-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxtG2sACgkQONu9yGCS
aT6yNQ//QEqnwVYG8iMoMgAhzMnZ4Q6WHBQy79oCMHkDdDZUP2YQw/JXlvBYpvjP
0s/5TwI1suE5hwVxW/uk5H5hWhBa4iBPO3ZCySIrCRFqjRfA+5EXSwKcmgNd9sr9
OoSAgNNkdI/0AlQiOy2bhOpkYGADk6FuGRN6Hj4oB8Ux+QFFW7MjYyz+TIG4/cE9
2knjQHkn7SJ5/UZwLQ3UOFJ/AMKs+ls5Z26y9HyQMVfC0SDkWhTZlzhSWNVXrm1v
i8kSj9rVg+YPgVtEsmMVdTouQMwtCZ72hpgkazyTuO8vB4GyDLu6jDjhYxUD7bvt
xWpUV1eQWXqphXy8zdeYJBct6/rPKbry6W/zFsam3/6oKx6fFgqsUxp8GLEedu3H
vaN4o8OcrrYO6EZpX/K1UoU8j+m6CDbuiM8TD/P/E4p5SISocCRHkv9iuKxC4Qs6
uTdyLAECj7mNbUSUREKcJpCSEo72KqTWR/VX2LL8wtloEvYU/w7qCQXxRFMJE6Jo
vbKmBz3QOCRfFY1gi3V/zJI5iFlls47Iqzj8M6rcAqA0X8D9hzv6sn3ccnz/XMsi
rfMXjgApLZ5EuiEaAs8e7DEfKqluZdDET1YCLkX9JamsuxsY3rtclePZoGkuTb/y
kT2AQXWEekHHj/OkQqEUM9r59K6xZiHiSrIP+z/lVv8PBv6x3eE=
=lR3W
-----END PGP SIGNATURE-----
Merge 4.9.159 into android-4.9
Changes in 4.9.159
dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string
eeprom: at24: add support for 24c2048
uapi/if_ether.h: prevent redefinition of struct ethhdr
ARM: 8789/1: signal: copy registers using __copy_to_user()
ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state
ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user()
ARM: 8793/1: signal: replace __put_user_error with __put_user
ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit
ARM: 8795/1: spectre-v1.1: use put_user() for __put_user()
ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization
ARM: 8797/1: spectre-v1.1: harden __copy_to_user
ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc
ARM: make lookup_processor_type() non-__init
ARM: split out processor lookup
ARM: clean up per-processor check_bugs method call
ARM: add PROC_VTABLE and PROC_TABLE macros
ARM: spectre-v2: per-CPU vtables to work around big.Little systems
ARM: ensure that processor vtables is not lost after boot
ARM: fix the cockup in the previous patch
net: create skb_gso_validate_mac_len()
bnx2x: disable GSO where gso_size is too big for hardware
ACPI: NUMA: Use correct type for printing addresses on i386-PAE
cpufreq: check if policy is inactive early in __cpufreq_get()
drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE
drm/bridge: tc358767: fix single lane configuration
drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value
drm/bridge: tc358767: reject modes which require too much BW
drm/bridge: tc358767: fix output H/V syncs
ARM: dts: da850-evm: Correct the sound card name
ARM: dts: da850-lcdk: Correct the sound card name
ARM: dts: kirkwood: Fix polarity of GPIO fan lines
gpio: pl061: handle failed allocations
cifs: Limit memory used by lock request calls to a page
perf report: Include partial stacks unwound with libdw
Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
perf/core: Fix impossible ring-buffer sizes warning
perf/x86: Add check_period PMU callback
ALSA: hda - Add quirk for HP EliteBook 840 G5
ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
kvm: vmx: Fix entry number check for add_atomic_switch_msr()
Input: bma150 - register input device after setting private data
Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
alpha: fix page fault handling for r16-r18 targets
alpha: Fix Eiger NR_IRQS to 128
tracing/uprobes: Fix output for multiple string arguments
x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
signal: Restore the stop PTRACE_EVENT_EXIT
x86/a.out: Clear the dump structure initially
dm thin: fix bug where bio that overwrites thin block ignores FUA
drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set
smsc95xx: Use skb_cow_head to deal with cloned skbs
ch9200: use skb_cow_head() to deal with cloned skbs
kaweth: use skb_cow_head() to deal with cloned skbs
usb: dwc2: Remove unnecessary kfree
netfilter: nf_tables: fix mismatch in big-endian system
pinctrl: msm: fix gpio-hog related boot issues
mm: stop leaking PageTables
uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
Revert "scsi: aic94xx: fix module loading"
Linux 4.9.159
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Commit 18ea66bd6e7a95bdc598223d72757190916af28b upstream.
