diff for duplicates of <1500388566.11612.74.camel@nxp.com> diff --git a/a/1.txt b/N1/1.txt index 0fb165b..b69c829 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -13,7 +13,7 @@ On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote: > > [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=990 > -> Signed-off-by: Thomas Garnier <thgarnie@google.com> +> Signed-off-by: Thomas Garnier <thgarnie-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> > --- > v10 redesigns the change to use work flags on set_fs as recommended by > Linus and agreed by others. diff --git a/a/content_digest b/N1/content_digest index 3c58844..0921de1 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,38 +1,36 @@ "ref\020170615011203.144108-1-thgarnie@google.com\0" "ref\020170615011203.144108-2-thgarnie@google.com\0" - "From\0Leonard Crestez <leonard.crestez@nxp.com>\0" - "Subject\0[kernel-hardening] Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" + "ref\020170615011203.144108-2-thgarnie-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org\0" + "From\0Leonard Crestez <leonard.crestez-3arQi8VN3Tc@public.gmane.org>\0" + "Subject\0Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" "Date\0Tue, 18 Jul 2017 17:36:06 +0300\0" - "To\0Thomas Garnier <thgarnie@google.com>" - Thomas Gleixner <tglx@linutronix.de> - Ingo Molnar <mingo@redhat.com> - H . Peter Anvin <hpa@zytor.com> - Andy Lutomirski <luto@kernel.org> - Paolo Bonzini <pbonzini@redhat.com> - Rik van Riel <riel@redhat.com> - Oleg Nesterov <oleg@redhat.com> - Josh Poimboeuf <jpoimboe@redhat.com> - Petr Mladek <pmladek@suse.com> - Miroslav Benes <mbenes@suse.cz> - Kees Cook <keescook@chromium.org> - Al Viro <viro@zeniv.linux.org.uk> - Arnd Bergmann <arnd@arndb.de> - Dave Hansen <dave.hansen@intel.com> - David Howells <dhowells@redhat.com> - Russell King <linux@armlinux.org.uk> - Andy Lutomirski <luto@amacapital.net> - Will Drewry <wad@chromium.org> - Will Deacon <will.deacon@arm.com> - Catalin Marinas <catalin.marinas@arm.com> - Mark Rutland <mark.rutland@arm.com> - Pratyush Anand <panand@redhat.com> - " Chris Metcalf <cmetcalf@mellanox.com>\0" - "Cc\0linux-api@vger.kernel.org" - x86@kernel.org - linux-kernel@vger.kernel.org - linux-arm-kernel@lists.infradead.org - kernel-hardening@lists.openwall.com - " Octavian Purdila <octavian.purdila@nxp.com>\0" + "To\0Thomas Garnier <thgarnie-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>" + Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org> + Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + H . Peter Anvin <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org> + Andy Lutomirski <luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> + Paolo Bonzini <pbonzini-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Rik van Riel <riel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Josh Poimboeuf <jpoimboe-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Petr Mladek <pmladek-IBi9RG/b67k@public.gmane.org> + Miroslav Benes <mbenes-AlSwsSmVLrQ@public.gmane.org> + Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> + Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org> + Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org> + Dave Hansen <dave.hansen-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> + David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> + Russell King <linux-I+IVW8TIWO2tmTQ+vhA3Yw@public.gmane.org> + Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> + Will Drewry <wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> + Will Deacon <will.deacon-5wv7dgnIgG8@public.gmane.org> + " Catalin Marinas <catalin.marin>\0" + "Cc\0linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" + x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org + linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org + linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org + kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org + " Octavian Purdila <octavian.purdila-3arQi8VN3Tc@public.gmane.org>\0" "\00:1\0" "b\0" "On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote:\n" @@ -50,7 +48,7 @@ "> \n" "> [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=990\n" "> \n" - "> Signed-off-by: Thomas Garnier <thgarnie@google.com>\n" + "> Signed-off-by: Thomas Garnier <thgarnie-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>\n" "> ---\n" "> v10 redesigns the change to use work flags on set_fs as recommended by\n" "> Linus and agreed by others.\n" @@ -261,4 +259,4 @@ "Regards,\n" Leonard -ce040e792ad743f212bf1882644b5534155601a2012e1289ccf6328dc99d35fb +6619c9bc178240ec1ca111875693b188a4066f3265008dffd588e1113a98ae8d
diff --git a/a/1.txt b/N2/1.txt index 0fb165b..e50c377 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -20,20 +20,20 @@ On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote: > > Based on next-20170609 > --- -> arch/arm/include/asm/thread_info.h | 15 +++++++++------ -> arch/arm/include/asm/uaccess.h | 2 ++ -> arch/arm/kernel/entry-common.S | 9 +++++++-- -> arch/arm/kernel/signal.c | 5 +++++ -> 4 files changed, 23 insertions(+), 8 deletions(-) +> ?arch/arm/include/asm/thread_info.h | 15 +++++++++------ +> ?arch/arm/include/asm/uaccess.h?????|??2 ++ +> ?arch/arm/kernel/entry-common.S?????|??9 +++++++-- +> ?arch/arm/kernel/signal.c???????????|??5 +++++ +> ?4 files changed, 23 insertions(+), 8 deletions(-) > > diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h > index 776757d1604a..1d468b527b7b 100644 > --- a/arch/arm/include/asm/thread_info.h > +++ b/arch/arm/include/asm/thread_info.h > @@ -139,10 +139,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, -> #define TIF_NEED_RESCHED 1 /* rescheduling necessary */ -> #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ -> #define TIF_UPROBE 3 /* breakpointed or singlestepping */ +> ?#define TIF_NEED_RESCHED 1 /* rescheduling necessary */ +> ?#define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ +> ?#define TIF_UPROBE 3 /* breakpointed or singlestepping */ > -#define TIF_SYSCALL_TRACE 4 /* syscall trace active */ > -#define TIF_SYSCALL_AUDIT 5 /* syscall auditing active */ > -#define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ @@ -43,97 +43,97 @@ On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote: > +#define TIF_SYSCALL_AUDIT 6 /* syscall auditing active */ > +#define TIF_SYSCALL_TRACEPOINT 7 /* syscall tracepoint instrumentation */ > +#define TIF_SECCOMP 8 /* seccomp syscall filtering active */ -> -> #define TIF_NOHZ 12 /* in adaptive nohz mode */ -> #define TIF_USING_IWMMXT 17 +> ? +> ?#define TIF_NOHZ 12 /* in adaptive nohz mode */ +> ?#define TIF_USING_IWMMXT 17 > @@ -153,6 +154,7 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, -> #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) -> #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) -> #define _TIF_UPROBE (1 << TIF_UPROBE) +> ?#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) +> ?#define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) +> ?#define _TIF_UPROBE (1 << TIF_UPROBE) > +#define _TIF_FSCHECK (1 << TIF_FSCHECK) -> #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) -> #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) -> #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) +> ?#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) +> ?#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) +> ?#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) > @@ -166,8 +168,9 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, -> /* -> * Change these and you break ASM code in entry-common.S -> */ +> ?/* +> ? * Change these and you break ASM code in entry-common.S +> ? */ > -#define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ -> - _TIF_NOTIFY_RESUME | _TIF_UPROBE) +> - ?_TIF_NOTIFY_RESUME | _TIF_UPROBE) > +#define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ -> + _TIF_NOTIFY_RESUME | _TIF_UPROBE | \ -> + _TIF_FSCHECK) -> -> #endif /* __KERNEL__ */ -> #endif /* __ASM_ARM_THREAD_INFO_H */ +> + ?_TIF_NOTIFY_RESUME | _TIF_UPROBE | \ +> + ?_TIF_FSCHECK) +> ? +> ?#endif /* __KERNEL__ */ +> ?#endif /* __ASM_ARM_THREAD_INFO_H */ > diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h > index 2577405d082d..6cc882223e34 100644 > --- a/arch/arm/include/asm/uaccess.h > +++ b/arch/arm/include/asm/uaccess.h > @@ -77,6 +77,8 @@ static inline void set_fs(mm_segment_t fs) -> { -> current_thread_info()->addr_limit = fs; -> modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER); +> ?{ +> ? current_thread_info()->addr_limit = fs; +> ? modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER); > + /* On user-mode return, check fs is correct */ > + set_thread_flag(TIF_FSCHECK); -> } -> -> #define segment_eq(a, b) ((a) == (b)) +> ?} +> ? +> ?#define segment_eq(a, b) ((a) == (b)) > diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S > index eb5cd77bf1d8..e33c32d56193 100644 > --- a/arch/arm/kernel/entry-common.S > +++ b/arch/arm/kernel/entry-common.S > @@ -41,7 +41,9 @@ ret_fast_syscall: -> UNWIND(.cantunwind ) -> disable_irq_notrace @ disable interrupts -> ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing +> ? UNWIND(.cantunwind ) +> ? disable_irq_notrace @ disable interrupts +> ? ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing > - tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK > + tst r1, #_TIF_SYSCALL_WORK > + bne fast_work_pending > + tst r1, #_TIF_WORK_MASK -> bne fast_work_pending -> -> /* perform architecture specific actions before user return */ +> ? bne fast_work_pending +> ? +> ? /* perform architecture specific actions before user return */ > @@ -67,12 +69,15 @@ ret_fast_syscall: -> str r0, [sp, #S_R0 + S_OFF]! @ save returned r0 -> disable_irq_notrace @ disable interrupts -> ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing +> ? str r0, [sp, #S_R0 + S_OFF]! @ save returned r0 +> ? disable_irq_notrace @ disable interrupts +> ? ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing > - tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK > + tst r1, #_TIF_SYSCALL_WORK > + bne fast_work_pending > + tst r1, #_TIF_WORK_MASK -> beq no_work_pending -> UNWIND(.fnend ) -> ENDPROC(ret_fast_syscall) -> -> /* Slower path - fall through to work_pending */ +> ? beq no_work_pending +> ? UNWIND(.fnend ) +> ?ENDPROC(ret_fast_syscall) +> ? +> ? /* Slower path - fall through to work_pending */ > +fast_work_pending: -> #endif -> -> tst r1, #_TIF_SYSCALL_WORK +> ?#endif +> ? +> ? tst r1, #_TIF_SYSCALL_WORK > diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c > index 7b8f2141427b..3a48b54c6405 100644 > --- a/arch/arm/kernel/signal.c > +++ b/arch/arm/kernel/signal.c > @@ -14,6 +14,7 @@ -> #include -> #include -> #include +> ?#include +> ?#include +> ?#include > +#include -> -> #include -> #include +> ? +> ?#include +> ?