From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk,
Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: [ 73/83] s390/signal: set correct address space control
Date: Wed, 21 Nov 2012 16:42:35 -0800 [thread overview]
Message-ID: <20121122004220.511698934@linuxfoundation.org> (raw)
In-Reply-To: <20121122004212.371862690@linuxfoundation.org>
3.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
commit fa968ee215c0ca91e4a9c3a69ac2405aae6e5d2f upstream.
If user space is running in primary mode it can switch to secondary
or access register mode, this is used e.g. in the clock_gettime code
of the vdso. If a signal is delivered to the user space process while
it has been running in access register mode the signal handler is
executed in access register mode as well which will result in a crash
most of the time.
Set the address space control bits in the PSW to the default for the
execution of the signal handler and make sure that the previous
address space control is restored on signal return. Take care
that user space can not switch to the kernel address space by
modifying the registers in the signal frame.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/include/asm/compat.h | 2 +-
arch/s390/include/asm/ptrace.h | 4 ++--
arch/s390/kernel/compat_signal.c | 14 ++++++++++++--
arch/s390/kernel/signal.c | 14 ++++++++++++--
4 files changed, 27 insertions(+), 7 deletions(-)
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@@ -20,7 +20,7 @@
#define PSW32_MASK_CC 0x00003000UL
#define PSW32_MASK_PM 0x00000f00UL
-#define PSW32_MASK_USER 0x00003F00UL
+#define PSW32_MASK_USER 0x0000FF00UL
#define PSW32_ADDR_AMODE 0x80000000UL
#define PSW32_ADDR_INSN 0x7FFFFFFFUL
--- a/arch/s390/include/asm/ptrace.h
+++ b/arch/s390/include/asm/ptrace.h
@@ -238,7 +238,7 @@ typedef struct
#define PSW_MASK_EA 0x00000000UL
#define PSW_MASK_BA 0x00000000UL
-#define PSW_MASK_USER 0x00003F00UL
+#define PSW_MASK_USER 0x0000FF00UL
#define PSW_ADDR_AMODE 0x80000000UL
#define PSW_ADDR_INSN 0x7FFFFFFFUL
@@ -267,7 +267,7 @@ typedef struct
#define PSW_MASK_EA 0x0000000100000000UL
#define PSW_MASK_BA 0x0000000080000000UL
-#define PSW_MASK_USER 0x00003F0180000000UL
+#define PSW_MASK_USER 0x0000FF0180000000UL
#define PSW_ADDR_AMODE 0x0000000000000000UL
#define PSW_ADDR_INSN 0xFFFFFFFFFFFFFFFFUL
--- a/arch/s390/kernel/compat_signal.c
+++ b/arch/s390/kernel/compat_signal.c
@@ -309,6 +309,10 @@ static int restore_sigregs32(struct pt_r
regs->psw.mask = (regs->psw.mask & ~PSW_MASK_USER) |
(__u64)(regs32.psw.mask & PSW32_MASK_USER) << 32 |
(__u64)(regs32.psw.addr & PSW32_ADDR_AMODE);
+ /* Check for invalid user address space control. */
+ if ((regs->psw.mask & PSW_MASK_ASC) >= (psw_kernel_bits & PSW_MASK_ASC))
+ regs->psw.mask = (psw_user_bits & PSW_MASK_ASC) |
+ (regs->psw.mask & ~PSW_MASK_ASC);
regs->psw.addr = (__u64)(regs32.psw.addr & PSW32_ADDR_INSN);
for (i = 0; i < NUM_GPRS; i++)
regs->gprs[i] = (__u64) regs32.gprs[i];
@@ -481,7 +485,10 @@ static int setup_frame32(int sig, struct
/* Set up registers for signal handler */
regs->gprs[15] = (__force __u64) frame;
- regs->psw.mask |= PSW_MASK_BA; /* force amode 31 */
+ /* Force 31 bit amode and default user address space control. */
+ regs->psw.mask = PSW_MASK_BA |
+ (psw_user_bits & PSW_MASK_ASC) |
+ (regs->psw.mask & ~PSW_MASK_ASC);
regs->psw.addr = (__force __u64) ka->sa.sa_handler;
regs->gprs[2] = map_signal(sig);
@@ -549,7 +556,10 @@ static int setup_rt_frame32(int sig, str
/* Set up registers for signal handler */
regs->gprs[15] = (__force __u64) frame;
- regs->psw.mask |= PSW_MASK_BA; /* force amode 31 */