With Spectre-v1.1 mitigations, __put_user_error is pointless. In an attempt
to remove it, replace its references in frame setups with __put_user.
Signed-off-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David A. Long <dave.long@linaro.org>
Reviewed-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Commit 3aa2df6ec2ca6bc143a65351cca4266d03a8bc41 upstream.
Use __copy_to_user() rather than __put_user_error() for individual
members when saving VFP state.
This has the benefit of disabling/enabling PAN once per copied struct
intead of once per write.
Signed-off-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David A. Long <dave.long@linaro.org>
Reviewed-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Commit 5ca451cf6ed04443774bbb7ee45332dafa42e99f upstream.
When saving the ARM integer registers, use __copy_to_user() to
copy them into user signal frame, rather than __put_user_error().
This has the benefit of disabling/enabling PAN once for the whole copy
intead of once per write.
Signed-off-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David A. Long <dave.long@linaro.org>
Reviewed-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlv3qkcACgkQONu9yGCS
aT7Uvw/9G5uckzWKAPCFNeV44j2Pn6JekmSj0/eLZgKKb8QCNH6CB/f0jvsB6GY5
9OXK2PuRNEuzfFF7C/7lNd9POpRFLnWxyBIEChTZKzQDBeLX8ormovb8N3WeMbm1
zjOUeW6c/8ixEiXH853ZNexGGPruPfsMpv0UTdWnn2/NN0WD4+VGJ51gXw9eBoQG
HuTRgLLz5bdvKa2ax4RmEk1+mnHSSwazCsRwC6KX6Y6Czhvc8Hl6kNgGdc+nrvWP
AOUHjKbxPUWzEPVIh5lpX6oD3Q1Gl7YGTlwLHBclF5VHsklOROkv0MKrbinBylmx
ueAp65EWrwfq8bLfCtI/VqKti2fPTZlmmbSFCzH4p1h6yLMsFM4Zvi9Shx1QgDF8
4Lx0SpeYu0PnwiBP7z73uEsbKZfjAYXtBDuIG7mufQWi53/71Xa+46mVlfzQEXou
b+4K7dj0ePKZ7eaA1NvENAAumHqSn26QV1xxmEUS7IVBn2Md16c5LR/jP+6OSN8J
5xToxuHkDkOBAccKklC+q6hcsmh2AChxM50CdGG6G480sos6RAYWAiIP0ufrrfXh
iLiI9iI7kLlnA7vkTF4JQGeEryVWUDBTaDHPk5wl4xK9EO8qvImzvsYp3uDyljQy
04DeIVJpGvXlxs4NBjT9Dw9718yiduG8MU58zqciBnG2ICJ9CTk=
=rAPN
-----END PGP SIGNATURE-----
Merge 4.9.139 into android-4.9
Changes in 4.9.139
flow_dissector: do not dissect l4 ports for fragments
ip_tunnel: don't force DF when MTU is locked
net-gro: reset skb->pkt_type in napi_reuse_skb()
sctp: not allow to set asoc prsctp_enable by sockopt
tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths
usbnet: smsc95xx: disable carrier check while suspending
inet: frags: better deal with smp races
ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
kbuild: Add better clang cross build support
kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS
kbuild: Consolidate header generation from ASM offset information
kbuild: consolidate redundant sed script ASM offset generation
kbuild: fix asm-offset generation to work with clang
kbuild: drop -Wno-unknown-warning-option from clang options
kbuild, LLVMLinux: Add -Werror to cc-option to support clang
kbuild: use -Oz instead of -Os when using clang
kbuild: Add support to generate LLVM assembly files
modules: mark __inittest/__exittest as __maybe_unused
x86/kbuild: Use cc-option to enable -falign-{jumps/loops}
crypto, x86: aesni - fix token pasting for clang
kbuild: Add __cc-option macro
x86/build: Use __cc-option for boot code compiler options
x86/build: Specify stack alignment for clang
kbuild: clang: Disable 'address-of-packed-member' warning
crypto: arm64/sha - avoid non-standard inline asm tricks
x86/boot: #undef memcpy() et al in string.c
efi/libstub/arm64: Use hidden attribute for struct screen_info reference
efi/libstub/arm64: Force 'hidden' visibility for section markers
efi/libstub: Preserve .debug sections after absolute relocation check
efi/libstub/arm64: Set -fpie when building the EFI stub
x86/build: Fix stack alignment for CLang
x86/build: Use cc-option to validate stack alignment parameter
Kbuild: use -fshort-wchar globally
arm64: uaccess: suppress spurious clang warning
ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs
ARM: bugs: prepare processor bug infrastructure
ARM: bugs: hook processor bug checking into SMP and suspend paths
ARM: bugs: add support for per-processor bug checking
ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre
ARM: spectre-v2: harden branch predictor on context switches
ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit
ARM: spectre-v2: harden user aborts in kernel space
ARM: spectre-v2: add firmware based hardening
ARM: spectre-v2: warn about incorrect context switching functions
ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17
ARM: KVM: invalidate icache on guest exit for Cortex-A15
ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15
ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1
ARM: spectre-v1: add speculation barrier (csdb) macros
ARM: spectre-v1: add array_index_mask_nospec() implementation
ARM: spectre-v1: fix syscall entry
ARM: signal: copy registers using __copy_from_user()
ARM: vfp: use __copy_from_user() when restoring VFP state
ARM: oabi-compat: copy semops using __copy_from_user()
ARM: use __inttype() in get_user()
ARM: spectre-v1: use get_user() for __get_user()
ARM: spectre-v1: mitigate user accesses
Linux 4.9.139
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Commit 42019fc50dfadb219f9e6ddf4c354f3837057d80 upstream.
__get_user_error() is used as a fast accessor to make copying structure
members in the signal handling path as efficient as possible. However,
with software PAN and the recent Spectre variant 1, the efficiency is
reduced as these are no longer fast accessors.
In the case of software PAN, it has to switch the domain register around
each access, and with Spectre variant 1, it would have to repeat the
access_ok() check for each access.
Use __copy_from_user() rather than __get_user_err() for individual
members when restoring VFP state.
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David A. Long <dave.long@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit c32cd419d6650e42b9cdebb83c672ec945e6bd7e upstream.
__get_user_error() is used as a fast accessor to make copying structure
members in the signal handling path as efficient as possible. However,
with software PAN and the recent Spectre variant 1, the efficiency is
reduced as these are no longer fast accessors.
In the case of software PAN, it has to switch the domain register around
each access, and with Spectre variant 1, it would have to repeat the
access_ok() check for each access.
It becomes much more efficient to use __copy_from_user() instead, so
let's use this for the ARM integer registers.
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David A. Long <dave.long@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry-picked from e33f8d32677fa4f4f8996ef46748f86aac81ccff)
Disable the generic address limit check in favor of an architecture
specific optimized implementation. The generic implementation using
pending work flags did not work well with ARM and alignment faults.
The address limit is checked on each syscall return path to user-mode
path as well as the irq user-mode return function. If the address limit
was changed, a function is called to report data corruption (stopping
the kernel or process based on configuration).
The address limit check has to be done before any pending work because
they can reset the address limit and the process is killed using a
SIGKILL signal. For example the lkdtm address limit check does not work
because the signal to kill the process will reset the user-mode address
limit.
Change-Id: I4a2a9f5d25fe395f7da785abeedd2dac347a477c
Signed-off-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Leonard Crestez <leonard.crestez@nxp.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Pratyush Anand <panand@redhat.com>
Cc: Dave Martin <Dave.Martin@arm.com>
Cc: Will Drewry <wad@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: David Howells <dhowells@redhat.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-api@vger.kernel.org
Cc: Yonghong Song <yhs@fb.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/1504798247-48833-4-git-send-email-keescook@chromium.org
Signed-off-by: Satya Tangirala <satyat@google.com>
Pull ARM fixes from Russell King:
"Three fixes and a resulting cleanup for -rc2:
- Andre Przywara reported that he was seeing a warning with the new
cast inside DMA_ERROR_CODE's definition, and fixed the incorrect
use.
- Doug Anderson noticed that kgdb causes a "scheduling while atomic"
bug.
- OMAP5 folk noticed that their Thumb-2 compiled X servers crashed
when enabling support to cover ARMv6 CPUs due to a kernel bug
leaking some conditional context into the signal handler"
* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
ARM: 8425/1: kgdb: Don't try to stop the machine when setting breakpoints
ARM: 8437/1: dma-mapping: fix build warning with new DMA_ERROR_CODE definition
ARM: get rid of needless #if in signal handling code
ARM: fix Thumb2 signal handling when ARMv6 is enabled
Remove the #if statement which caused trouble for kernels that support
both ARMv6 and ARMv7. Older architectures do not implement these bits,
so it should be safe to always clear them.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
When a kernel is built covering ARMv6 to ARMv7, we omit to clear the
IT state when entering a signal handler. This can cause the first
few instructions to be conditionally executed depending on the parent
context.
In any case, the original test for >= ARMv7 is broken - ARMv6 can have
Thumb-2 support as well, and an ARMv6T2 specific build would omit this
code too.
Relax the test back to ARMv6 or greater. This results in us always
clearing the IT state bits in the PSR, even on CPUs where these bits
are reserved. However, they're reserved for the IT state, so this
should cause no harm.
Cc: <stable@vger.kernel.org>
Fixes: d71e1352e2 ("Clear the IT state when invoking a Thumb-2 signal handler")
Acked-by: Tony Lindgren <tony@atomide.com>
Tested-by: H. Nikolaus Schaller <hns@goldelico.com>
Tested-by: Grazvydas Ignotas <notasas@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Make the "fast" syscall return path fast again. The addition of IRQ
tracing and context tracking has made this path grossly inefficient.
We can do much better if these options are enabled if we save the
syscall return code on the stack - we then don't need to save a bunch
of registers around every single callout to C code.
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
As execution domain support is gone we can remove
signal translation from the signal code and remove
exec_domain from thread_info.
Signed-off-by: Richard Weinberger <richard@nod.at>
If an attacker can cause a controlled kernel stack overflow, overwriting
the restart block is a very juicy exploit target. This is because the
restart_block is held in the same memory allocation as the kernel stack.
Moving the restart block to struct task_struct prevents this exploit by
making the restart_block harder to locate.
Note that there are other fields in thread_info that are also easy
targets, at least on some architectures.
It's also a decent simplification, since the restart code is more or less
identical on all architectures.
[james.hogan@imgtec.com: metag: align thread_info::supervisor_stack]
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: David Miller <davem@davemloft.net>
Acked-by: Richard Weinberger <richard@nod.at>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Haavard Skinnemoen <hskinnemoen@gmail.com>
Cc: Hans-Christian Egtvedt <egtvedt@samfundet.no>
Cc: Steven Miao <realmz6@gmail.com>
Cc: Mark Salter <msalter@redhat.com>
Cc: Aurelien Jacquiot <a-jacquiot@ti.com>
Cc: Mikael Starvik <starvik@axis.com>
Cc: Jesper Nilsson <jesper.nilsson@axis.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Richard Kuo <rkuo@codeaurora.org>
Cc: "Luck, Tony" <tony.luck@intel.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Michal Simek <monstr@monstr.eu>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Jonas Bonn <jonas@southpole.se>
Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
Cc: Helge Deller <deller@gmx.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Tested-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Chen Liqin <liqin.linux@gmail.com>
Cc: Lennox Wu <lennox.wu@gmail.com>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: Chris Zankel <chris@zankel.net>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch remove clear_thread_flag(TIF_UPROBE) in do_work_pending(),
because uprobe_notify_resume() have do this.
Signed-off-by: Yalin Wang <yalin.wang@sonymobile.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Using Rabin Vincent's ARM uprobes patches as a base, enable uprobes
support on ARM.
Caveats:
- Thumb is not supported
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: David A. Long <dave.long@linaro.org>
The ARM architecture reference specifies that the IT state bits in the
PSR must be all zeros in ARM mode or behavior is unspecified. On the
Qualcomm Snapdragon S4/Krait architecture CPUs the processor continues
to consider the IT state bits while in ARM mode. This makes it so
that some instructions are skipped by the CPU.
Signed-off-by: T.J. Purtell <tj@mobisocial.us>
[rmk+kernel@arm.linux.org.uk: fixed whitespace formatting in patch]
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
In case of BE8 kernel data is in BE order whereas code stays in LE
order. Move sigreturn_codes to separate .S file and use proper
assembler mnemonics for these code snippets. In this case compiler
will take care of proper instructions byteswaps for BE8 case.
Change assumes that sufficiently Thumb-capable tools are used to
build kernel.
Problem was discovered during ltp testing of BE system: all rt_sig*
tests failed. Tested against the same tests in both BE and LE modes.
Signed-off-by: Victor Kamensky <victor.kamensky@linaro.org>
Reviewed-by: Dave Martin <Dave.Martin@arm.com>
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Olof reports that noMMU builds error out with:
arch/arm/kernel/signal.c: In function 'setup_return':
arch/arm/kernel/signal.c:413:25: error: 'mm_context_t' has no member named 'sigpage'
This shows one of the evilnesses of IS_ENABLED(). Get rid of it here
and replace it with #ifdef's - and as no noMMU platform can make use
of sigpage, depend on CONIFG_MMU not CONFIG_ARM_MPU.
Reported-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Unfortunately, I never committed the fix to a nasty oops which can
occur as a result of that commit:
------------[ cut here ]------------
kernel BUG at /home/olof/work/batch/include/linux/mm.h:414!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 490 Comm: killall5 Not tainted 3.11.0-rc3-00288-gabe0308 #53
task: e90acac0 ti: e9be8000 task.ti: e9be8000
PC is at special_mapping_fault+0xa4/0xc4
LR is at __do_fault+0x68/0x48c
This doesn't show up unless you do quite a bit of testing; a simple
boot test does not do this, so all my nightly tests were passing fine.
The reason for this is that install_special_mapping() expects the
page array to stick around, and as this was only inserting one page
which was stored on the kernel stack, that's why this was blowing up.
Reported-by: Olof Johansson <olof@lixom.net>
Tested-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Move the signal handlers into a VDSO page rather than keeping them in
the vectors page. This allows us to place them randomly within this
page, and also map the page at a random location within userspace
further protecting these code fragments from ROP attacks. The new
VDSO page is also poisoned in the same way as the vector page.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Without an MMU it is possible for userspace programs to start executing code
in places that they have no business executing. The MPU allows some level of
protection against this.
This patch protects the vectors page from access by userspace processes.
Userspace tasks that dereference a null pointer are already protected by an
svc at 0x0 that kills them. However when tasks use an offset from a null
pointer (eg a function in a null struct) they miss this carefully placed svc
and enter the exception vectors in user mode, ending up in the kernel.
This patch causes programs that do this to receive a SEGV instead of happily
entering the kernel in user-mode, and hence avoid a 'Bad Mode' panic.
As part of this change it is necessary to make sigreturn happen via the
stack when there is not an sa_restorer function. This change is invisible to
userspace, and irrelevant to code compiled using a uClibc toolchain, which
always uses an sa_restorer function.
Because we don't get to remap the vectors in !MMU kuser_helpers are not
in a defined location, and hence aren't usable. This means we don't need to
worry about keeping them accessible from PL0
Signed-off-by: Jonathan Austin <jonathan.austin@arm.com>
Reviewed-by: Will Deacon <will.deacon@arm.com>
CC: Nicolas Pitre <nico@linaro.org>
CC: Catalin Marinas <catalin.marinas@arm.com>
This include is no longer needed.
(seems to be a leftover from try_to_freeze())
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
just let do_work_pending() return 1 on normal local restarts and
-1 on those that had been caused by ERESTART_RESTARTBLOCK (and 0
is still "all done, sod off to userland now"). And let the asm
glue flip scno to restart_syscall(2) one if it got negative from
us...
[will: resolved conflicts with audit fixes]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This reverts commit 3b0c062267.
We no longer require the restart trampoline for syscall restarting.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This reverts commit 433e2f307b.
Conflicts:
arch/arm/kernel/ptrace.c
Reintroduce the new syscall restart handling in preparation for further
patches from Al Viro.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This reverts commit 6b5c8045ec.
Conflicts:
arch/arm/kernel/ptrace.c
The new syscall restarting code can lead to problems if we take an
interrupt in userspace just before restarting the svc instruction. If
a signal is delivered when returning from the interrupt, the
TIF_SYSCALL_RESTARTSYS will remain set and cause any syscalls executed
from the signal handler to be treated as a restart of the previously
interrupted system call. This includes the final sigreturn call, meaning
that we may fail to exit from the signal context. Furthermore, if a
system call made from the signal handler requires a restart via the
restart_block, it is possible to clear the thread flag and fail to
restart the originally interrupted system call.
The right solution to this problem is to perform the restarting in the
kernel, avoiding the possibility of handling a further signal before the
restart is complete. Since we're almost at -rc6, let's revert the new
method for now and aim for in-kernel restarting at a later date.
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This reverts commit fa18484d09.
We need the restart trampoline back so that we can revert a related
problematic patch 6b5c8045ec ("arm: new
way of handling ERESTART_RESTARTBLOCK").
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Does block_sigmask() + tracehook_signal_handler(); called when
sigframe has been successfully built. All architectures converted
to it; block_sigmask() itself is gone now (merged into this one).
I'm still not too happy with the signature, but that's a separate
story (IMO we need a structure that would contain signal number +
siginfo + k_sigaction, so that get_signal_to_deliver() would fill one,
signal_delivered(), handle_signal() and probably setup...frame() -
take one).
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Only 3 out of 63 do not. Renamed the current variant to __set_current_blocked(),
added set_current_blocked() that will exclude unblockable signals, switched
open-coded instances to it.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
replace boilerplate "should we use ->saved_sigmask or ->blocked?"
with calls of obvious inlined helper...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
first fruits of ..._restore_sigmask() helpers: now we can take
boilerplate "signal didn't have a handler, clear RESTORE_SIGMASK
and restore the blocked mask from ->saved_mask" into a common
helper. Open-coded instances switched...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Pull second pile of signal handling patches from Al Viro:
"This one is just task_work_add() series + remaining prereqs for it.
There probably will be another pull request from that tree this
cycle - at least for helpers, to get them out of the way for per-arch
fixes remaining in the tree."
Fix trivial conflict in kernel/irq/manage.c: the merge of Andrew's pile
had brought in commit 97fd75b7b8 ("kernel/irq/manage.c: use the
pr_foo() infrastructure to prefix printks") which changed one of the
pr_err() calls that this merge moves around.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal:
keys: kill task_struct->replacement_session_keyring
keys: kill the dummy key_replace_session_keyring()
keys: change keyctl_session_to_parent() to use task_work_add()
genirq: reimplement exit_irq_thread() hook via task_work_add()
task_work_add: generic process-context callbacks
avr32: missed _TIF_NOTIFY_RESUME on one of do_notify_resume callers
parisc: need to check NOTIFY_RESUME when exiting from syscall
move key_repace_session_keyring() into tracehook_notify_resume()
TIF_NOTIFY_RESUME is defined on all targets now
Pull arm updates from Russell King:
"This contains both some fixes found when trying to get the
Assabet+neponset setup as a replacement firewall with a 3c589 PCMCIA
card, and a bunch of changes from Al to fix up the ARM signal
handling, particularly some of the restart behaviour."
* 'for-linus' of git://git.linaro.org/people/rmk/linux-arm:
ARM: neponset: make sure neponset_ncr_frob() is exported
ARM: fix out[bwl]()
arm: don't open-code ptrace_report_syscall()
arm: bury unused _TIF_RESTORE_SIGMASK
arm: remove unused restart trampoline
arm: new way of handling ERESTART_RESTARTBLOCK
arm: if we get into work_pending while returning to kernel mode, just go away
arm: don't call try_to_freeze() from do_signal()
arm: if there's no handler we need to restore sigmask, syscall or no syscall
arm: trim _TIF_WORK_MASK, get rid of useless test and branch...
arm: missing checks of __get_user()/__put_user() return values
guts of saved_sigmask-based sigsuspend/rt_sigsuspend. Takes
kernel sigset_t *.
Open-coded instances replaced with calling it.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
new "syscall start" flag; handled in syscall_trace() by switching
syscall number to that of syscall_restart(2). Restarts of that
kind (ERESTART_RESTARTBLOCK) are handled by setting that bit;
syscall number is not modified until the actual call.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
checking in do_signal() is pointless - if we get there with !user_mode(regs)
(and we might), we'll end up looping indefinitely. Check in work_pending
and break out of the loop if so.
Acked-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Greg Kroah-Hartman