#include > @@ -571,6 +572,10 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) -> * Update the trace code with the current status. -> */ -> trace_hardirqs_off(); +> ? ?* Update the trace code with the current status. +> ? ?*/ +> ? trace_hardirqs_off(); > + > + /* Check valid user FS if needed */ > + addr_limit_user_check(); > + -> do { -> if (likely(thread_flags & _TIF_NEED_RESCHED)) { -> schedule(); +> ? do { +> ? if (likely(thread_flags & _TIF_NEED_RESCHED)) { +> ? schedule(); This patch made it's way into linux-next next-20170717 and it seems to cause hangs when booting some boards over NFS (found via bisection). I @@ -156,66 +156,66 @@ the do_work_pending loop and the answer seems to be yes. I also tried to get a stack with a set_fs call from inside do_work_pending and got the following: -[ 227.582402] CPU: 0 PID: 829 Comm: sleep Not tainted 4.12.0-01057-g93af8f7-dirty #332 -[ 227.590171] Hardware name: Freescale i.MX6 SoloLite (Device Tree) -[ 227.596275] Backtrace: -[ 227.598754] [<c010cbb4>] (dump_backtrace) from [<c010ce60>] (show_stack+0x18/0x1c) -[ 227.606339] r7:00000000 r6:60070113 r5:00000000 r4:c105a958 -[ 227.612016] [<c010ce48>] (show_stack) from [<c0493498>] (dump_stack+0xb4/0xe8) -[ 227.619258] [<c04933e4>] (dump_stack) from [<c010c350>] (mydbg_set_fs+0x40/0x48) -[ 227.626671] r9:c08cf35c r8:ee1cda7c r7:ee1e3dce r6:bf000000 r5:00000000 r4:ffffe000 -[ 227.634433] [<c010c310>] (mydbg_set_fs) from [<c021f0b8>] (__probe_kernel_read+0x44/0xd0) -[ 227.642629] [<c021f074>] (__probe_kernel_read) from [<c011b8d8>] (do_alignment+0x8c/0x75c) -[ 227.650909] r10:ef085000 r9:c08cf35c r8:00000001 r7:ee1e3dce r6:c011b84c r5:ee1cdbe0 -[ 227.658748] r4:00000000 r3:00000000 -[ 227.662338] [<c011b84c>] (do_alignment) from [<c0101394>] (do_DataAbort+0x40/0xc0) -[ 227.669921] r10:ef085000 r9:ee1cc000 r8:ee1cdbe0 r7:ee1e3dce r6:c011b84c r5:00000001 -[ 227.677760] r4:c100dd3c -[ 227.680308] [<c0101354>] (do_DataAbort) from [<c010da44>] (__dabt_svc+0x64/0xa0) -[ 227.687714] Exception stack(0xee1cdbe0 to 0xee1cdc28) -[ 227.692780] dbe0: 9064a8c0 ee1e3de2 d82727d8 00000000 ee1b20c0 ee1e3dce 00000000 ef08572c -[ 227.700971] dc00: c0bb2034 c10c75ea ef085000 ee1cdc74 ee1cdc00 ee1cdc30 c01761a8 c08cf35c -[ 227.709158] dc20: 40070113 ffffffff -[ 227.712661] r8:c0bb2034 r7:ee1cdc14 r6:ffffffff r5:40070113 r4:c08cf35c -[ 227.719382] [<c08cf16c>] (inet_gro_receive) from [<c084a8ec>] (dev_gro_receive+0x2f0/0x618) -[ 227.727746] r10:ef085000 r9:00000001 r8:00000000 r7:ef085710 r6:c1008b88 r5:ee1b20c0 -[ 227.735585] r4:c1009f78 -[ 227.738132] [<c084a5fc>] (dev_gro_receive) from [<c084ac8c>] (napi_gro_receive+0x78/0x1f4) -[ 227.746410] r10:ef085000 r9:00000001 r8:c10d15ec r7:c100792c r6:ef085710 r5:c10c744e -[ 227.754249] r4:ee1b20c0 -[ 227.756801] [<c084ac14>] (napi_gro_receive) from [<c06a2784>] (fec_enet_rx_napi+0x39c/0x988) -[ 227.765253] r9:00000001 r8:f0c8a960 r7:00000000 r6:00000000 r5:ef086000 r4:ee1b20c0 -[ 227.773010] [<c06a23e8>] (fec_enet_rx_napi) from [<c084a3a4>] (net_rx_action+0x21c/0x474) -[ 227.781201] r10:ee1cdd78 r9:c0fa7b80 r8:ef7dab80 r7:0000012c r6:00000040 r5:00000001 -[ 227.789039] r4:ef085710 -[ 227.791593] [<c084a188>] (net_rx_action) from [<c012f2d4>] (__do_softirq+0x158/0x534) -[ 227.799437] r10:00000008 r9:ee1cc000 r8:c10ce568 r7:c100792c r6:c10247bd r5:00000003 -[ 227.807275] r4:c100208c -[ 227.809824] [<c012f17c>] (__do_softirq) from [<c012fa68>] (irq_exit+0xec/0x168) -[ 227.817147] r10:c1007ea0 r9:ef010400 r8:00000001 r7:00000000 r6:c1007d3c r5:00000000 -[ 227.824984] r4:c0fa534c -[ 227.827534] [<c012f97c>] (irq_exit) from [<c01883f4>] (__handle_domain_irq+0x74/0xe8) -[ 227.835377] [<c0188380>] (__handle_domain_irq) from [<c01015fc>] (gic_handle_irq+0x58/0xbc) -[ 227.843742] r9:f080b100 r8:c105ae80 r7:ee1cde80 r6:000003ff r5:000003eb r4:f080b10c -[ 227.851498] [<c01015a4>] (gic_handle_irq) from [<c010daf0>] (__irq_svc+0x70/0x98) -[ 227.858990] Exception stack(0xee1cde80 to 0xee1cdec8) -[ 227.864056] de80: ee7a1140 00000001 00000000 000012a9 ee7a1140 ee9d9f10 ee76edc0 ee9d9f60 -[ 227.872248] dea0: 00000000 ee9d9f10 00000010 ee1cdeec ee1cdeb8 ee1cded0 c038a77c c0389688 -[ 227.880434] dec0: 60070013 ffffffff -[ 227.883937] r10:00000010 r9:ee1cc000 r8:00000000 r7:ee1cdeb4 r6:ffffffff r5:60070013 -[ 227.891775] r4:c0389688 -[ 227.894327] [<c038a6f8>] (nfs_file_clear_open_context) from [<c03860e8>] (nfs_file_release+0x54/0x60) -[ 227.903558] r7:ee9a78a0 r6:ee68f010 r5:ee9d9f10 r4:ee76edc0 -[ 227.909235] [<c0386094>] (nfs_file_release) from [<c0276cb4>] (__fput+0x94/0x1e0) -[ 227.916734] [<c0276c20>] (__fput) from [<c0276e60>] (____fput+0x10/0x14) -[ 227.923448] r10:c10d4298 r9:00000000 r8:00000000 r7:ef2ed780 r6:ef2edc00 r5:c10d5180 -[ 227.931286] r4:ef2edbd4 -[ 227.933839] [<c0276e50>] (____fput) from [<c014c534>] (task_work_run+0xc8/0xec) -[ 227.941166] [<c014c46c>] (task_work_run) from [<c010c484>] (do_work_pending+0x12c/0x1c4) -[ 227.949271] r9:ee1cdfb0 r8:00000000 r7:00000000 r6:ee1cc000 r5:00000000 r4:00000000 -[ 227.957029] [<c010c358>] (do_work_pending) from [<c0107c90>] (slow_work_pending+0xc/0x20) -[ 227.965219] r10:00000000 r9:ee1cc000 r8:c0107e24 r7:0000005b r6:b6f76568 r5:b6f741f0 -[ 227.973058] r4:b6f76904 +[??227.582402] CPU: 0 PID: 829 Comm: sleep Not tainted 4.12.0-01057-g93af8f7-dirty #332 +[??227.590171] Hardware name: Freescale i.MX6 SoloLite (Device Tree) +[??227.596275] Backtrace:? +[??227.598754] [<c010cbb4>] (dump_backtrace) from [<c010ce60>] (show_stack+0x18/0x1c) +[??227.606339]??r7:00000000 r6:60070113 r5:00000000 r4:c105a958 +[??227.612016] [<c010ce48>] (show_stack) from [<c0493498>] (dump_stack+0xb4/0xe8) +[??227.619258] [<c04933e4>] (dump_stack) from [<c010c350>] (mydbg_set_fs+0x40/0x48) +[??227.626671]??r9:c08cf35c r8:ee1cda7c r7:ee1e3dce r6:bf000000 r5:00000000 r4:ffffe000 +[??227.634433] [<c010c310>] (mydbg_set_fs) from [<c021f0b8>] (__probe_kernel_read+0x44/0xd0) +[??227.642629] [<c021f074>] (__probe_kernel_read) from [<c011b8d8>] (do_alignment+0x8c/0x75c) +[??227.650909]??r10:ef085000 r9:c08cf35c r8:00000001 r7:ee1e3dce r6:c011b84c r5:ee1cdbe0 +[??227.658748]??r4:00000000 r3:00000000 +[??227.662338] [<c011b84c>] (do_alignment) from [<c0101394>] (do_DataAbort+0x40/0xc0) +[??227.669921]??r10:ef085000 r9:ee1cc000 r8:ee1cdbe0 r7:ee1e3dce r6:c011b84c r5:00000001 +[??227.677760]??r4:c100dd3c +[??227.680308] [<c0101354>] (do_DataAbort) from [<c010da44>] (__dabt_svc+0x64/0xa0) +[??227.687714] Exception stack(0xee1cdbe0 to 0xee1cdc28) +[??227.692780] dbe0: 9064a8c0 ee1e3de2 d82727d8 00000000 ee1b20c0 ee1e3dce 00000000 ef08572c +[??227.700971] dc00: c0bb2034 c10c75ea ef085000 ee1cdc74 ee1cdc00 ee1cdc30 c01761a8 c08cf35c +[??227.709158] dc20: 40070113 ffffffff +[??227.712661]??r8:c0bb2034 r7:ee1cdc14 r6:ffffffff r5:40070113 r4:c08cf35c +[??227.719382] [<c08cf16c>] (inet_gro_receive) from [<c084a8ec>] (dev_gro_receive+0x2f0/0x618) +[??227.727746]??r10:ef085000 r9:00000001 r8:00000000 r7:ef085710 r6:c1008b88 r5:ee1b20c0 +[??227.735585]??r4:c1009f78 +[??227.738132] [<c084a5fc>] (dev_gro_receive) from [<c084ac8c>] (napi_gro_receive+0x78/0x1f4) +[??227.746410]??r10:ef085000 r9:00000001 r8:c10d15ec r7:c100792c r6:ef085710 r5:c10c744e +[??227.754249]??r4:ee1b20c0 +[??227.756801] [<c084ac14>] (napi_gro_receive) from [<c06a2784>] (fec_enet_rx_napi+0x39c/0x988) +[??227.765253]??r9:00000001 r8:f0c8a960 r7:00000000 r6:00000000 r5:ef086000 r4:ee1b20c0 +[??227.773010] [<c06a23e8>] (fec_enet_rx_napi) from [<c084a3a4>] (net_rx_action+0x21c/0x474) +[??227.781201]??r10:ee1cdd78 r9:c0fa7b80 r8:ef7dab80 r7:0000012c r6:00000040 r5:00000001 +[??227.789039]??r4:ef085710 +[??227.791593] [<c084a188>] (net_rx_action) from [<c012f2d4>] (__do_softirq+0x158/0x534) +[??227.799437]??r10:00000008 r9:ee1cc000 r8:c10ce568 r7:c100792c r6:c10247bd r5:00000003 +[??227.807275]??r4:c100208c +[??227.809824] [<c012f17c>] (__do_softirq) from [<c012fa68>] (irq_exit+0xec/0x168) +[??227.817147]??r10:c1007ea0 r9:ef010400 r8:00000001 r7:00000000 r6:c1007d3c r5:00000000 +[??227.824984]??r4:c0fa534c +[??227.827534] [<c012f97c>] (irq_exit) from [<c01883f4>] (__handle_domain_irq+0x74/0xe8) +[??227.835377] [<c0188380>] (__handle_domain_irq) from [<c01015fc>] (gic_handle_irq+0x58/0xbc) +[??227.843742]??r9:f080b100 r8:c105ae80 r7:ee1cde80 r6:000003ff r5:000003eb r4:f080b10c +[??227.851498] [<c01015a4>] (gic_handle_irq) from [<c010daf0>] (__irq_svc+0x70/0x98) +[??227.858990] Exception stack(0xee1cde80 to 0xee1cdec8) +[??227.864056] de80: ee7a1140 00000001 00000000 000012a9 ee7a1140 ee9d9f10 ee76edc0 ee9d9f60 +[??227.872248] dea0: 00000000 ee9d9f10 00000010 ee1cdeec ee1cdeb8 ee1cded0 c038a77c c0389688 +[??227.880434] dec0: 60070013 ffffffff +[??227.883937]??r10:00000010 r9:ee1cc000 r8:00000000 r7:ee1cdeb4 r6:ffffffff r5:60070013 +[??227.891775]??r4:c0389688 +[??227.894327] [<c038a6f8>] (nfs_file_clear_open_context) from [<c03860e8>] (nfs_file_release+0x54/0x60) +[??227.903558]??r7:ee9a78a0 r6:ee68f010 r5:ee9d9f10 r4:ee76edc0 +[??227.909235] [<c0386094>] (nfs_file_release) from [<c0276cb4>] (__fput+0x94/0x1e0) +[??227.916734] [<c0276c20>] (__fput) from [<c0276e60>] (____fput+0x10/0x14) +[??227.923448]??r10:c10d4298 r9:00000000 r8:00000000 r7:ef2ed780 r6:ef2edc00 r5:c10d5180 +[??227.931286]??r4:ef2edbd4 +[??227.933839] [<c0276e50>] (____fput) from [<c014c534>] (task_work_run+0xc8/0xec) +[??227.941166] [<c014c46c>] (task_work_run) from [<c010c484>] (do_work_pending+0x12c/0x1c4) +[??227.949271]??r9:ee1cdfb0 r8:00000000 r7:00000000 r6:ee1cc000 r5:00000000 r4:00000000 +[??227.957029] [<c010c358>] (do_work_pending) from [<c0107c90>] (slow_work_pending+0xc/0x20) +[??227.965219]??r10:00000000 r9:ee1cc000 r8:c0107e24 r7:0000005b r6:b6f76568 r5:b6f741f0 +[??227.973058]??r4:b6f76904 Maybe the reason this reproduces easily in this particular setup is that ethernet causes lots of alignment faults? diff --git a/a/content_digest b/N2/content_digest index 3c58844..daa4ebf 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,38 +1,9 @@ "ref\020170615011203.144108-1-thgarnie@google.com\0" "ref\020170615011203.144108-2-thgarnie@google.com\0" - "From\0Leonard Crestez <leonard.crestez@nxp.com>\0" - "Subject\0[kernel-hardening] Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" + "From\0leonard.crestez@nxp.com (Leonard Crestez)\0" + "Subject\0[PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" "Date\0Tue, 18 Jul 2017 17:36:06 +0300\0" - "To\0Thomas Garnier <thgarnie@google.com>" - Thomas Gleixner <tglx@linutronix.de> - Ingo Molnar <mingo@redhat.com> - H . Peter Anvin <hpa@zytor.com> - Andy Lutomirski <luto@kernel.org> - Paolo Bonzini <pbonzini@redhat.com> - Rik van Riel <riel@redhat.com> - Oleg Nesterov <oleg@redhat.com> - Josh Poimboeuf <jpoimboe@redhat.com> - Petr Mladek <pmladek@suse.com> - Miroslav Benes <mbenes@suse.cz> - Kees Cook <keescook@chromium.org> - Al Viro <viro@zeniv.linux.org.uk> - Arnd Bergmann <arnd@arndb.de> - Dave