lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Mon, 14 Jul 2014 13:08:39 +0100
From:	Catalin Marinas <catalin.marinas@....com>
To:	Sebastian Hesselbarth <sebastian.hesselbarth@...il.com>
Cc:	Russell King <linux@....linux.org.uk>,
	Jean-Francois Moine <moinejf@...e.fr>,
	Jason Cooper <jason@...edaemon.net>,
	"linux-arm-kernel@...ts.infradead.org" 
	<linux-arm-kernel@...ts.infradead.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] ARM: Fix preemption disable in iwmmxt_task_enable()

On Sat, Jul 12, 2014 at 12:05:30PM +0100, Sebastian Hesselbarth wrote:
> commit 431a84b1a4f7d1a0085d5b91330c5053cc8e8b12
>  ("ARM: 8034/1: Disable preemption in iwmmxt_task_enable()")
> introduced macros {inc,dec}_preempt_count to iwmmxt_task_enable
> to make it run with preemption disabled.
> 
> Unfortunately, other functions in iwmmxt.S also use concan_{save,dump,load}
> sections located in iwmmxt_task_enable() to deal with iWMMXt coprocessor.
> This causes an unbalanced preempt_count due to excessive dec_preempt_count
> and destroyed return addresses in callers of concan_ labels due to a register
> collision:
> 
> Linux version 3.16.0-rc3-00062-gd92a333-dirty (jef@...hf) (gcc version 4.8.3 (Debian 4.8.3-4) ) #5 PREEMPT Thu Jul 3 19:46:39 CEST 2014
> CPU: ARMv7 Processor [560f5815] revision 5 (ARMv7), cr=10c5387d
> CPU: PIPT / VIPT nonaliasing data cache, PIPT instruction cache
> Machine model: SolidRun CuBox
> ...
> PJ4 iWMMXt v2 coprocessor enabled.
> ...
> Unable to handle kernel paging request at virtual address fffffffe
> pgd = bb25c000
> [fffffffe] *pgd=3bfde821, *pte=00000000, *ppte=00000000
> Internal error: Oops: 80000007 [#1] PREEMPT ARM
> Modules linked in:
> CPU: 0 PID: 62 Comm: startpar Not tainted 3.16.0-rc3-00062-gd92a333-dirty #5
> task: bb230b80 ti: bb256000 task.ti: bb256000
> PC is at 0xfffffffe
> LR is at iwmmxt_task_copy+0x44/0x4c
> pc : [<fffffffe>]    lr : [<800130ac>]    psr: 40000033
> sp : bb257de8  ip : 00000013  fp : bb257ea4
> r10: bb256000  r9 : fffffdfe  r8 : 76e898e6
> r7 : bb257ec8  r6 : bb256000  r5 : 7ea12760  r4 : 000000a0
> r3 : ffffffff  r2 : 00000003  r1 : bb257df8  r0 : 00000000
> Flags: nZcv  IRQs on  FIQs on  Mode SVC_32  ISA Thumb  Segment user
> Control: 10c5387d  Table: 3b25c019  DAC: 00000015
> Process startpar (pid: 62, stack limit = 0xbb256248)
> 
> This patch fixes the issue by moving concan_{save,dump,load} into separate
> code sections and make iwmmxt_task_enable() call them in the same way the
> other functions use concan_ symbols. The test for valid ownership is moved
> to concan_save and is safe for the other user of it, iwmmxt_task_disable().
> The register collision is also resolved by moving concan_ symbols as
> {inc,dec}_preempt_count are now local to iwmmxt_task_enable().
> 
> Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@...il.com>
> Reported-by: Jean-Francois Moine <moinejf@...e.fr>
> Fixes: 431a84b1a4f7 ("ARM: 8034/1: Disable preemption in iwmmxt_task_enable()")
> ---
> The offending commit was intoduced past v3.15-rc1 and the corresponding fix
> should also be queued up for stable v3.15+
> 
> Changelog
> v1->v2:
> - return immediately from concan_ instead of branch to 3f, i.e. replace
>   'beq 3f' with 'moveq pc, lr' (Suggested by Catalin Marinas)
> 
> Cc: Russell King <linux@....linux.org.uk>
> Cc: Catalin Marinas <catalin.marinas@....com>
> Cc: Jean-Francois Moine <moinejf@...e.fr>
> Cc: Jason Cooper <jason@...edaemon.net>
> Cc: linux-arm-kernel@...ts.infradead.org
> Cc: linux-kernel@...r.kernel.org

Acked-by: Catalin Marinas <catalin.marinas@....com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists