public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/arch/powerpc/kernel
History
Michael Neuling f16d80b75a powerpc/tm: Fix oops on sigreturn on systems without TM 
On systems like P9 powernv where we have no TM (or P8 booted with
ppc_tm=off), userspace can construct a signal context which still has
the MSR TS bits set. The kernel tries to restore this context which
results in the following crash:

  Unexpected TM Bad Thing exception at c0000000000022fc (msr 0x8000000102a03031) tm_scratch=800000020280f033
  Oops: Unrecoverable exception, sig: 6 [#1]
  LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
  Modules linked in:
  CPU: 0 PID: 1636 Comm: sigfuz Not tainted 5.2.0-11043-g0a8ad0ffa4 #69
  NIP:  c0000000000022fc LR: 00007fffb2d67e48 CTR: 0000000000000000
  REGS: c00000003fffbd70 TRAP: 0700   Not tainted  (5.2.0-11045-g7142b497d8)
  MSR:  8000000102a03031 <SF,VEC,VSX,FP,ME,IR,DR,LE,TM[E]>  CR: 42004242  XER: 00000000
  CFAR: c0000000000022e0 IRQMASK: 0
  GPR00: 0000000000000072 00007fffb2b6e560 00007fffb2d87f00 0000000000000669
  GPR04: 00007fffb2b6e728 0000000000000000 0000000000000000 00007fffb2b6f2a8
  GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  GPR12: 0000000000000000 00007fffb2b76900 0000000000000000 0000000000000000
  GPR16: 00007fffb2370000 00007fffb2d84390 00007fffea3a15ac 000001000a250420
  GPR20: 00007fffb2b6f260 0000000010001770 0000000000000000 0000000000000000
  GPR24: 00007fffb2d843a0 00007fffea3a14a0 0000000000010000 0000000000800000
  GPR28: 00007fffea3a14d8 00000000003d0f00 0000000000000000 00007fffb2b6e728
  NIP [c0000000000022fc] rfi_flush_fallback+0x7c/0x80
  LR [00007fffb2d67e48] 0x7fffb2d67e48
  Call Trace:
  Instruction dump:
  e96a0220 e96a02a8 e96a0330 e96a03b8 394a0400 4200ffdc 7d2903a6 e92d0c00
  e94d0c08 e96d0c10 e82d0c18 7db242a6 <4c000024> 7db243a6 7db142a6 f82d0c18

The problem is the signal code assumes TM is enabled when
CONFIG_PPC_TRANSACTIONAL_MEM is enabled. This may not be the case as
with P9 powernv or if `ppc_tm=off` is used on P8.

This means any local user can crash the system.

Fix the problem by returning a bad stack frame to the user if they try
to set the MSR TS bits with sigreturn() on systems where TM is not
supported.

Found with sigfuz kernel selftest on P9.

This fixes CVE-2019-13648.