Hansen <dave.hansen@intel.com> - David Howells <dhowells@redhat.com> - Russell King <linux@armlinux.org.uk> - Andy Lutomirski <luto@amacapital.net> - Will Drewry <wad@chromium.org> - Will Deacon <will.deacon@arm.com> - Catalin Marinas <catalin.marinas@arm.com> - Mark Rutland <mark.rutland@arm.com> - Pratyush Anand <panand@redhat.com> - " Chris Metcalf <cmetcalf@mellanox.com>\0" - "Cc\0linux-api@vger.kernel.org" - x86@kernel.org - linux-kernel@vger.kernel.org - linux-arm-kernel@lists.infradead.org - kernel-hardening@lists.openwall.com - " Octavian Purdila <octavian.purdila@nxp.com>\0" + "To\0linux-arm-kernel@lists.infradead.org\0" "\00:1\0" "b\0" "On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote:\n" @@ -57,20 +28,20 @@ "> \n" "> Based on next-20170609\n" "> ---\n" - "> \302\240arch/arm/include/asm/thread_info.h | 15 +++++++++------\n" - "> \302\240arch/arm/include/asm/uaccess.h\302\240\302\240\302\240\302\240\302\240|\302\240\302\2402 ++\n" - "> \302\240arch/arm/kernel/entry-common.S\302\240\302\240\302\240\302\240\302\240|\302\240\302\2409 +++++++--\n" - "> \302\240arch/arm/kernel/signal.c\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240|\302\240\302\2405 +++++\n" - "> \302\2404 files changed, 23 insertions(+), 8 deletions(-)\n" + "> ?arch/arm/include/asm/thread_info.h | 15 +++++++++------\n" + "> ?arch/arm/include/asm/uaccess.h?????|??2 ++\n" + "> ?arch/arm/kernel/entry-common.S?????|??9 +++++++--\n" + "> ?arch/arm/kernel/signal.c???????????|??5 +++++\n" + "> ?4 files changed, 23 insertions(+), 8 deletions(-)\n" "> \n" "> diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h\n" "> index 776757d1604a..1d468b527b7b 100644\n" "> --- a/arch/arm/include/asm/thread_info.h\n" "> +++ b/arch/arm/include/asm/thread_info.h\n" "> @@ -139,10 +139,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,\n" - "> \302\240#define TIF_NEED_RESCHED\t1\t/* rescheduling necessary */\n" - "> \302\240#define TIF_NOTIFY_RESUME\t2\t/* callback before returning to user */\n" - "> \302\240#define TIF_UPROBE\t\t3\t/* breakpointed or singlestepping */\n" + "> ?#define TIF_NEED_RESCHED\t1\t/* rescheduling necessary */\n" + "> ?#define TIF_NOTIFY_RESUME\t2\t/* callback before returning to user */\n" + "> ?#define TIF_UPROBE\t\t3\t/* breakpointed or singlestepping */\n" "> -#define TIF_SYSCALL_TRACE\t4\t/* syscall trace active */\n" "> -#define TIF_SYSCALL_AUDIT\t5\t/* syscall auditing active */\n" "> -#define TIF_SYSCALL_TRACEPOINT\t6\t/* syscall tracepoint instrumentation */\n" @@ -80,97 +51,97 @@ "> +#define TIF_SYSCALL_AUDIT\t6\t/* syscall auditing active */\n" "> +#define TIF_SYSCALL_TRACEPOINT\t7\t/* syscall tracepoint instrumentation */\n" "> +#define TIF_SECCOMP\t\t8\t/* seccomp syscall filtering active */\n" - "> \302\240\n" - "> \302\240#define TIF_NOHZ\t\t12\t/* in adaptive nohz mode */\n" - "> \302\240#define TIF_USING_IWMMXT\t17\n" + "> ?\n" + "> ?#define TIF_NOHZ\t\t12\t/* in adaptive nohz mode */\n" + "> ?#define TIF_USING_IWMMXT\t17\n" "> @@ -153,6 +154,7 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,\n" - "> \302\240#define _TIF_NEED_RESCHED\t(1 << TIF_NEED_RESCHED)\n" - "> \302\240#define _TIF_NOTIFY_RESUME\t(1 << TIF_NOTIFY_RESUME)\n" - "> \302\240#define _TIF_UPROBE\t\t(1 << TIF_UPROBE)\n" + "> ?#define _TIF_NEED_RESCHED\t(1 << TIF_NEED_RESCHED)\n" + "> ?#define _TIF_NOTIFY_RESUME\t(1 << TIF_NOTIFY_RESUME)\n" + "> ?#define _TIF_UPROBE\t\t(1 << TIF_UPROBE)\n" "> +#define _TIF_FSCHECK\t\t(1 << TIF_FSCHECK)\n" - "> \302\240#define _TIF_SYSCALL_TRACE\t(1 << TIF_SYSCALL_TRACE)\n" - "> \302\240#define _TIF_SYSCALL_AUDIT\t(1 << TIF_SYSCALL_AUDIT)\n" - "> \302\240#define _TIF_SYSCALL_TRACEPOINT\t(1 << TIF_SYSCALL_TRACEPOINT)\n" + "> ?#define _TIF_SYSCALL_TRACE\t(1 << TIF_SYSCALL_TRACE)\n" + "> ?#define _TIF_SYSCALL_AUDIT\t(1 << TIF_SYSCALL_AUDIT)\n" + "> ?#define _TIF_SYSCALL_TRACEPOINT\t(1 << TIF_SYSCALL_TRACEPOINT)\n" "> @@ -166,8 +168,9 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,\n" - "> \302\240/*\n" - "> \302\240 * Change these and you break ASM code in entry-common.S\n" - "> \302\240 */\n" + "> ?/*\n" + "> ? * Change these and you break ASM code in entry-common.S\n" + "> ? */\n" "> -#define _TIF_WORK_MASK\t\t(_TIF_NEED_RESCHED | _TIF_SIGPENDING | \\\n" - "> -\t\t\t\t\302\240_TIF_NOTIFY_RESUME | _TIF_UPROBE)\n" + "> -\t\t\t\t?_TIF_NOTIFY_RESUME | _TIF_UPROBE)\n" "> +#define _TIF_WORK_MASK\t\t(_TIF_NEED_RESCHED | _TIF_SIGPENDING |\t\\\n" - "> +\t\t\t\t\302\240_TIF_NOTIFY_RESUME | _TIF_UPROBE |\t\\\n" - "> +\t\t\t\t\302\240_TIF_FSCHECK)\n" - "> \302\240\n" - "> \302\240#endif /* __KERNEL__ */\n" - "> \302\240#endif /* __ASM_ARM_THREAD_INFO_H */\n" + "> +\t\t\t\t?_TIF_NOTIFY_RESUME | _TIF_UPROBE |\t\\\n" + "> +\t\t\t\t?_TIF_FSCHECK)\n" + "> ?\n" + "> ?#endif /* __KERNEL__ */\n" + "> ?#endif /* __ASM_ARM_THREAD_INFO_H */\n" "> diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h\n" "> index 2577405d082d..6cc882223e34 100644\n" "> --- a/arch/arm/include/asm/uaccess.h\n" "> +++ b/arch/arm/include/asm/uaccess.h\n" "> @@ -77,6 +77,8 @@ static inline void set_fs(mm_segment_t fs)\n" - "> \302\240{\n" - "> \302\240\tcurrent_thread_info()->addr_limit = fs;\n" - "> \302\240\tmodify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER);\n" + "> ?{\n" + "> ?\tcurrent_thread_info()->addr_limit = fs;\n" + "> ?