From patchwork Wed Apr 24 17:07:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 162809 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp966469jan; Wed, 24 Apr 2019 11:08:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqzTP/KKbRqNW/MnvbPWnHrW1e8f1WGS60fB/XqpC9FsvnPQ1FM79V2baNjGkl3W6EzZiavt X-Received: by 2002:a17:902:b10c:: with SMTP id q12mr34654229plr.254.1556129293109; Wed, 24 Apr 2019 11:08:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556129293; cv=none; d=google.com; s=arc-20160816; b=MhS8hlLhb1ep7UipO3urtPW652MJCFG3Lo1wSo5bIGMfmUBakK3diTs1wROSVT3xEp VotJX9438kykCZQDfjHKP/GX5a8b3HP/Gh7gXiJ+kc4nJ5msQDAZCai3wvt3feAm5n4X 7jQlPLLys9hAdpph9bNFV8ff9/fbESAQApZXrbpG5Gpj3j1jGB/Tp1MspCYRkzer5p1K 0+6RXKXaQbtUztCDKowXQBb7kW12KvaHBapPjSgYQjsZMpyORh/5RT04t2FsHMJp1bvb 7bSfLL8FQqidK0Pko1GoTA2EoxLbtadUSVqxSL8HA/qMvhbRiQg5NgTOAIdekwa2BLPe DYkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WOwcyA3IFlDiKWczpY/ry687WnCIJ+Umt0HtKWqN7/c=; b=TKegtYPSeWQR7if+ufBfzMviIa95jDWloP41SNx7msEod9uWRx5KIx5eR/r4hpxKB7 fAUqIeiQjwd0T7wjaEFF8Z9X23qSKQYthO+MBxIRp24Z3+cjmVq+lo+3KgbkuoqJhfOm Pcj8uYC0BCGEOejRiaPNZn2Zox+Rs5wNBkcHpaHE4XJ4tXX1ew8/aPfIDQzexFpCtcNO h0aD7I6Qk/6oPY06W2EJltp3sBsDIzSA4vdm0VtrUxhpCynnQSaL+MF/rHrwEZ0LsMls G6YU7loUiif33Cr6CugCrNbUfebT9L2YI7of9ZJRvd4MYKMuOGVjt36y5o0SzpUYGLQt cmEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=L8ZWsX6T; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j91si19688701pld.199.2019.04.24.11.08.12; Wed, 24 Apr 2019 11:08:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=L8ZWsX6T; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388966AbfDXSIL (ORCPT + 30 others); Wed, 24 Apr 2019 14:08:11 -0400 Received: from mail.kernel.org ([198.145.29.99]:40922 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387605AbfDXRQW (ORCPT ); Wed, 24 Apr 2019 13:16:22 -0400 Received: from localhost (62-193-50-229.as16211.net [62.193.50.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6A606218B0; Wed, 24 Apr 2019 17:16:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1556126181; bh=LnsFNpBJfXYxyAUMjNXpdCuzjQApJdVUskscUBhvFzM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=L8ZWsX6Ti6ymQXzKQtbs9PKXtjUttEQyYe53vmqElhyTB57a0gAbK0YWx315eKR4w gEvw0OtzDkX3e+XSgHZAjNSr+GSUaXuz8/vhCJl+Gkom4ATotGfLPKM5WMyKb+hUiB BmNWzyRPik8ZoRlubjW73P3VGtPB/hInXcNUE4oA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Rutland , Will Deacon , Catalin Marinas Subject: [PATCH 4.4 002/168] arm64: debug: Ensure debug handlers check triggering exception level Date: Wed, 24 Apr 2019 19:07:26 +0200 Message-Id: <20190424170923.593936482@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190424170923.452349382@linuxfoundation.org> References: <20190424170923.452349382@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Will Deacon commit 6bd288569b50bc89fa5513031086746968f585cb upstream. Debug exception handlers may be called for exceptions generated both by user and kernel code. In many cases, this is checked explicitly, but in other cases things either happen to work by happy accident or they go slightly wrong. For example, executing 'brk #4' from userspace will enter the kprobes code and be ignored, but the instruction will be retried forever in userspace instead of delivering a SIGTRAP. Fix this issue in the most stable-friendly fashion by simply adding explicit checks of the triggering exception level to all of our debug exception handlers. Cc: Reviewed-by: Mark Rutland Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kernel/kgdb.