Fixes: 2b0a576d15 ("powerpc: Add new transactional memory state to the signal context")
Cc: stable@vger.kernel.org # v3.9
Reported-by: Praveen Pandey <Praveen.Pandey@in.ibm.com>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190719050502.405-1-mikey@neuling.org
2019-07-22 13:05:23 +10:00
..
syscalls arch: wire-up pidfd_open() 2019-06-28 12:17:55 +02:00
trace powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
vdso32 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
vdso64 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
.gitignore
align.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
asm-offsets.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
audit.c
btext.c powerpc: Rework btext_find_display to use of_stdout and device_type helpers 2018-11-26 22:33:37 +11:00
cacheinfo.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
cacheinfo.h powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild 2019-06-15 16:52:06 +10:00
compat_audit.c
cpu_setup_6xx.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cpu_setup_44x.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cpu_setup_fsl_booke.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cpu_setup_pa6t.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333 2019-06-05 17:37:06 +02:00
cpu_setup_power.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cpu_setup_ppc970.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cputable.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
crash.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
crash_dump.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
dawr.c powerpc: Fix compile issue with force DAWR 2019-07-03 15:19:35 +10:00
dbell.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
dma-common.c powerpc/dma: Fix invalid DMA mmap behavior 2019-07-19 21:29:49 +10:00
dma-iommu.c powerpc/pseries/dma: Allow SWIOTLB 2019-07-03 15:19:35 +10:00
dma-mask.c dma-mapping, powerpc: simplify the arch dma_set_mask override 2019-02-18 22:41:03 +11:00
dma-swiotlb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
dt_cpu_ftrs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 191 2019-05-30 11:29:21 -07:00
early_32.c powerpc/32: use memset() instead of memset_io() to zero BSS 2019-05-03 01:20:26 +10:00
eeh.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
eeh_cache.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
eeh_dev.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
eeh_driver.c powerpc/eeh: Improve recovery of passed-through devices 2019-02-05 11:55:44 +11:00
eeh_event.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
eeh_pe.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
eeh_sysfs.c powerpc/eeh: Add include_passed to eeh_pe_state_clear() 2019-02-05 11:55:43 +11:00
entry_32.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
entry_64.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
epapr_hcalls.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
epapr_paravirt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 266 2019-06-05 17:30:28 +02:00
exceptions-64e.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
exceptions-64s.S powerpc/64s/exception: simplify hmi control flow 2019-07-03 15:19:35 +10:00
fadump.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
firmware.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
fpu.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
fsl_booke_entry_mapping.S
head_8xx.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
head_32.h powerpc/32: implement fast entry for syscalls on non BOOKE 2019-05-03 01:20:27 +10:00
head_32.S powerpc fixes for 5.2 #5 2019-06-22 09:09:42 -07:00
head_40x.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
head_44x.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
head_64.S powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
head_booke.h powerpc/32: fix build failure on book3e with KVM 2019-06-16 00:03:38 +10:00
head_fsl_booke.S powerpc fixes for 5.2 #5 2019-06-22 09:09:42 -07:00
hw_breakpoint.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
idle.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
idle_6xx.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
idle_book3e.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
idle_book3s.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
idle_e500.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
idle_power4.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ima_kexec.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
io-workarounds.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
io.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
iomap.c
iommu.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
irq.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
isa-bridge.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
jump_label.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
kexec_elf_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
kgdb.c powerpc: Activate CONFIG_THREAD_INFO_IN_TASK 2019-02-23 22:31:40 +11:00
kprobes-ftrace.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
kprobes.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
kvm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 266 2019-06-05 17:30:28 +02:00
kvm_emul.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 266 2019-06-05 17:30:28 +02:00
l2cr_6xx.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
legacy_serial.c powerpc: Use of_node_name_eq for node name comparisons 2018-12-22 21:29:50 +11:00
machine_kexec.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
machine_kexec_32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
machine_kexec_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
machine_kexec_file_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
Makefile powerpc/dma: Fix invalid DMA mmap behavior 2019-07-19 21:29:49 +10:00
mce.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
mce_power.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
misc.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
misc_32.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
misc_64.S powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
module.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
module.lds
module_32.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
module_64.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
msi.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nvram_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
of_platform.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
optprobes.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
optprobes_head.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
paca.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
pci-common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
pci-hotplug.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
pci_32.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
pci_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
pci_dn.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pci_of_scan.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
pmc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ppc32.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ppc_save_regs.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
proc_powerpc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
process.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
prom.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
prom_init.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
prom_init_check.sh powerpc fixes for 5.2 #4 2019-06-15 07:29:32 -10:00
prom_parse.c
ptrace.c ptrace: move clearing of TIF_SYSCALL_EMU flag to core 2019-06-05 17:51:17 +01:00
ptrace32.c
reloc_32.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
reloc_64.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rtas-proc.c
rtas-rtc.c
rtas.c powerpc updates for 5.3 2019-07-13 16:08:36 -07:00
rtas_flash.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rtas_pci.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
rtasd.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
security.c powerpc updates for 5.2 2019-05-10 05:29:27 -07:00
setup-common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
setup.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
setup_32.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
setup_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
signal.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
signal.h
signal_32.c powerpc/tm: Fix oops on sigreturn on systems without TM 2019-07-22 13:05:23 +10:00
signal_64.c powerpc/tm: Fix oops on sigreturn on systems without TM 2019-07-22 13:05:23 +10:00
smp-tbsync.c
smp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
stacktrace.c powerpc: Remove export of save_stack_trace_tsk_reliable() 2019-03-02 14:43:05 +11:00
suspend.c PM: hibernate: powerpc: Expose pfn_is_nosave() prototype 2019-06-14 10:48:56 +02:00
swsusp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
swsusp_32.S powerpc/32s: fix suspend/resume when IBATs 4-7 are used 2019-06-19 20:05:07 +10:00
swsusp_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 505 2019-06-19 17:11:22 +02:00
swsusp_asm64.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 505 2019-06-19 17:11:22 +02:00
swsusp_booke.S
sys_ppc32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
syscalls.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sysfs.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
systbl.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
systbl_chk.sh treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tau_6xx.c
time.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tm.S powerpc/tm: update comment about interrupt re-entrancy 2019-07-02 21:39:49 +10:00
traps.c Merge branch 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2019-07-08 21:48:15 -07:00
udbg.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
udbg_16550.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
uprobes.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
vdso.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
vecemu.c
vector.S powerpc/64: Don't trace code that runs with the soft irq mask unreconciled 2019-05-03 01:58:11 +10:00
vmlinux.lds.S powerpc/kconfig: define CONFIG_DATA_SHIFT and CONFIG_ETEXT_SHIFT 2019-02-23 21:04:32 +11:00
watchdog.c powerpc/watchdog: Use hrtimers for per-CPU heartbeat 2019-04-30 11:31:02 +10:00