\tmodify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER);\n" "> +\t/* On user-mode return, check fs is correct */\n" "> +\tset_thread_flag(TIF_FSCHECK);\n" - "> \302\240}\n" - "> \302\240\n" - "> \302\240#define segment_eq(a, b)\t((a) == (b))\n" + "> ?}\n" + "> ?\n" + "> ?#define segment_eq(a, b)\t((a) == (b))\n" "> diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S\n" "> index eb5cd77bf1d8..e33c32d56193 100644\n" "> --- a/arch/arm/kernel/entry-common.S\n" "> +++ b/arch/arm/kernel/entry-common.S\n" "> @@ -41,7 +41,9 @@ ret_fast_syscall:\n" - "> \302\240 UNWIND(.cantunwind\t)\n" - "> \302\240\tdisable_irq_notrace\t\t\t@ disable interrupts\n" - "> \302\240\tldr\tr1, [tsk, #TI_FLAGS]\t\t@ re-check for syscall tracing\n" + "> ? UNWIND(.cantunwind\t)\n" + "> ?\tdisable_irq_notrace\t\t\t@ disable interrupts\n" + "> ?\tldr\tr1, [tsk, #TI_FLAGS]\t\t@ re-check for syscall tracing\n" "> -\ttst\tr1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK\n" "> +\ttst\tr1, #_TIF_SYSCALL_WORK\n" "> +\tbne\tfast_work_pending\n" "> +\ttst\tr1, #_TIF_WORK_MASK\n" - "> \302\240\tbne\tfast_work_pending\n" - "> \302\240\n" - "> \302\240\t/* perform architecture specific actions before user return */\n" + "> ?\tbne\tfast_work_pending\n" + "> ?\n" + "> ?\t/* perform architecture specific actions before user return */\n" "> @@ -67,12 +69,15 @@ ret_fast_syscall:\n" - "> \302\240\tstr\tr0, [sp, #S_R0 + S_OFF]!\t@ save returned r0\n" - "> \302\240\tdisable_irq_notrace\t\t\t@ disable interrupts\n" - "> \302\240\tldr\tr1, [tsk, #TI_FLAGS]\t\t@ re-check for syscall tracing\n" + "> ?\tstr\tr0, [sp, #S_R0 + S_OFF]!\t@ save returned r0\n" + "> ?\tdisable_irq_notrace\t\t\t@ disable interrupts\n" + "> ?\tldr\tr1, [tsk, #TI_FLAGS]\t\t@ re-check for syscall tracing\n" "> -\ttst\tr1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK\n" "> +\ttst\tr1, #_TIF_SYSCALL_WORK\n" "> +\tbne\tfast_work_pending\n" "> +\ttst\tr1, #_TIF_WORK_MASK\n" - "> \302\240\tbeq\tno_work_pending\n" - "> \302\240 UNWIND(.fnend\t\t)\n" - "> \302\240ENDPROC(ret_fast_syscall)\n" - "> \302\240\n" - "> \302\240\t/* Slower path - fall through to work_pending */\n" + "> ?\tbeq\tno_work_pending\n" + "> ? UNWIND(.fnend\t\t)\n" + "> ?ENDPROC(ret_fast_syscall)\n" + "> ?\n" + "> ?\t/* Slower path - fall through to work_pending */\n" "> +fast_work_pending:\n" - "> \302\240#endif\n" - "> \302\240\n" - "> \302\240\ttst\tr1, #_TIF_SYSCALL_WORK\n" + "> ?#endif\n" + "> ?\n" + "> ?\ttst\tr1, #_TIF_SYSCALL_WORK\n" "> diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c\n" "> index 7b8f2141427b..3a48b54c6405 100644\n" "> --- a/arch/arm/kernel/signal.c\n" "> +++ b/arch/arm/kernel/signal.c\n" "> @@ -14,6 +14,7 @@\n" - "> \302\240#include \n" - "> \302\240#include \n" - "> \302\240#include \n" + "> ?#include \n" + "> ?#include \n" + "> ?#include \n" "> +#include \n" - "> \302\240\n" - "> \302\240#include \n" - "> \302\240#include \n" + "> ?\n" + "> ?#include \n" + "> ?#include \n" "> @@ -571,6 +572,10 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall)\n" - "> \302\240\t\302\240* Update the trace code with the current status.\n" - "> \302\240\t\302\240*/\n" - "> \302\240\ttrace_hardirqs_off();\n" + "> ?\t?* Update the trace code with the current status.\n" + "> ?\t?*/\n" + "> ?\ttrace_hardirqs_off();\n" "> +\n" "> +\t/* Check valid user FS if needed */\n" "> +\taddr_limit_user_check();\n" "> +\n" - "> \302\240\tdo {\n" - "> \302\240\t\tif (likely(thread_flags & _TIF_NEED_RESCHED)) {\n" - "> \302\240\t\t\tschedule();\n" + "> ?\tdo {\n" + "> ?\t\tif (likely(thread_flags & _TIF_NEED_RESCHED)) {\n" + "> ?\t\t\tschedule();\n" "\n" "This patch made it's way into linux-next next-20170717 and it seems to\n" "cause hangs when booting some boards over NFS (found via bisection). I\n" @@ -193,66 +164,66 @@ "to get a stack with a set_fs call from inside do_work_pending and got\n" "the following:\n" "\n" - "[\302\240\302\240227.582402] CPU: 0 PID: 829 Comm: sleep Not tainted 4.12.0-01057-g93af8f7-dirty #332\n" - "[\302\240\302\240227.590171] Hardware name: Freescale i.MX6 SoloLite (Device Tree)\n" - "[\302\240\302\240227.596275] Backtrace:\302\240\n" - "[\302\240\302\240227.598754] [<c010cbb4>] (dump_backtrace) from [<c010ce60>] (show_stack+0x18/0x1c)\n" - "[\302\240\302\240227.606339]\302\240\302\240r7:00000000 r6:60070113 r5:00000000 r4:c105a958\n" - "[\302\240\302\240227.612016] [<c010ce48>] (show_stack) from [<c0493498>] (dump_stack+0xb4/0xe8)\n" - "[\302\240\302\240227.619258] [<c04933e4>] (dump_stack) from [<c010c350>] (mydbg_set_fs+0x40/0x48)\n" - "[\302\240\302\240227.626671]\302\240\302\240r9:c08cf35c r8:ee1cda7c r7:ee1e3dce r6:bf000000 r5:00000000 r4:ffffe000\n" - "[\302\240\302\240227.634433] [<c010c310>] (mydbg_set_fs) from [<c021f0b8>] (__probe_kernel_read+0x44/0xd0)\n" - "[\302\240\302\240227.642629] [<c021f074>] (__probe_kernel_read) from [<c011b8d8>] (do_alignment+0x8c/0x75c)\n" - "[\302\240\302\240227.650909]\302\240\302\240r10:ef085000 r9:c08cf35c r8:00000001 r7:ee1e3dce r6:c011b84c r5:ee1cdbe0\n" - "[\302\240\302\240227.658748]\302\240\302\240r4:00000000 r3:00000000\n" - "[\302\240\302\240227.662338] [<c011b84c>] (do_alignment) from [<c0101394>] (do_DataAbort+0x40/0xc0)\n" - "[\302\240\302\240227.669921]\302\240\302\240r10:ef085000 r9:ee1cc000 r8:ee1cdbe0 r7:ee1e3dce r6:c011b84c r5:00000001\n" - "[\302\240\302\240227.677760]\302\240\302\240r4:c100dd3c\n" - "[\302\240\302\240227.680308] [<c0101354>] (do_DataAbort) from [<c010da44>] (__dabt_svc+0x64/0xa0)\n" - "[\302\240\302\240227.687714] Exception