From patchwork Wed Feb 24 10:04:30 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Slaby X-Patchwork-Id: 62789 Delivered-To: patch@linaro.org Received: by 10.112.43.199 with SMTP id y7csp2324637lbl; Wed, 24 Feb 2016 02:44:34 -0800 (PST) X-Received: by 10.66.171.169 with SMTP id av9mr37110296pac.36.1456310674590; Wed, 24 Feb 2016 02:44:34 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id kx15si4215251pab.43.2016.02.24.02.44.34; Wed, 24 Feb 2016 02:44:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756461AbcBXKnU (ORCPT + 30 others); Wed, 24 Feb 2016 05:43:20 -0500 Received: from mx2.suse.de ([195.135.220.15]:42780 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754944AbcBXKGQ (ORCPT ); Wed, 24 Feb 2016 05:06:16 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References" Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id E606FADBF; Wed, 24 Feb 2016 10:06:14 +0000 (UTC) From: Jiri Slaby To: stable@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel , Heiko Carstens , Martin Schwidefsky , Jiri Slaby Subject: [PATCH 3.12 075/142] s390: fix normalization bug in exception table sorting Date: Wed, 24 Feb 2016 11:04:30 +0100 Message-Id: <1f9253b715169ca42c657937c58516a6cac7b416.1456308281.git.jslaby@suse.cz> X-Mailer: git-send-email 2.7.1 In-Reply-To: <173a4661a78d49aee0f4e28e4075f01af8976c19.1456308281.git.jslaby@suse.cz> References: <173a4661a78d49aee0f4e28e4075f01af8976c19.1456308281.git.jslaby@suse.cz> In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ard Biesheuvel 3.12-stable review patch. If anyone has any objections, please let me know. -- 2.7.1 =============== commit bcb7825a77f41c7dd91da6f7ac10b928156a322e upstream. The normalization pass in the sorting routine of the relative exception table serves two purposes: - it ensures that the address fields of the exception table entries are fully ordered, so that no ambiguities arise between entries with identical instruction offsets (i.e., when two instructions that are exactly 8 bytes apart each have an exception table entry associated with them) - it ensures that the offsets of both the instruction and the fixup fields of each entry are relative to their final location after sorting. Commit eb608fb366de ("s390/exceptions: switch to relative exception table entries") ported the relative exception table format from x86, but modified the sorting routine to only normalize the instruction offset field and not the fixup offset field. The result is that the fixup offset of each entry will be relative to the original location of the entry before sorting, likely leading to crashes when those entries are dereferenced. Fixes: eb608fb366de ("s390/exceptions: switch to relative exception table entries") Signed-off-by: Ard Biesheuvel Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky Signed-off-by: Jiri Slaby --- arch/s390/mm/extable.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/s390/mm/extable.c b/arch/s390/mm/extable.c index 4d1ee88864e8..18c8b819b0aa 100644 --- a/arch/s390/mm/extable.c +++ b/arch/s390/mm/extable.c @@ -52,12 +52,16 @@ void sort_extable(struct exception_table_entry *start, int i; /* Normalize entries to being relative to the start of the section */ - for (p = start, i = 0; p < finish; p++, i += 8) + for (p = start, i = 0; p < finish; p++, i += 8) { p->insn += i; + p->fixup += i + 4; + } sort(start, finish - start, sizeof(*start), cmp_ex, NULL); /* Denormalize all entries */ - for (p = start, i = 0; p < finish; p++, i += 8) + for (p = start, i = 0; p < finish; p++, i += 8) { p->insn -= i; + p->fixup -= i + 4; + } } #ifdef CONFIG_MODULES