+ /* Force 31 bit amode and default user address space control. */
+ regs->psw.mask = PSW_MASK_BA |
+ (psw_user_bits & PSW_MASK_ASC) |
+ (regs->psw.mask & ~PSW_MASK_ASC);
regs->psw.addr = (__u64) ka->sa.sa_handler;
regs->gprs[2] = map_signal(sig);
--- a/arch/s390/kernel/signal.c
+++ b/arch/s390/kernel/signal.c
@@ -136,6 +136,10 @@ static int restore_sigregs(struct pt_reg
/* Use regs->psw.mask instead of psw_user_bits to preserve PER bit. */
regs->psw.mask = (regs->psw.mask & ~PSW_MASK_USER) |
(user_sregs.regs.psw.mask & PSW_MASK_USER);
+ /* Check for invalid user address space control. */
+ if ((regs->psw.mask & PSW_MASK_ASC) >= (psw_kernel_bits & PSW_MASK_ASC))
+ regs->psw.mask = (psw_user_bits & PSW_MASK_ASC) |
+ (regs->psw.mask & ~PSW_MASK_ASC);
/* Check for invalid amode */
if (regs->psw.mask & PSW_MASK_EA)
regs->psw.mask |= PSW_MASK_BA;
@@ -273,7 +277,10 @@ static int setup_frame(int sig, struct k
/* Set up registers for signal handler */
regs->gprs[15] = (unsigned long) frame;
- regs->psw.mask |= PSW_MASK_EA | PSW_MASK_BA; /* 64 bit amode */
+ /* Force default amode and default user address space control. */
+ regs->psw.mask = PSW_MASK_EA | PSW_MASK_BA |
+ (psw_user_bits & PSW_MASK_ASC) |
+ (regs->psw.mask & ~PSW_MASK_ASC);
regs->psw.addr = (unsigned long) ka->sa.sa_handler | PSW_ADDR_AMODE;
regs->gprs[2] = map_signal(sig);
@@ -346,7 +353,10 @@ static int setup_rt_frame(int sig, struc
/* Set up registers for signal handler */
regs->gprs[15] = (unsigned long) frame;
- regs->psw.mask |= PSW_MASK_EA | PSW_MASK_BA; /* 64 bit amode */
+ /* Force default amode and default user address space control. */
+ regs->psw.mask = PSW_MASK_EA | PSW_MASK_BA |
+ (psw_user_bits & PSW_MASK_ASC) |
+ (regs->psw.mask & ~PSW_MASK_ASC);
regs->psw.addr = (unsigned long) ka->sa.sa_handler | PSW_ADDR_AMODE;
regs->gprs[2] = map_signal(sig);
next prev parent reply other threads:[~2012-11-22 21:32 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-22 0:41 [ 00/83] 3.6.8-stable review Greg Kroah-Hartman
2012-11-22 0:41 ` [ 01/83] mm: bugfix: set current->reclaim_state to NULL while returning from kswapd() Greg Kroah-Hartman
2012-11-22 0:41 ` [ 02/83] libata-acpi: Fix NULL ptr derference in ata_acpi_dev_handle Greg Kroah-Hartman
2012-11-22 0:41 ` [ 03/83] xfs: drop buffer io reference when a bad bio is built Greg Kroah-Hartman
2012-11-22 0:41 ` [ 04/83] mac80211: sync acccess to tx_filtered/ps_tx_buf queues Greg Kroah-Hartman
2012-11-22 0:41 ` [ 05/83] mac80211: dont send null data packet when not associated Greg Kroah-Hartman
2012-11-22 0:41 ` [ 06/83] mac80211: call skb_dequeue/ieee80211_free_txskb instead of __skb_queue_purge Greg Kroah-Hartman
2012-11-22 0:41 ` [ 07/83] PCI/PM: Fix deadlock when unbinding device if parent in D3cold Greg Kroah-Hartman
2012-11-22 0:41 ` [ 08/83] PCI/PM: Resume device before shutdown Greg Kroah-Hartman
2012-11-22 0:41 ` [ 09/83] PCI/PM: Fix proc config reg access for D3cold and bridge suspending Greg Kroah-Hartman
2012-11-22 0:41 ` [ 10/83] fanotify: fix missing break Greg Kroah-Hartman
2012-11-22 0:41 ` [ 11/83] module: fix out-by-one error in kallsyms Greg Kroah-Hartman
2012-11-23 10:35 ` satoru takeuchi
2012-11-26 18:43 ` Greg Kroah-Hartman
2012-12-03 0:04 ` Rusty Russell
2012-11-22 0:41 ` [ 12/83] virtio: Dont access index after unregister Greg Kroah-Hartman
2012-11-22 0:41 ` [ 13/83] cifs: fix potential buffer overrun in cifs.idmap handling code Greg Kroah-Hartman
2012-11-22 0:41 ` [ 14/83] cifs: Do not lookup hashed negative dentry in cifs_atomic_open Greg Kroah-Hartman
2012-11-22 0:41 ` [ 15/83] crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent data corruption Greg Kroah-Hartman
