>
From:   <gregkh@linuxfoundation.org>
Date:   Sat, 01 Aug 2020 14:52:07 +0200
Message-ID: <1596286327221130@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org


The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

>From eec13b42d41b0f3339dcf0c4da43734427c68620 Mon Sep 17 00:00:00 2001
From: Will Deacon <will@kernel.org>
Date: Thu, 18 Jun 2020 11:16:45 +0100
Subject: [PATCH] ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on
 uaccess watchpoints

Unprivileged memory accesses generated by the so-called "translated"
instructions (e.g. LDRT) in kernel mode can cause user watchpoints to fire
unexpectedly. In such cases, the hw_breakpoint logic will invoke the user
overflow handler which will typically raise a SIGTRAP back to the current
task. This is futile when returning back to the kernel because (a) the
signal won't have been delivered and (b) userspace can't handle the thing
anyway.

Avoid invoking the user overflow handler for watchpoints triggered by
kernel uaccess routines, and instead single-step over the faulting
instruction as we would if no overflow handler had been installed.

Cc: <stable@vger.kernel.org>
Fixes: f81ef4a920c8 ("ARM: 6356/1: hw-breakpoint: add ARM backend for the hw-breakpoint framework")
Reported-by: Luis Machado <luis.machado@linaro.org>
Tested-by: Luis Machado <luis.machado@linaro.org>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>

diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
index 02ca7adf5375..7fff88e61252 100644
--- a/arch/arm/kernel/hw_breakpoint.c
+++ b/arch/arm/kernel/hw_breakpoint.c
@@ -683,6 +683,12 @@ static void disable_single_step(struct perf_event *bp)
 	arch_install_hw_breakpoint(bp);
 }
 
+static int watchpoint_fault_on_uaccess(struct pt_regs *regs,
+				       struct arch_hw_breakpoint *info)
+{
+	return !user_mode(regs) && info->ctrl.privilege == ARM_BREAKPOINT_USER;
+}
+
 static void watchpoint_handler(unsigned long addr, unsigned int fsr,
 			       struct pt_regs *regs)
 {
@@ -742,16 +748,27 @@ static void watchpoint_handler(unsigned long addr, unsigned int fsr,
 		}
 
 		pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
+
+		/*
+		 * If we triggered a user watchpoint from a uaccess routine,
+		 * then handle the stepping ourselves since userspace really
+		 * can't help us with this.
+		 */
+		if (watchpoint_fault_on_uaccess(regs, info))
+			goto step;
+
 		perf_bp_event(wp, regs);
 
 		/*
-		 * If no overflow handler is present, insert a temporary
-		 * mismatch breakpoint so we can single-step over the
-		 * watchpoint trigger.
+		 * Defer stepping to the overflow handler if one is installed.
+		 * Otherwise, insert a temporary mismatch breakpoint so that
+		 * we can single-step over the watchpoint trigger.
 		 */
-		if (is_default_overflow_handler(wp))
-			enable_single_step(wp, instruction_pointer(regs));
+		if (!is_default_overflow_handler(wp))
+			goto unlock;
 
+step:
+		enable_single_step(wp, instruction_pointer(regs));
 unlock:
 		rcu_read_unlock();
 	}