stack(0xee1cdbe0 to 0xee1cdc28)\n" - "[\302\240\302\240227.692780] dbe0: 9064a8c0 ee1e3de2 d82727d8 00000000 ee1b20c0 ee1e3dce 00000000 ef08572c\n" - "[\302\240\302\240227.700971] dc00: c0bb2034 c10c75ea ef085000 ee1cdc74 ee1cdc00 ee1cdc30 c01761a8 c08cf35c\n" - "[\302\240\302\240227.709158] dc20: 40070113 ffffffff\n" - "[\302\240\302\240227.712661]\302\240\302\240r8:c0bb2034 r7:ee1cdc14 r6:ffffffff r5:40070113 r4:c08cf35c\n" - "[\302\240\302\240227.719382] [<c08cf16c>] (inet_gro_receive) from [<c084a8ec>] (dev_gro_receive+0x2f0/0x618)\n" - "[\302\240\302\240227.727746]\302\240\302\240r10:ef085000 r9:00000001 r8:00000000 r7:ef085710 r6:c1008b88 r5:ee1b20c0\n" - "[\302\240\302\240227.735585]\302\240\302\240r4:c1009f78\n" - "[\302\240\302\240227.738132] [<c084a5fc>] (dev_gro_receive) from [<c084ac8c>] (napi_gro_receive+0x78/0x1f4)\n" - "[\302\240\302\240227.746410]\302\240\302\240r10:ef085000 r9:00000001 r8:c10d15ec r7:c100792c r6:ef085710 r5:c10c744e\n" - "[\302\240\302\240227.754249]\302\240\302\240r4:ee1b20c0\n" - "[\302\240\302\240227.756801] [<c084ac14>] (napi_gro_receive) from [<c06a2784>] (fec_enet_rx_napi+0x39c/0x988)\n" - "[\302\240\302\240227.765253]\302\240\302\240r9:00000001 r8:f0c8a960 r7:00000000 r6:00000000 r5:ef086000 r4:ee1b20c0\n" - "[\302\240\302\240227.773010] [<c06a23e8>] (fec_enet_rx_napi) from [<c084a3a4>] (net_rx_action+0x21c/0x474)\n" - "[\302\240\302\240227.781201]\302\240\302\240r10:ee1cdd78 r9:c0fa7b80 r8:ef7dab80 r7:0000012c r6:00000040 r5:00000001\n" - "[\302\240\302\240227.789039]\302\240\302\240r4:ef085710\n" - "[\302\240\302\240227.791593] [<c084a188>] (net_rx_action) from [<c012f2d4>] (__do_softirq+0x158/0x534)\n" - "[\302\240\302\240227.799437]\302\240\302\240r10:00000008 r9:ee1cc000 r8:c10ce568 r7:c100792c r6:c10247bd r5:00000003\n" - "[\302\240\302\240227.807275]\302\240\302\240r4:c100208c\n" - "[\302\240\302\240227.809824] [<c012f17c>] (__do_softirq) from [<c012fa68>] (irq_exit+0xec/0x168)\n" - "[\302\240\302\240227.817147]\302\240\302\240r10:c1007ea0 r9:ef010400 r8:00000001 r7:00000000 r6:c1007d3c r5:00000000\n" - "[\302\240\302\240227.824984]\302\240\302\240r4:c0fa534c\n" - "[\302\240\302\240227.827534] [<c012f97c>] (irq_exit) from [<c01883f4>] (__handle_domain_irq+0x74/0xe8)\n" - "[\302\240\302\240227.835377] [<c0188380>] (__handle_domain_irq) from [<c01015fc>] (gic_handle_irq+0x58/0xbc)\n" - "[\302\240\302\240227.843742]\302\240\302\240r9:f080b100 r8:c105ae80 r7:ee1cde80 r6:000003ff r5:000003eb r4:f080b10c\n" - "[\302\240\302\240227.851498] [<c01015a4>] (gic_handle_irq) from [<c010daf0>] (__irq_svc+0x70/0x98)\n" - "[\302\240\302\240227.858990] Exception stack(0xee1cde80 to 0xee1cdec8)\n" - "[\302\240\302\240227.864056] de80: ee7a1140 00000001 00000000 000012a9 ee7a1140 ee9d9f10 ee76edc0 ee9d9f60\n" - "[\302\240\302\240227.872248] dea0: 00000000 ee9d9f10 00000010 ee1cdeec ee1cdeb8 ee1cded0 c038a77c c0389688\n" - "[\302\240\302\240227.880434] dec0: 60070013 ffffffff\n" - "[\302\240\302\240227.883937]\302\240\302\240r10:00000010 r9:ee1cc000 r8:00000000 r7:ee1cdeb4 r6:ffffffff r5:60070013\n" - "[\302\240\302\240227.891775]\302\240\302\240r4:c0389688\n" - "[\302\240\302\240227.894327] [<c038a6f8>] (nfs_file_clear_open_context) from [<c03860e8>] (nfs_file_release+0x54/0x60)\n" - "[\302\240\302\240227.903558]\302\240\302\240r7:ee9a78a0 r6:ee68f010 r5:ee9d9f10 r4:ee76edc0\n" - "[\302\240\302\240227.909235] [<c0386094>] (nfs_file_release) from [<c0276cb4>] (__fput+0x94/0x1e0)\n" - "[\302\240\302\240227.916734] [<c0276c20>] (__fput) from [<c0276e60>] (____fput+0x10/0x14)\n" - "[\302\240\302\240227.923448]\302\240\302\240r10:c10d4298 r9:00000000 r8:00000000 r7:ef2ed780 r6:ef2edc00 r5:c10d5180\n" - "[\302\240\302\240227.931286]\302\240\302\240r4:ef2edbd4\n" - "[\302\240\302\240227.933839] [<c0276e50>] (____fput) from [<c014c534>] (task_work_run+0xc8/0xec)\n" - "[\302\240\302\240227.941166] [<c014c46c>] (task_work_run) from [<c010c484>] (do_work_pending+0x12c/0x1c4)\n" - "[\302\240\302\240227.949271]\302\240\302\240r9:ee1cdfb0 r8:00000000 r7:00000000 r6:ee1cc000 r5:00000000 r4:00000000\n" - "[\302\240\302\240227.957029] [<c010c358>] (do_work_pending) from [<c0107c90>] (slow_work_pending+0xc/0x20)\n" - "[\302\240\302\240227.965219]\302\240\302\240r10:00000000 r9:ee1cc000 r8:c0107e24 r7:0000005b r6:b6f76568 r5:b6f741f0\n" - "[\302\240\302\240227.973058]\302\240\302\240r4:b6f76904\n" + "[??227.582402] CPU: 0 PID: 829 Comm: sleep Not tainted 4.12.0-01057-g93af8f7-dirty #332\n" + "[??227.590171] Hardware name: Freescale i.MX6 SoloLite (Device Tree)\n" + "[??227.596275] Backtrace:?\n" + "[??227.598754] [<c010cbb4>] (dump_backtrace) from [<c010ce60>] (show_stack+0x18/0x1c)\n" + "[??227.606339]??r7:00000000 r6:60070113 r5:00000000 r4:c105a958\n" + "[??227.612016] [<c010ce48>] (show_stack) from [<c0493498>] (dump_stack+0xb4/0xe8)\n" + "[??227.619258] [<c04933e4>] (dump_stack) from [<c010c350>] (mydbg_set_fs+0x40/0x48)\n" + "[??227.626671]??r9:c08cf35c r8:ee1cda7c r7:ee1e3dce r6:bf000000 r5:00000000 r4:ffffe000\n" + "[??227.634433] [<c010c310>] (mydbg_set_fs) from [<c021f0b8>] (__probe_kernel_read+0x44/0xd0)\n" + "[??227.642629] [<c021f074>] (__probe_kernel_read) from [<c011b8d8>] (do_alignment+0x8c/0x75c)\n" + "[??227.650909]??r10:ef085000 r9:c08cf35c r8:00000001 r7:ee1e3dce r6:c011b84c r5:ee1cdbe0\n" + "[??227.658748]??r4:00000000 r3:00000000\n" + "[??227.662338] [<c011b84c>] (do_alignment) from [<c0101394>] (do_DataAbort+0x40/0xc0)\n" + "[??227.669921]??r10:ef085000 r9:ee1cc000 r8:ee1cdbe0 r7:ee1e3dce r6:c011b84c r5:00000001\n" + "[??227.677760]??r4:c100dd3c\n" + "[??227.680308] [<c0101354>] (do_DataAbort) from [<c010da44>] (__dabt_svc+0x64/0xa0)\n" + "[??227.687714] Exception stack(0xee1cdbe0 to 0xee1cdc28)\n" + "[??227.692780] dbe0: 9064a8c0 ee1e3de2 d82727d8 00000000 ee1b20c0 ee1e3dce 00000000 ef08572c\n" + "[??227.700971] dc00: c0bb2034 c10c75ea ef085000 ee1cdc74 ee1cdc00 ee1cdc30 c01761a8 c08cf35c\n" + "[??227.709158] dc20: 40070113 ffffffff\n" + "[??227.712661]??r8:c0bb2034 r7:ee1cdc14 r6:ffffffff r5:40070113 r4:c08cf35c\n" + "[??227.719382] [<c08cf16c>] (inet_gro_receive) from [<c084a8ec>] (dev_gro_receive+0x2f0/0x618)\n" + "[??227.727746]??r10:ef085000 r9:00000001 r8:00000000 r7:ef085710 r6:c1008b88 r5:ee1b20c0\n" + "[??227.735585]??r4:c1009f78\n" + "[??227.738132] [<c084a5fc>] (dev_gro_receive) from [<c084ac8c>] (napi_gro_receive+0x78/0x1f4)\n" + "[??227.746410]??r10:ef085000 r9:00000001 r8:c10d15ec r7:c100792c r6:ef085710 r5:c10c744e\n" + "[??227.754249]??r4:ee1b20c0\n" + "[??227.756801] [<c084ac14>] (napi_gro_receive) from [<c06a2784>] (fec_enet_rx_napi+0x39c/0x988)\n" + "[??227.765253]??r9:00000001 r8:f0c8a960 r7:00000000 r6:00000000 r5:ef086000 r4:ee1b20c0\n" + "[??227.773010] [<c06a23e8>] (fec_enet_rx_napi) from [<c084a3a4>] (net_rx_action+0x21c/0x474)\n" + "[??227.781201]??r10:ee1cdd78 r9:c0fa7b80 r8:ef7dab80 r7:0000012c r6:00000040 r5:00000001\n" + "[??227.789039]??r4:ef085710\n" + "[??227.791593] [<c084a188>] (net_rx_action) from [<c012f2d4>] (__do_softirq+0x158/0x534)\n" + "[??227.799437]??r10:00000008 r9:ee1cc000 r8:c10ce568 r7:c100792c r6:c10247bd r5:00000003\n" + "[??227.807275]??r4:c100208c\n" + "[??227.809824] [<c012f17c>] (__do_softirq) from [<c012fa68>] (irq_exit+0xec/0x168)\n" + "[??227.817147]??r10:c1007ea0 r9:ef010400 r8:00000001 r7:00000000 r6:c1007d3c r5:00000000\n" + "[??227.824984]??r4:c0fa534c\n" + "[??227.827534] [<c012f97c>] (irq_exit) from [<c01883f4>] (__handle_domain_irq+0x74/0xe8)\n" + "[??227.835377] [<c0188380>] (__handle_domain_irq) from [<c01015fc>] (gic_handle_irq+0x58/0xbc)\n" + "[??227.843742]??r9:f080b100 r8:c105ae80 r7:ee1cde80 r6:000003ff r5:000003eb r4:f080b10c\n" + "[??227.851498] [<c01015a4>] (gic_handle_irq) from [<c010daf0>] (__irq_svc+0x70/0x98)\n" + "[??227.858990] Exception stack(0xee1cde80 to 0xee1cdec8)\n" + "[??227.864056] de80: ee7a1140 00000001 00000000 000012a9 ee7a1140 ee9d9f10 ee76edc0 ee9d9f60\n" + "[??227.872248] dea0: 00000000 ee9d9f10 00000010 ee1cdeec ee1cdeb8 ee1cded0 c038a77c c0389688\n" + "[??227.880434] dec0: 60070013 ffffffff\n" + "[??227.883937]??r10:00000010 r9:ee1cc000 r8:00000000 r7:ee1cdeb4 r6:ffffffff r5:60070013\n" + "[??227.891775]??r4:c0389688\n" + "[??227.894327] [<c038a6f8>] (nfs_file_clear_open_context) from [<c03860e8>] (nfs_file_release+0x54/0x60)\n" + "[??227.903558]??r7:ee9a78a0 r6:ee68f010 r5:ee9d9f10 r4:ee76edc0\n" + "[??227.909235] [<c0386094>] (nfs_file_release) from [<c0276cb4>] (__fput+0x94/0x1e0)\n" + "[??227.916734] [<c0276c20>] (__fput) from [<c0276e60>] (____fput+0x10/0x14)\n" + "[??227.923448]??r10:c10d4298 r9:00000000 r8:00000000 r7:ef2ed780 r6:ef2edc00 r5:c10d5180\n" + "[??227.931286]??r4:ef2edbd4\n" + "[??227.933839] [<c0276e50>] (____fput) from [<c014c534>] (task_work_run+0xc8/0xec)\n" + "[??227.941166] [<c014c46c>] (task_work_run) from [<c010c484>] (do_work_pending+0x12c/0x1c4)\n" + "[??227.949271]??r9:ee1cdfb0 r8:00000000 r7:00000000 r6:ee1cc000 r5:00000000 r4:00000000\n" + "[??227.957029] [<c010c358>] (do_work_pending) from [<c0107c90>] (slow_work_pending+0xc/0x20)\n" + "[??227.965219]??r10:00000000 r9:ee1cc000 r8:c0107e24 r7:0000005b r6:b6f76568 r5:b6f741f0\n" + "[??227.973058]??r4:b6f76904\n" "\n" "Maybe the reason this reproduces easily in this particular setup is\n" "that ethernet causes lots of alignment faults?\n" @@ -261,4 +232,4 @@ "Regards,\n" Leonard -ce040e792ad743f212bf1882644b5534155601a2012e1289ccf6328dc99d35fb +5f3d4a772cb8a521ff85595eca05163e98851e2f0d05b3e4f61623cd29f2fc76
diff --git a/a/content_digest b/N3/content_digest index 3c58844..3c083fa 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -1,7 +1,7 @@ "ref\020170615011203.144108-1-thgarnie@google.com\0" "ref\020170615011203.144108-2-thgarnie@google.com\0" "From\0Leonard Crestez <leonard.crestez@nxp.com>\0" - "Subject\0[kernel-hardening] Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" + "Subject\0Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return\0" "Date\0Tue, 18 Jul 2017 17:36:06 +0300\0" "To\0Thomas Garnier <thgarnie@google.com>" Thomas Gleixner <tglx@linutronix.de> @@ -27,11 +27,11 @@ Mark Rutland <mark.rutland@arm.com> Pratyush Anand <panand@redhat.com> " Chris Metcalf <cmetcalf@mellanox.com>\0" - "Cc\0linux-api@vger.kernel.org" - x86@kernel.org - linux-kernel@vger.kernel.org - linux-arm-kernel@lists.infradead.org - kernel-hardening@lists.openwall.com + "Cc\0<linux-api@vger.kernel.org>" + <x86@kernel.org> + <linux-kernel@vger.kernel.org> + <linux-arm-kernel@lists.infradead.org> + <kernel-hardening@lists.openwall.com> " Octavian Purdila <octavian.purdila@nxp.com>\0" "\00:1\0" "b\0" @@ -261,4 +261,4 @@ "Regards,\n" Leonard -ce040e792ad743f212bf1882644b5534155601a2012e1289ccf6328dc99d35fb +f41cd1839b94912950ce4f735b2e12152a0de2e859cc4d77f359542df5ef3e02
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.