2012-11-22 0:41 ` Greg Kroah-Hartman
2012-11-22 0:41 ` [ 16/83] ARM: at91/AT91SAM9G45: fix crypto peripherals irq issue due to sparse irq support Greg Kroah-Hartman
2012-11-22 0:41 ` [ 17/83] ptp: update adjfreq callback description Greg Kroah-Hartman
2012-11-22 0:41 ` [ 18/83] ALSA: hda: Cirrus: Fix coefficient index for beep configuration Greg Kroah-Hartman
2012-11-22 0:41 ` [ 19/83] ALSA: HDA: Fix digital microphone on CS420x Greg Kroah-Hartman
2012-11-22 0:41 ` [ 20/83] ALSA: hda - Force to reset IEC958 status bits for AD codecs Greg Kroah-Hartman
2012-11-22 0:41 ` [ 21/83] ALSA: hda - Fix empty DAC filling in patch_via.c Greg Kroah-Hartman
2012-11-22 0:41 ` [ 22/83] ALSA: hda - Fix invalid connections in VT1802 codec Greg Kroah-Hartman
2012-11-22 0:41 ` [ 23/83] ALSA: hda - Improve HP depop when system enter to S3 Greg Kroah-Hartman
2012-11-22 0:41 ` [ 24/83] ALSA: hda - Add new codec ALC668 and ALC900 (default name ALC1150) Greg Kroah-Hartman
2012-11-22 0:41 ` [ 25/83] ALSA: hda - Add a missing quirk entry for iMac 9,1 Greg Kroah-Hartman
2012-11-22 0:41 ` [ 26/83] ASoC: wm8978: pll incorrectly configured when codec is master Greg Kroah-Hartman
2012-11-22 0:41 ` [ 27/83] ASoC: cs42l52: fix the return value of cs42l52_set_fmt() Greg Kroah-Hartman
2012-11-22 0:41 ` [ 28/83] ASoC: dapm: Use card_list during DAPM shutdown Greg Kroah-Hartman
2012-11-22 0:41 ` [ 29/83] ASoC: core: Double control update err for snd_soc_put_volsw_sx Greg Kroah-Hartman
2012-11-22 0:41 ` [ 30/83] UBIFS: fix mounting problems after power cuts Greg Kroah-Hartman
2012-11-22 0:41 ` [ 31/83] UBIFS: introduce categorized lprops counter Greg Kroah-Hartman
2012-11-22 0:41 ` [ 32/83] pstore: Fix NULL pointer dereference in console writes Greg Kroah-Hartman
2012-11-22 0:41 ` [ 33/83] regulator: fix voltage check in regulator_is_supported_voltage() Greg Kroah-Hartman
2012-11-22 0:41 ` [ 34/83] i2c-mux-pinctrl: Fix probe error path Greg Kroah-Hartman
2012-11-22 0:41 ` [ 35/83] ARM: imx: ehci: fix host power mask bit Greg Kroah-Hartman
2012-11-22 4:52 ` Michael D. Burkey
2012-11-26 18:44 ` Greg Kroah-Hartman
2012-11-26 19:17 ` Michael D. Burkey
2012-11-26 19:17 ` Michael D. Burkey
2012-11-22 0:41 ` [ 36/83] ARM: dt: tegra: fix length of pad control and mux registers Greg Kroah-Hartman
2012-11-22 0:41 ` [ 37/83] Revert "Staging: Android alarm: IOCTL command encoding fix" Greg Kroah-Hartman
2012-11-22 0:42 ` [ 38/83] s390/gup: add missing TASK_SIZE check to get_user_pages_fast() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 39/83] USB: keyspan: fix typo causing GPF on open Greg Kroah-Hartman
2012-11-22 0:42 ` [ 40/83] USB: usb_wwan: fix bulk-urb allocation Greg Kroah-Hartman
2012-11-22 0:42 ` [ 41/83] USB: option: add Novatel E362 and Dell Wireless 5800 USB IDs Greg Kroah-Hartman
2012-11-22 0:42 ` [ 42/83] USB: option: add Alcatel X220/X500D " Greg Kroah-Hartman
2012-11-22 0:42 ` [ 43/83] drm/i915/sdvo: clean up connectors on intel_sdvo_init() failures Greg Kroah-Hartman
2012-11-22 0:42 ` [ 44/83] drm/radeon: fix logic error in atombios_encoders.c Greg Kroah-Hartman
2012-11-22 0:42 ` [ 45/83] tmpfs: fix shmem_getpage_gfp() VM_BUG_ON Greg Kroah-Hartman
2012-11-22 0:42 ` [ 46/83] KVM: x86: Fix invalid secondary exec controls in vmx_cpuid_update() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 47/83] ttm: Clear the ttm page allocated from high memory zone correctly Greg Kroah-Hartman
2012-11-22 0:42 ` [ 48/83] memcg: oom: fix totalpages calculation for memory.swappiness==0 Greg Kroah-Hartman
2012-11-22 0:42 ` [ 49/83] memcg: fix hotplugged memory zone oops Greg Kroah-Hartman
2012-11-22 0:42 ` [ 50/83] iwlwifi: handle DMA mapping failures Greg Kroah-Hartman
2012-11-22 0:42 ` [ 51/83] wireless: allow 40 MHz on world roaming channels 12/13 Greg Kroah-Hartman
2012-11-22 0:42 ` [ 52/83] Bluetooth: Fix having bogus entries in mgmt_read_index_list reply Greg Kroah-Hartman
2012-11-22 0:42 ` [ 53/83] m68k: fix sigset_t accessor functions Greg Kroah-Hartman
2012-11-22 0:42 ` [ 54/83] ipv4: avoid undefined behavior in do_ip_setsockopt() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 55/83] ipv4/ip_vti.c: VTI fix post-decryption forwarding Greg Kroah-Hartman
2012-11-22 0:42 ` [ 56/83] ipv6: setsockopt(IPIPPROTO_IPV6, IPV6_MINHOPCOUNT) forgot to set return value Greg Kroah-Hartman
2012-11-22 0:42 ` [ 57/83] net: correct check in dev_addr_del() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 58/83] net-rps: Fix brokeness causing OOO packets Greg Kroah-Hartman
2012-11-22 0:42 ` [ 59/83] tcp: fix retransmission in repair mode Greg Kroah-Hartman
2012-11-22 0:42 ` [ 60/83] tcp: handle tcp_net_metrics_init() order-5 memory allocation failures Greg Kroah-Hartman
2012-11-22 0:42 ` [ 61/83] tmpfs: change final i_blocks BUG to WARNING Greg Kroah-Hartman
2012-11-22 0:42 ` [ 62/83] ALSA: usb-audio: Fix crash at re-preparing the PCM stream Greg Kroah-Hartman
2012-11-22 0:42 ` [ 63/83] GFS2: Dont call file_accessed() with a shared glock Greg Kroah-Hartman
2012-11-22 0:42 ` [ 64/83] r8169: use unlimited DMA burst for TX Greg Kroah-Hartman
2012-11-22 0:42 ` [ 65/83] xen/events: fix RCU warning, or Call idle notifier after irq_enter() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 66/83] SCSI: isci: Allow SSP tasks into the task management path Greg Kroah-Hartman
2012-11-22 0:42 ` [ 67/83] tg3: unconditionally select HWMON support when tg3 is enabled Greg Kroah-Hartman
2012-11-22 0:42 ` [ 68/83] r8169: Fix WoL on RTL8168d/8111d Greg Kroah-Hartman
2012-11-22 0:42 ` [ 69/83] r8169: allow multicast packets on sub-8168f chipset Greg Kroah-Hartman
2012-11-22 0:42 ` [ 70/83] netfilter: nf_nat: dont check for port change on ICMP tuples Greg Kroah-Hartman
2012-11-22 0:42 ` [ 71/83] netfilter: xt_TEE: dont use destination address found in header Greg Kroah-Hartman
2012-11-22 0:42 ` [ 72/83] netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper Greg Kroah-Hartman
2012-11-22 0:42 ` Greg Kroah-Hartman [this message]
2012-11-22 0:42 ` [ 74/83] NFC: Use dynamic initialization for rwlocks Greg Kroah-Hartman
2012-11-22 0:42 ` [ 75/83] reiserfs: Fix lock ordering during remount Greg Kroah-Hartman
2012-11-22 0:42 ` [ 76/83] reiserfs: Protect reiserfs_quota_on() with write lock Greg Kroah-Hartman
2012-11-22 0:42 ` [ 77/83] reiserfs: Move quota calls out of " Greg Kroah-Hartman
2012-11-22 0:42 ` [ 78/83] reiserfs: Protect reiserfs_quota_write() with " Greg Kroah-Hartman
2012-11-22 0:42 ` [ 79/83] intel-iommu: Fix lookup in add device Greg Kroah-Hartman
2012-11-22 0:42 ` [ 80/83] selinux: fix sel_netnode_insert() suspicious rcu dereference Greg Kroah-Hartman
2012-11-22 0:42 ` [ 81/83] ACPI video: Ignore errors after _DOD evaluation Greg Kroah-Hartman
2012-11-22 20:40 ` Christoph Biedl
2012-11-22 21:27 ` Greg KH
2012-11-22 0:42 ` [ 82/83] Revert "serial: omap: fix software flow control" Greg Kroah-Hartman
2012-11-22 0:42 ` [ 83/83] ext4: fix metadata checksum calculation for the superblock Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121122004220.511698934@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=schwidefsky@de.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.