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) --- a/arch/arm64/kernel/kgdb.c +++ b/arch/arm64/kernel/kgdb.c @@ -215,22 +215,31 @@ int kgdb_arch_handle_exception(int excep static int kgdb_brk_fn(struct pt_regs *regs, unsigned int esr) { + if (user_mode(regs)) + return DBG_HOOK_ERROR; + kgdb_handle_exception(1, SIGTRAP, 0, regs); - return 0; + return DBG_HOOK_HANDLED; } static int kgdb_compiled_brk_fn(struct pt_regs *regs, unsigned int esr) { + if (user_mode(regs)) + return DBG_HOOK_ERROR; + compiled_break = 1; kgdb_handle_exception(1, SIGTRAP, 0, regs); - return 0; + return DBG_HOOK_HANDLED; } static int kgdb_step_brk_fn(struct pt_regs *regs, unsigned int esr) { + if (user_mode(regs)) + return DBG_HOOK_ERROR; + kgdb_handle_exception(1, SIGTRAP, 0, regs); - return 0; + return DBG_HOOK_HANDLED; } static struct break_hook kgdb_brkpt_hook = { From patchwork Wed Apr 24 17:08:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 162806 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp915940jan; Wed, 24 Apr 2019 10:19:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqxAFgzdVFQzPv52DYSHqCMkyz0sNmXXFNTBKFE64Twutksqcfl0kYx6pFDB8/lWLDWpvbu4 X-Received: by 2002:aa7:9e9e:: with SMTP id p30mr35144184pfq.255.1556126380877; Wed, 24 Apr 2019 10:19:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556126380; cv=none; d=google.com; s=arc-20160816; b=XaJbMIjbCC6dxrwklPSzqovdk4fJyaoj/2zwj7OfdqXl2nh4LkkEI6hTrcB3ob1CUT ywrwXxmSiBTt1vtTmJv6a3IzQMH5n0PV4Au3zAGcZuHhIQuPteOc0nlEH2HvOVh9L0SR bnlqozFDMhIXNKHfaSHfOv8mJKqimecfeFX80aeE7efVfczT+aUt/Vfs2/1AKjIcIvPH IA4S3k5BgknUmW36Y5KV2XCkFYwRDTfRhEwtfGbzY7DNh+ygpUv10KiCintTO2nIpyMQ P7dAm+POQy08JTMBaSTp+8soYVtBHUbJ9xtO4ckXAfd+/44RyzH/BXFJvAZK7lGr2D7p ncVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=APNhNlKzzcH7d3sLbZ2UygBEhEEKtGAnhUub2e8KNEs=; b=NyjqgQ71Z65bx2qz7d/ZNs47xla4/MsqmFQ+6St2VWxmCGIu7zU0tkURZmNTBfVSLb +fGDRiBE+vJGnrpMWF5rmnXQNLJ82z03TStayRLmtTWj3z7jrvboj22QKzll+K0vbsnJ EhFDHX8EQZKMFgqmqdU86KXIo/AqczOcwsZG/X7udRzjDjur0xKzS6ttQm16c6HQgQOi oUdQYNfoHQ7AR03dLz6gi1JFTfRQJHb4NjGEp/9Bkqwg33ezKVnH0rbAsx8TOgR+V8Fl r/5iokxJC1ZailnU+d139EsAhYsSJsVMDxK3J93SOib6oXmWjL6xtSnhgyqF1FKvtM6k FdyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DdGWHpqn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z12si19038076pln.248.2019.04.24.10.19.40; Wed, 24 Apr 2019 10:19:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DdGWHpqn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389039AbfDXRTj (ORCPT + 30 others); Wed, 24 Apr 2019 13:19:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:44816 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388644AbfDXRTc (ORCPT ); Wed, 24 Apr 2019 13:19:32 -0400 Received: from localhost (62-193-50-229.as16211.net [62.193.50.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8463021909; Wed, 24 Apr 2019 17:19:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1556126372; bh=ds/UlyRIcrWH7VpnA/tayigqJ7lXO+usDH9robgy0fE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DdGWHpqnx9y5Um8PQY3BlkS8nzpogVF62l/azCZAGsvsURv3YWCxILe0qeKAP0pY1 /LuGPAwOCI3GYoSPLuSR9TtWA32zl8Xw1BQOOeXU+BZcjcbATA6/zbme0C7qQ9w9Rq BLJik7g/9/xW4Zz0/vtQqteRtVFu963wq2Gr8ocA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Arnd Bergmann , Nick Desaulniers , Zhao Qiang , Yalin Wang , Andrew Morton , Linus Torvalds Subject: [PATCH 4.4 088/168] include/linux/bitrev.h: fix constant bitrev Date: Wed, 24 Apr 2019 19:08:52 +0200 Message-Id: <20190424170928.982075873@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190424170923.452349382@linuxfoundation.org> References: <20190424170923.452349382@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Arnd Bergmann commit 6147e136ff5071609b54f18982dea87706288e21 upstream. clang points out with hundreds of warnings that the bitrev macros have a problem with constant input: drivers/hwmon/sht15.c:187:11: error: variable '__x' is uninitialized when used within its own initialization [-Werror,-Wuninitialized] u8 crc = bitrev8(data->val_status & 0x0F); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/bitrev.h:102:21: note: expanded from macro 'bitrev8' __constant_bitrev8(__x) : \ ~~~~~~~~~~~~~~~~~~~^~~~ include/linux/bitrev.h:67:11: note: expanded from macro '__constant_bitrev8' u8 __x = x; \ ~~~ ^ Both the bitrev and the __constant_bitrev macros use an internal variable named __x, which goes horribly wrong when passing one to the other. The obvious fix is to rename one of the variables, so this adds an extra '_'. It seems we got away with this because - there are only a few drivers using bitrev macros - usually there are no constant arguments to those - when they are constant, they tend to be either 0 or (unsigned)-1 (drivers/isdn/i4l/isdnhdlc.o, drivers/iio/amplifiers/ad8366.c) and give the correct result by pure chance. In fact, the only driver that I could find that gets different results with this is drivers/net/wan/slic_ds26522.c, which in turn is a driver for fairly rare hardware (adding the maintainer to Cc for testing). Link: http://lkml.kernel.org/r/20190322140503.123580-1-arnd@arndb.de Fixes: 556d2f055bf6 ("ARM: 8187/1: add CONFIG_HAVE_ARCH_BITREVERSE to support rbit instruction") Signed-off-by: Arnd Bergmann Reviewed-by: Nick Desaulniers Cc: Zhao Qiang Cc: Yalin Wang Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- include/linux/bitrev.h | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) --- a/include/linux/bitrev.h +++ b/include/linux/bitrev.h @@ -31,32 +31,32 @@ static inline u32 __bitrev32(u32 x) #define __constant_bitrev32(x) \ ({ \ - u32 __x = x; \ - __x = (__x >> 16) | (__x << 16); \ - __x = ((__x & (u32)0xFF00FF00UL) >> 8) | ((__x & (u32)0x00FF00FFUL) << 8); \ - __x = ((__x & (u32)0xF0F0F0F0UL) >> 4) | ((__x & (u32)0x0F0F0F0FUL) << 4); \ - __x = ((__x & (u32)0xCCCCCCCCUL) >> 2) | ((__x & (u32)0x33333333UL) << 2); \ - __x = ((__x & (u32)0xAAAAAAAAUL) >> 1) | ((__x & (u32)0x55555555UL) << 1); \ - __x; \ + u32 ___x = x; \ + ___x = (___x >> 16) | (___x << 16); \ + ___x = ((___x & (u32)0xFF00FF00UL) >> 8) | ((___x & (u32)0x00FF00FFUL) << 8); \ + ___x = ((___x & (u32)0xF0F0F0F0UL) >> 4) | ((___x & (u32)0x0F0F0F0FUL) << 4); \ + ___x = ((___x & (u32)0xCCCCCCCCUL) >> 2) | ((___x & (u32)0x33333333UL) << 2); \ + ___x = ((___x & (u32)0xAAAAAAAAUL) >> 1) | ((___x & (u32)0x55555555UL) << 1); \ + ___x; \ }) #define __constant_bitrev16(x) \ ({ \ - u16 __x = x; \ - __x = (__x >> 8) | (__x << 8); \ - __x = ((__x & (u16)0xF0F0U) >> 4) | ((__x & (u16)0x0F0FU) << 4); \ - __x = ((__x & (u16)0xCCCCU) >> 2) | ((__x & (u16)0x3333U) << 2); \ - __x = ((__x & (u16)0xAAAAU) >> 1) | ((__x & (u16)0x5555U) << 1); \ - __x; \ + u16 ___x = x; \ + ___x = (___x >> 8) | (___x << 8); \ + ___x = ((___x & (u16)0xF0F0U) >> 4) | ((___x & (u16)0x0F0FU) << 4); \ + ___x = ((___x & (u16)0xCCCCU) >> 2) | ((___x & (u16)0x3333U) << 2); \ + ___x = ((___x & (u16)0xAAAAU) >> 1) | ((___x & (u16)0x5555U) << 1); \ + ___x; \ }) #define __constant_bitrev8(x) \ ({ \ - u8 __x = x; \ - __x = (__x >> 4) | (__x << 4); \ - __x = ((__x & (u8)0xCCU) >> 2) | ((__x & (u8)0x33U) << 2); \ - __x = ((__x & (u8)0xAAU) >> 1) | ((__x & (u8)0x55U) << 1); \ - __x; \ + u8 ___x = x; \ + ___x = (___x >> 4) | (___x << 4); \ + ___x = ((___x & (u8)0xCCU) >> 2) | ((___x & (u8)0x33U) << 2); \ + ___x = ((___x & (u8)0xAAU) >> 1) | ((___x & (u8)0x55U) << 1); \ + ___x; \ }) #define bitrev32(x) \ From patchwork Wed Apr 24 17:08:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 162808 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp961547jan; Wed, 24 Apr 2019 11:03:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqyuHimDjnG2FkJaG20n1ezK7kCQFUWPh9PlnzpmmlhfivoCUqWSVBccBvrP5P4zximJqnyd X-Received: by 2002:a63:4a5f:: with SMTP id j31mr29898677pgl.369.1556129023656; Wed, 24 Apr 2019 11:03:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556129023; cv=none; d=google.com; s=arc-20160816; b=AsH0gPUvR3DAeYNgD1MGyOAJRxT7/CMarItI5mtStnHV2nzIO0q76BOF0Bs5k1utPL J8oEPG3w+AYQriov9OlX6ws5dqnQlUb2oZ6SB2CDQzTTEPMGWKDlCkvCGtBhCwVqus9w 85N77Dmucg5swNegj8QUhRTudzjGX7KpZQAOtWlk6OuD1jwFEtU+thWhI5Pvax9z+Dx1 58oGE4xfEPftkl7rk/R6cOp6OWCJrnemThjW73GtTTsXAifi4+B+qsbiLpNtyyoBvXtD FKilt0UpotLP3zI9OaiF7uohKfy/qWIVXAP28P1lhr8vbVXqlzYoZhWfIjLajDaij5cw aMhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=viN3qSZzjTDR2rkTUnJFUnsNyVBSppvKhbLd9NL5pAc=; b=t+cuRnYoxHqMORpaMkJvwH0mgGg1mzyKFuSrPRbp00eKs+4DcwFfSzU+pghk8Ncwoh iGTKcvgZuES0cPwXiG2Kw2bCbW/9hpemy4861VcFnqsTyaQ6Id4mCWl3iT+Ucg/9O8i9 x4gHSOhz+d6NFQtaFhQFdB489YV1ajb4hgoCLKRj9IhJJbPmzqmOgGOppOeaGrbZnK2y l9luLfpodq9KNg5m4yTenEfxG4JrthbNTCcLLAviuBrBWpCboh7Q0dc6f9pu36wM3Pad 6wuBvrS6cwkjIcBj4cJKedxA2OJrnzEgkqUIGWRrcWbsMofP6FbqrAU5Tbh5pQuAra0K GSlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TVeGwOgR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e25si19436907pfi.123.2019.04.24.11.03.43; Wed, 24 Apr 2019 11:03:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TVeGwOgR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389088AbfDXRTw (ORCPT + 30 others); Wed, 24 Apr 2019 13:19:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:45106 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389063AbfDXRTq (ORCPT ); Wed, 24 Apr 2019 13:19:46 -0400 Received: from localhost (62-193-50-229.as16211.net [62.193.50.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 35F7E21907; Wed, 24 Apr 2019 17:19:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1556126385; bh=XIb/dPGbMf3xTM6F0Lj6BscROZsl+N1zvbyhLojL0Ps=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TVeGwOgRl/RIUKfFr7ja+PXryTkNoUOCJvainx9Rc86DMbakljHmGizCX1h/Gm8Si NfP7uJvFGLuAIipDPV4JbSGhumV5ZJ9JZ0xuL3mEHxSDjWgdRGZxttD8LTaSL1v5FM 0Pv6sGJk7kKporYjO2+ut9+DxBxiOYQd8Gm2Y5GQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, Will Deacon Subject: [PATCH 4.4 093/168] arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value Date: Wed, 24 Apr 2019 19:08:57 +0200 Message-Id: <20190424170929.223729470@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190424170923.452349382@linuxfoundation.org> References: <20190424170923.452349382@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Will Deacon commit 045afc24124d80c6998d9c770844c67912083506 upstream. Rather embarrassingly, our futex() FUTEX_WAKE_OP implementation doesn't explicitly set the return value on the non-faulting path and instead leaves it holding the result of the underlying atomic operation. This means that any FUTEX_WAKE_OP atomic operation which computes a non-zero value will be reported as having failed. Regrettably, I wrote the buggy code back in 2011 and it was upstreamed as part of the initial arm64 support in 2012. The reasons we appear to get away with this are: 1. FUTEX_WAKE_OP is rarely used and therefore doesn't appear to get exercised by futex() test applications 2. If the result of the atomic operation is zero, the system call behaves correctly 3. Prior to version 2.25, the only operation used by GLIBC set the futex to zero, and therefore worked as expected. From 2.25 onwards, FUTEX_WAKE_OP is not used by GLIBC at all. Fix the implementation by ensuring that the return value is either 0 to indicate that the atomic operation completed successfully, or -EFAULT if we encountered a fault when accessing the user mapping. Cc: Fixes: 6170a97460db ("arm64: Atomic operations") Signed-off-by: Will Deacon Signed-off-by: Greg Kroah-Hartman --- arch/arm64/include/asm/futex.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- a/arch/arm64/include/asm/futex.h +++ b/arch/arm64/include/asm/futex.h @@ -33,8 +33,8 @@ " prfm pstl1strm, %2\n" \ "1: ldxr %w1, %2\n" \ insn "\n" \ -"2: stlxr %w3, %w0, %2\n" \ -" cbnz %w3, 1b\n" \ +"2: stlxr %w0, %w3, %2\n" \ +" cbnz %w0, 1b\n" \ " dmb ish\n" \ "3:\n" \ " .pushsection .fixup,\"ax\"\n" \ @@ -55,29 +55,29 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) { - int oldval = 0, ret, tmp; + int oldval, ret, tmp; pagefault_disable(); switch (op) { case FUTEX_OP_SET: - __futex_atomic_op("mov %w0, %w4", + __futex_atomic_op("mov %w3, %w4", ret, oldval, uaddr, tmp, oparg); break; case FUTEX_OP_ADD: - __futex_atomic_op("add %w0, %w1, %w4", + __futex_atomic_op("add %w3, %w1, %w4", ret, oldval, uaddr, tmp, oparg); break; case FUTEX_OP_OR: - __futex_atomic_op("orr %w0, %w1, %w4", + __futex_atomic_op("orr %w3, %w1, %w4", ret, oldval, uaddr, tmp, oparg); break; case FUTEX_OP_ANDN: - __futex_atomic_op("and %w0, %w1, %w4", + __futex_atomic_op("and %w3, %w1, %w4", ret, oldval, uaddr, tmp, ~oparg); break; case FUTEX_OP_XOR: - __futex_atomic_op("eor %w0, %w1, %w4", + __futex_atomic_op("eor %w3, %w1, %w4", ret, oldval, uaddr, tmp, oparg); break; default: